Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ggjLV4w8Ya.exe

Overview

General Information

Sample name:ggjLV4w8Ya.exe
renamed because original name is a hash value
Original sample name:83600bb9bb3eba4ca5d64a300bcdb8bc9c988570f5acdb6aecae77f4f75d2e68.exe
Analysis ID:1447458
MD5:9251dd806a703d4a6b388e504e5020f3
SHA1:a9c78679a7effe14bac6b0fe440af504c50d7d1f
SHA256:83600bb9bb3eba4ca5d64a300bcdb8bc9c988570f5acdb6aecae77f4f75d2e68
Tags:exelockbit
Infos:

Detection

LockBit ransomware
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Yara detected LockBit ransomware
AI detected suspicious sample
Changes the wallpaper picture
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Deletes itself after installation
Found Tor onion address
Found potential ransomware demand text
Hides threads from debuggers
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Writes to foreign memory regions
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Potentially Suspicious Desktop Background Change Via Registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • ggjLV4w8Ya.exe (PID: 5172 cmdline: "C:\Users\user\Desktop\ggjLV4w8Ya.exe" MD5: 9251DD806A703D4A6B388E504E5020F3)
    • B875.tmp (PID: 2132 cmdline: "C:\ProgramData\B875.tmp" MD5: 294E9F64CB1642DD89229FFF0592856B)
      • cmd.exe (PID: 5652 cmdline: "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B875.tmp >> NUL MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
{"URL": "http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion", "Ransom Note": "\r\n~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~\r\n\r\n>>>>> Your data is stolen and encrypted.\r\n\r\nBLOG Tor Browser Links:\r\nhttp://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/\r\nhttp://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/\r\nhttp://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/\r\nhttp://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/\r\nhttp://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/\r\nhttp://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/\r\nhttp://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/\r\n\r\n>>>>> What guarantee is there that we won't cheat you? \r\nWe are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situation simply as a paid training session for your system administrators, because it was the misconfiguration of your corporate network that allowed us to attack you. Our pentesting services should be paid for the same way you pay your system administrators salaries. You can get more information about us on Ilon Musk's Twitter https://twitter.com/hashtag/lockbit?f=live\r\n \r\n>>>>> You need to contact us on TOR darknet sites with your personal ID\r\n\r\nDownload and install Tor Browser https://www.torproject.org/\r\nWrite to the chat room and wait for an answer, we'll guarantee a response from us. If you need a unique ID for correspondence with us that no one will know about, ask it in the chat, we will generate a secret chat for you and give you his ID via private one-time memos service, no one can find out this ID but you. Sometimes you will have to wait some time for our reply, this is because we have a lot of work and we attack hundreds of companies around the world.\r\n\r\nTor Browser personal link for CHAT available only to you (available during a ddos attack): \r\nhttp://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion\r\n\r\nTor Browser Links for CHAT (sometimes unavailable due to ddos attacks):\r\nhttp://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion\r\nhttp://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion\r\nhttp://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion\r\nhttp://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion\r\nhttp://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion\r\nhttp://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion\r\nhttp://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion\r\n\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n>> Your personal Black ID: F7EA81C1375FE40704B7DA828BCAC26C <<\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n\r\n>>>>> Warning! Do not delete or modify encrypted files, it will lead to problems with decryption of files!\r\n\r\n>>>>> Don't go to the police or the FBI for help and don't tell anyone that we attacked you. "}
SourceRuleDescriptionAuthorStrings
ggjLV4w8Ya.exeJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
    ggjLV4w8Ya.exeWindows_Ransomware_Lockbit_369e1e94unknownunknown
    • 0x1a21d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
    • 0x4b0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
    SourceRuleDescriptionAuthorStrings
    C:\$WinREAgent\NOokKHoMb.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
      C:\$WinREAgent\NOokKHoMb.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
        C:\$WinREAgent\NOokKHoMb.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
          C:\$WinREAgent\NOokKHoMb.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
            C:\$WinREAgent\NOokKHoMb.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
              Click to see the 42 entries
              SourceRuleDescriptionAuthorStrings
              00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                  00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
                  • 0x1a41d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
                  • 0xb0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
                  00000000.00000000.1612140330.0000000000451000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                    00000000.00000000.1612140330.0000000000451000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
                    • 0x1a41d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
                    • 0xb0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
                    Click to see the 5 entries
                    SourceRuleDescriptionAuthorStrings
                    0.0.ggjLV4w8Ya.exe.450000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                      0.0.ggjLV4w8Ya.exe.450000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
                      • 0x1a21d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
                      • 0x4b0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
                      0.2.ggjLV4w8Ya.exe.450000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                        0.2.ggjLV4w8Ya.exe.450000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
                        • 0x1a21d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
                        • 0x4b0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...

                        System Summary

                        barindex
                        Source: Registry Key setAuthor: Nasreddine Bencherchali (Nextron Systems), Stephen Lincoln @slincoln-aiq (AttackIQ): Data: Details: C:\ProgramData\NOokKHoMb.bmp, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\ggjLV4w8Ya.exe, ProcessId: 5172, TargetObject: HKEY_CURRENT_USER\Control Panel\Desktop\WallPaper
                        No Snort rule has matched

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Source: ggjLV4w8Ya.exeAvira: detected
                        Source: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/Avira URL Cloud: Label: malware
                        Source: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/Avira URL Cloud: Label: malware
                        Source: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/Avira URL Cloud: Label: malware
                        Source: C:\ProgramData\B875.tmpAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
                        Source: NOokKHoMb.README.txt17.0.drMalware Configuration Extractor: Lockbit {"URL": "http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion", "Ransom Note": "\r\n~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~\r\n\r\n>>>>> Your data is stolen and encrypted.\r\n\r\nBLOG Tor Browser Links:\r\nhttp://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/\r\nhttp://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/\r\nhttp://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/\r\nhttp://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/\r\nhttp://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/\r\nhttp://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/\r\nhttp://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/\r\n\r\n>>>>> What guarantee is there that we won't cheat you? \r\nWe are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situation simply as a paid training session for your system administrators, because it was the misconfiguration of your corporate network that allowed us to attack you. Our pentesting services should be paid for the same way you pay your system administrators salaries. You can get more information about us on Ilon Musk's Twitter https://twitter.com/hashtag/lockbit?f=live\r\n \r\n>>>>> You need to contact us on TOR darknet sites with your personal ID\r\n\r\nDownload and install Tor Browser https://www.torproject.org/\r\nWrite to the chat room and wait for an answer, we'll guarantee a response from us. If you need a unique ID for correspondence with us that no one will know about, ask it in the chat, we will generate a secret chat for you and give you his ID via private one-time memos service, no one can find out this ID but you. Sometimes you will have to wait some time for our reply, this is because we have a lot of work and we attack hundreds of companies around the world.\r\n\r\nTor Browser personal link for CHAT available only to you (available during a ddos attack): \r\nhttp://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion\r\n\r\nTor Browser Links for CHAT (sometimes unavailable due to ddos attacks):\r\nhttp://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion\r\nhttp://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion\r\nhttp://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion\r\nhttp://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion\r\nhttp://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion\r\nhttp://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion\r\nhttp://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion\r\n\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n>> Your personal Black ID: F7EA81C1375FE40704
                        Source: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/Virustotal: Detection: 9%Perma Link
                        Source: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/Virustotal: Detection: 5%Perma Link
                        Source: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/Virustotal: Detection: 6%Perma Link
                        Source: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/Virustotal: Detection: 5%Perma Link
                        Source: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/Virustotal: Detection: 7%Perma Link
                        Source: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/Virustotal: Detection: 11%Perma Link
                        Source: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/Virustotal: Detection: 5%Perma Link
                        Source: C:\ProgramData\B875.tmpVirustotal: Detection: 82%Perma Link
                        Source: C:\ProgramData\B875.tmpReversingLabs: Detection: 83%
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.7% probability
                        Source: ggjLV4w8Ya.exeJoe Sandbox ML: detected
                        Source: ggjLV4w8Ya.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Videos\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Searches\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Saved Games\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Recent\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Pictures\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Pictures\Saved Pictures\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Pictures\Camera Roll\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\OneDrive\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Music\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Links\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Favorites\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Favorites\Links\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Downloads\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\ZTGJILHXQB\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\ZQIXMVQGAH\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\YPSIACHYXW\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\UMMBDNEQBN\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\SFPUSAFIOL\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\ONBQCLYSPU\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\NHPKIZUUSG\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\KATAXZVCPS\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\JSDNGYCOWY\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\FENIVHOIKN\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\AIXACVYBSB\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\ZTGJILHXQB\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\ZQIXMVQGAH\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\YPSIACHYXW\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\UMMBDNEQBN\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\SFPUSAFIOL\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\ONBQCLYSPU\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\NHPKIZUUSG\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\KATAXZVCPS\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\JSDNGYCOWY\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\FENIVHOIKN\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\DTBZGIOOSO\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\AIXACVYBSB\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Contacts\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\3D Objects\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\.ms-ad\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\$WinREAgent\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\$WinREAgent\Scratch\NOokKHoMb.README.txtJump to behavior
                        Source: ggjLV4w8Ya.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00459400 FindFirstFileExW,FindClose,0_2_00459400
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004594DC FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_004594DC
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00460DD4 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_00460DD4
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00457AA0 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00457AA0
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045BEB4 FindFirstFileExW,FindClose,0_2_0045BEB4
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045932C FindFirstFileExW,FindNextFileW,0_2_0045932C
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_0040227C FindFirstFileExW,3_2_0040227C
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,3_2_0040152C
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004592D8 GetLogicalDriveStringsW,GetDriveTypeW,0_2_004592D8

                        Networking

                        barindex
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onio
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: ggjLV4w8Ya.exe, 00000000.00000002.1719279625.00000000012AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/hashtag/lockbit?f=liv
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.drString found in binary or memory: https://twitter.com/hashtag/lockbit?f=live
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719279625.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.drString found in binary or memory: https://www.torproject.org/

                        Spam, unwanted Advertisements and Ransom Demands

                        barindex
                        Source: C:\Users\user\Documents\AIXACVYBSB\NOokKHoMb.README.txtDropped file: ~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~>>>>> Your data is stolen and encrypted.BLOG Tor Browser Links:http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/>>>>> What guarantee is there that we won't cheat you? We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situation simply as a paid training session for your system administrators, because it was the misconfiguration of your corporate network that allowed us to attack you. Our pentesting services should be paid for the same way you pay your system administrators salaries. You can get more information about us on Ilon Musk's Twitter https://twitter.com/hashtag/lockbit?f=live >>>>> You need to contact us on TOR darknet sites with your personal IDDownload and install Tor Browser https://www.torproject.org/Write to the chat room and wait for an answer, we'll guarantee a response from us. If you need a unique ID for correspondence with us that no one will know about, ask it in the chat, we will generate a secret chat for you and give you his ID via private one-time memos service, no one can find out this ID but you. Sometimes you will have to wait some time for our reply, this is because we have a lot of work and we attack hundreds of companies around the world.Tor Browser personal link for CHAT available only to you (available during a ddos attack): http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onionTor Browser Links for CHAT (sometimes unavailable due to ddos attacks):http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onionhttp://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onionhttp://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onionhttp://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onionhttp://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onionhttp://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onionhttp://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Your personal Black ID: F7EA81C1375FE40704B7DA828BCAC26C <<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Warning! Do not delete or modify encrypted files, it will lead to problems with decrJump to dropped file
                        Source: Yara matchFile source: ggjLV4w8Ya.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.ggjLV4w8Ya.exe.450000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.ggjLV4w8Ya.exe.450000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000000.1612140330.0000000000451000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: ggjLV4w8Ya.exe PID: 5172, type: MEMORYSTR
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: Yara matchFile source: C:\$WinREAgent\NOokKHoMb.README.txt, type: DROPPED
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeKey value created or modified: HKEY_CURRENT_USER\Control Panel\Desktop WallPaper C:\ProgramData\NOokKHoMb.bmpJump to behavior
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
                        Source: NOokKHoMb.README.txt17.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt33.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt41.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt32.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt38.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt30.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt43.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt26.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt16.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt14.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt6.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt23.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt28.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt13.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt39.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt22.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt9.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt0.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt45.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt2.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt25.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt21.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt24.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt18.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt37.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt19.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt3.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt34.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt29.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt8.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt20.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt7.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt10.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt44.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt35.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt11.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt36.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt15.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt31.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt1.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt40.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt42.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt27.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt12.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt5.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: NOokKHoMb.README.txt4.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile moved: C:\Users\user\Desktop\ONBQCLYSPU.pngJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile moved: C:\Users\user\Desktop\NWTVCDUMOB.mp3Jump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile moved: C:\Users\user\Desktop\KATAXZVCPS.jpgJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile moved: C:\Users\user\Desktop\NHPKIZUUSG\VLZDGUKUTZ.mp3Jump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile moved: C:\Users\user\Desktop\DTBZGIOOSO.pdfJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\Users\user\Documents\AIXACVYBSB\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\Users\user\Videos\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\Users\user\Searches\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\Users\user\Saved Games\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\Users\user\Recent\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\Users\user\Pictures\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\Users\user\Pictures\Saved Pictures\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\Users\user\Desktop\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile dropped: C:\Users\NOokKHoMb.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\ggjLV4w8Ya.exe entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\IIIIIIIIIIIIII (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy) entropy: 7.99711300764Jump to dropped file
                        Source: C:\ProgramData\B875.tmpFile created: C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy) entropy: 7.99711300764Jump to dropped file

                        System Summary

                        barindex
                        Source: ggjLV4w8Ya.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: 0.0.ggjLV4w8Ya.exe.450000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: 0.2.ggjLV4w8Ya.exe.450000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: 00000000.00000000.1612140330.0000000000451000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045FC5C SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,0_2_0045FC5C
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004584CC CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,0_2_004584CC
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00459C88 NtQuerySystemInformation,Sleep,0_2_00459C88
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045D494 NtQueryInformationToken,0_2_0045D494
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045E0AC CreateFileW,WriteFile,NtClose,WriteFile,WriteFile,WriteFile,0_2_0045E0AC
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045D554 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,0_2_0045D554
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045D1E0 NtSetInformationThread,NtClose,0_2_0045D1E0
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045B5FC NtQuerySystemInformation,0_2_0045B5FC
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045AD98 RtlAdjustPrivilege,NtSetInformationThread,0_2_0045AD98
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045FA44 NtTerminateProcess,0_2_0045FA44
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045D264 NtSetInformationThread,0_2_0045D264
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045E218 CreateFileW,WriteFile,RegCreateKeyExW,RegSetValueExW,RegCreateKeyExW,RegSetValueExW,SHChangeNotify,NtClose,0_2_0045E218
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00459EE8 NtQueryDefaultUILanguage,0_2_00459EE8
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00458AFC NtQueryInformationToken,0_2_00458AFC
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045D290 NtProtectVirtualMemory,0_2_0045D290
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045B6A4 NtClose,0_2_0045B6A4
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00468B04 CreateThread,CreateThread,NtTerminateThread,CreateThread,0_2_00468B04
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045FFD0 CreateThread,NtClose,0_2_0045FFD0
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00461F84 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtDuplicateObject,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_00461F84
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00459CD3 NtQuerySystemInformation,Sleep,0_2_00459CD3
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00459CBA NtQuerySystemInformation,Sleep,0_2_00459CBA
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045AD96 RtlAdjustPrivilege,NtSetInformationThread,0_2_0045AD96
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045B64E NtQuerySystemInformation,0_2_0045B64E
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045B635 NtQuerySystemInformation,0_2_0045B635
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_00402760 CreateFileW,ReadFile,NtClose,3_2_00402760
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,3_2_0040286C
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_00403478 SetThreadPriority,WriteFile,SetFilePointerEx,SetEndOfFile,NtClose,3_2_00403478
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,3_2_00402F18
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_0040362E GetLogicalDriveStringsW,GetDriveTypeW,CreateThread,NtClose,Sleep,RemoveDirectoryW,3_2_0040362E
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_00401DC2 NtProtectVirtualMemory,3_2_00401DC2
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_004031E0 NtClose,3_2_004031E0
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_00401D94 NtSetInformationThread,3_2_00401D94
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory,3_2_004016B4
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045C4AC: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,0_2_0045C4AC
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00459EE80_2_00459EE8
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004570940_2_00457094
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004603680_2_00460368
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00456B7F0_2_00456B7F
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00456B840_2_00456B84
                        Source: Joe Sandbox ViewDropped File: C:\ProgramData\B875.tmp 917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess token adjusted: SecurityJump to behavior
                        Source: ggjLV4w8Ya.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: ggjLV4w8Ya.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: 0.0.ggjLV4w8Ya.exe.450000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: 0.2.ggjLV4w8Ya.exe.450000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: 00000000.00000000.1612140330.0000000000451000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: B875.tmp.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: classification engineClassification label: mal100.rans.evad.winEXE@6/295@0/0
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_004032E8 SetThreadPriority,GetDiskFreeSpaceW,GetDiskFreeSpaceExW,GetTempFileNameW,CreateFileW,DeviceIoControl,CreateIoCompletionPort,3_2_004032E8
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\NOokKHoMb.README.txtJump to behavior
                        Source: C:\ProgramData\B875.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2696:120:WilError_03
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeMutant created: \Sessions\1\BaseNamedObjects\Global\98123a4597379ca3d6f10e9f1b5f0dc8
                        Source: C:\ProgramData\B875.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\ggjLV4w8Ya.exe "C:\Users\user\Desktop\ggjLV4w8Ya.exe"
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess created: C:\ProgramData\B875.tmp "C:\ProgramData\B875.tmp"
                        Source: C:\ProgramData\B875.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B875.tmp >> NUL
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess created: C:\ProgramData\B875.tmp "C:\ProgramData\B875.tmp"Jump to behavior
                        Source: C:\ProgramData\B875.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B875.tmp >> NULJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: wtsapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: netapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: samcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: logoncli.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: activeds.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: adsldpc.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: wsock32.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: gpedit.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: dssec.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: dsuiext.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: dsrole.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: ntdsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: authz.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: adsldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeSection loaded: textshaping.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: apphelp.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: ncrypt.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: ntasn1.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: windows.storage.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: wldp.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: uxtheme.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: propsys.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: profapi.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: edputil.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: urlmon.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: iertutil.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: srvcli.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: netutils.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: sspicli.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: wintypes.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: appresolver.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: slc.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: userenv.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: sppc.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\ProgramData\B875.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.iniJump to behavior
                        Source: ggjLV4w8Ya.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: ggjLV4w8Ya.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: ggjLV4w8Ya.exeStatic PE information: real checksum: 0x2ca4e should be: 0x2bccd
                        Source: B875.tmp.0.drStatic PE information: real checksum: 0x8fd0 should be: 0x4f26
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045544F push 0000006Ah; retf 0_2_004554C0
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00455451 push 0000006Ah; retf 0_2_004554C0
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004553E7 push 0000006Ah; retf 0_2_004554C0
                        Source: B875.tmp.0.drStatic PE information: section name: .text entropy: 7.985216639497568
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\ProgramData\B875.tmpJump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\ProgramData\B875.tmpJump to dropped file
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Videos\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Searches\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Saved Games\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Recent\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Pictures\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Pictures\Saved Pictures\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Pictures\Camera Roll\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\OneDrive\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Music\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Links\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Favorites\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Favorites\Links\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Downloads\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\ZTGJILHXQB\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\ZQIXMVQGAH\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\YPSIACHYXW\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\UMMBDNEQBN\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\SFPUSAFIOL\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\ONBQCLYSPU\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\NHPKIZUUSG\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\KATAXZVCPS\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\JSDNGYCOWY\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\FENIVHOIKN\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Documents\AIXACVYBSB\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\ZTGJILHXQB\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\ZQIXMVQGAH\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\YPSIACHYXW\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\UMMBDNEQBN\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\SFPUSAFIOL\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\ONBQCLYSPU\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\NHPKIZUUSG\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\KATAXZVCPS\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\JSDNGYCOWY\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\FENIVHOIKN\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\DTBZGIOOSO\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Desktop\AIXACVYBSB\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\Contacts\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\3D Objects\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\Users\user\.ms-ad\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\$WinREAgent\NOokKHoMb.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeFile created: C:\$WinREAgent\Scratch\NOokKHoMb.README.txtJump to behavior

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Source: C:\ProgramData\B875.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B875.tmp >> NUL
                        Source: C:\ProgramData\B875.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B875.tmp >> NULJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045AFF8 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,0_2_0045AFF8
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\B875.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004510B0 0_2_004510B0
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_00401E28 3_2_00401E28
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004510B0 rdtsc 0_2_004510B0
                        Source: C:\ProgramData\B875.tmp TID: 7068Thread sleep count: 38 > 30Jump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\ProgramData\B875.tmpFile Volume queried: C:\87B7076E FullSizeInformationJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00459400 FindFirstFileExW,FindClose,0_2_00459400
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004594DC FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_004594DC
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00460DD4 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_00460DD4
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00457AA0 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00457AA0
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045BEB4 FindFirstFileExW,FindClose,0_2_0045BEB4
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045932C FindFirstFileExW,FindNextFileW,0_2_0045932C
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_0040227C FindFirstFileExW,3_2_0040227C
                        Source: C:\ProgramData\B875.tmpCode function: 3_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,3_2_0040152C
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004592D8 GetLogicalDriveStringsW,GetDriveTypeW,0_2_004592D8
                        Source: B875.tmp, 00000003.00000002.2248887116.0000000000764000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: B875.tmp, 00000003.00000002.2248887116.0000000000764000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\D
                        Source: ggjLV4w8Ya.exe, 00000000.00000003.1660957857.000000000130C000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1660938204.0000000001306000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess information queried: ProcessInformationJump to behavior

                        Anti Debugging

                        barindex
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\B875.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004510B0 rdtsc 0_2_004510B0
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_0045789C LdrLoadDll,0_2_0045789C
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess token adjusted: DebugJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeMemory written: C:\ProgramData\B875.tmp base: 401000Jump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeProcess created: C:\ProgramData\B875.tmp "C:\ProgramData\B875.tmp"Jump to behavior
                        Source: C:\ProgramData\B875.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B875.tmp >> NULJump to behavior
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_004510B0 cpuid 0_2_004510B0
                        Source: C:\ProgramData\B875.tmpCode function: EntryPoint,ExitProcess,GetModuleHandleW,GetCommandLineW,GetModuleHandleA,GetCommandLineW,GetLocaleInfoW,GetLastError,FreeLibrary,FreeLibrary,GetProcAddress,CreateWindowExW,DefWindowProcW,GetWindowTextW,LoadMenuW,LoadMenuW,DefWindowProcW,SetTextColor,GetTextCharset,TextOutW,SetTextColor,GetTextColor,CreateFontW,GetTextColor,CreateDIBitmap,SelectObject,GetTextColor,CreateFontW,3_2_00403983
                        Source: C:\Users\user\Desktop\ggjLV4w8Ya.exeCode function: 0_2_00461F84 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtDuplicateObject,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_00461F84
                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                        DLL Side-Loading
                        112
                        Process Injection
                        1
                        Masquerading
                        OS Credential Dumping311
                        Security Software Discovery
                        Remote Services1
                        Archive Collected Data
                        1
                        Encrypted Channel
                        Exfiltration Over Other Network Medium2
                        Data Encrypted for Impact
                        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                        DLL Side-Loading
                        11
                        Virtualization/Sandbox Evasion
                        LSASS Memory11
                        Virtualization/Sandbox Evasion
                        Remote Desktop ProtocolData from Removable Media1
                        Proxy
                        Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)112
                        Process Injection
                        Security Account Manager1
                        Process Discovery
                        SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                        Obfuscated Files or Information
                        NTDS4
                        File and Directory Discovery
                        Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                        Software Packing
                        LSA Secrets123
                        System Information Discovery
                        SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        Indicator Removal
                        Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                        DLL Side-Loading
                        DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                        File Deletion
                        Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1447458 Sample: ggjLV4w8Ya.exe Startdate: 25/05/2024 Architecture: WINDOWS Score: 100 36 Multi AV Scanner detection for domain / URL 2->36 38 Found malware configuration 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 8 other signatures 2->42 8 ggjLV4w8Ya.exe 2 50 2->8         started        process3 file4 20 C:\ProgramData\B875.tmp, PE32 8->20 dropped 22 C:\Users\user\Videos22OokKHoMb.README.txt, ASCII 8->22 dropped 24 C:\Users\user\Searches24OokKHoMb.README.txt, ASCII 8->24 dropped 26 11 other malicious files 8->26 dropped 44 Found potential ransomware demand text 8->44 46 Found Tor onion address 8->46 48 Contains functionality to detect hardware virtualization (CPUID execution measurement) 8->48 50 5 other signatures 8->50 12 B875.tmp 3 8->12         started        signatures5 process6 file7 28 C:\Users\user\Desktop\ggjLV4w8Ya.exe, Sun 12->28 dropped 30 C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy), Sun 12->30 dropped 32 C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy), Sun 12->32 dropped 34 24 other malicious files 12->34 dropped 52 Antivirus detection for dropped file 12->52 54 Multi AV Scanner detection for dropped file 12->54 56 Contains functionality to detect hardware virtualization (CPUID execution measurement) 12->56 58 3 other signatures 12->58 16 cmd.exe 1 12->16         started        signatures8 process9 process10 18 conhost.exe 16->18         started       

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand
                        SourceDetectionScannerLabelLink
                        ggjLV4w8Ya.exe100%AviraBDS/ZeroAccess.Gen7
                        ggjLV4w8Ya.exe100%Joe Sandbox ML
                        SourceDetectionScannerLabelLink
                        C:\ProgramData\B875.tmp100%AviraTR/Crypt.ZPACK.Gen
                        C:\ProgramData\B875.tmp100%Joe Sandbox ML
                        C:\ProgramData\B875.tmp82%VirustotalBrowse
                        C:\ProgramData\B875.tmp83%ReversingLabsWin32.Trojan.Malgent
                        No Antivirus matches
                        No Antivirus matches
                        SourceDetectionScannerLabelLink
                        https://www.torproject.org/0%URL Reputationsafe
                        http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/0%Avira URL Cloudsafe
                        http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion0%Avira URL Cloudsafe
                        https://twitter.com/hashtag/lockbit?f=live0%Avira URL Cloudsafe
                        http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion0%Avira URL Cloudsafe
                        http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/0%Avira URL Cloudsafe
                        http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion1%VirustotalBrowse
                        http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion1%VirustotalBrowse
                        http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/9%VirustotalBrowse
                        http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/5%VirustotalBrowse
                        https://twitter.com/hashtag/lockbit?f=live0%VirustotalBrowse
                        http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/0%Avira URL Cloudsafe
                        http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/100%Avira URL Cloudmalware
                        http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/0%Avira URL Cloudsafe
                        http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion0%Avira URL Cloudsafe
                        https://twitter.com/hashtag/lockbit?f=liv0%Avira URL Cloudsafe
                        http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/100%Avira URL Cloudmalware
                        http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion0%Avira URL Cloudsafe
                        http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/7%VirustotalBrowse
                        http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion1%VirustotalBrowse
                        http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/5%VirustotalBrowse
                        http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onio0%Avira URL Cloudsafe
                        https://twitter.com/hashtag/lockbit?f=liv0%VirustotalBrowse
                        http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion0%Avira URL Cloudsafe
                        http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/100%Avira URL Cloudmalware
                        http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/7%VirustotalBrowse
                        http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion1%VirustotalBrowse
                        http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion0%Avira URL Cloudsafe
                        http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion0%Avira URL Cloudsafe
                        http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/12%VirustotalBrowse
                        http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/5%VirustotalBrowse
                        http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion1%VirustotalBrowse
                        http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion1%VirustotalBrowse
                        http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion1%VirustotalBrowse
                        No contacted domains info
                        NameSourceMaliciousAntivirus DetectionReputation
                        http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drtrue
                        • 9%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onionggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drtrue
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        https://twitter.com/hashtag/lockbit?f=liveggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.drtrue
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drtrue
                        • 5%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onionggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drtrue
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drtrue
                        • 5%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drtrue
                        • 7%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        unknown
                        http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drtrue
                        • 7%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onionggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drtrue
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        https://twitter.com/hashtag/lockbit?f=livggjLV4w8Ya.exe, 00000000.00000002.1719279625.00000000012AE000.00000004.00000020.00020000.00000000.sdmptrue
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drtrue
                        • 12%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        unknown
                        http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onionggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.drtrue
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        https://www.torproject.org/ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719279625.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.drtrue
                        • URL Reputation: safe
                        unknown
                        http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onioggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onionggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.drtrue
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/ggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.dr, NOokKHoMb.README.txt23.0.dr, NOokKHoMb.README.txt28.0.dr, NOokKHoMb.README.txt13.0.dr, NOokKHoMb.README.txt39.0.dr, NOokKHoMb.README.txt22.0.drtrue
                        • 5%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        unknown
                        http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onionggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drtrue
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onionggjLV4w8Ya.exe, 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718691200.00000000012D3000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1718887538.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1617699027.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000003.1711355468.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, ggjLV4w8Ya.exe, 00000000.00000002.1719365736.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, NOokKHoMb.README.txt17.0.dr, NOokKHoMb.README.txt33.0.dr, NOokKHoMb.README.txt41.0.dr, NOokKHoMb.README.txt32.0.dr, NOokKHoMb.README.txt38.0.dr, NOokKHoMb.README.txt30.0.dr, NOokKHoMb.README.txt43.0.dr, NOokKHoMb.README.txt26.0.dr, NOokKHoMb.README.txt16.0.dr, NOokKHoMb.README.txt14.0.dr, NOokKHoMb.README.txt6.0.drtrue
                        • 1%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        No contacted IP infos
                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1447458
                        Start date and time:2024-05-25 03:18:09 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 5m 1s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:11
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:ggjLV4w8Ya.exe
                        renamed because original name is a hash value
                        Original Sample Name:83600bb9bb3eba4ca5d64a300bcdb8bc9c988570f5acdb6aecae77f4f75d2e68.exe
                        Detection:MAL
                        Classification:mal100.rans.evad.winEXE@6/295@0/0
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 90
                        • Number of non-executed functions: 5
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, VSSVC.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtCreateKey calls found.
                        • Report size getting too big, too many NtEnumerateKey calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        TimeTypeDescription
                        21:19:55API Interceptor7x Sleep call for process: B875.tmp modified
                        No context
                        No context
                        No context
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\ProgramData\B875.tmpyEB1xvr2rZ.exeGet hashmaliciousLockBit ransomwareBrowse
                          71p2xmx6rP.exeGet hashmaliciousLockBit ransomwareBrowse
                            98ST13Qdiy.exeGet hashmaliciousLockBit ransomwareBrowse
                              c8JakemodH.exeGet hashmaliciousLockBit ransomwareBrowse
                                Document.doc.scr.exeGet hashmaliciousLockBit ransomware, TrojanRansomBrowse
                                  Rcqcps3y45.exeGet hashmaliciousLockBit ransomwareBrowse
                                    LBB.exeGet hashmaliciousLockBit ransomwareBrowse
                                      lockbit_unpacked.exeGet hashmaliciousLockBit ransomwareBrowse
                                        maXk5kqpyK.exeGet hashmaliciousLockBit ransomwareBrowse
                                          maXk5kqpyK.exeGet hashmaliciousLockBit ransomwareBrowse
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.534407294149397
                                            Encrypted:false
                                            SSDEEP:3:H5hk+jir1gXlTjCjh3jHA0J4Bp61Ftqlfs96i2Q5wB:/kqiAlvOhzg0JAUVqlfs96owB
                                            MD5:FDFF5D12C291E58DF3815FD0574D1503
                                            SHA1:50CBF9F926C2FF22A68E7BC4C0D59C875CD806B9
                                            SHA-256:ADFC4938359C4BDD69C5E5F522D7A7B890111D7F1A9809230D9553B8B8A48B6C
                                            SHA-512:628D4DCC376366F13AC42DDE21AF0881317E57E50245726F6B6F4FD03917E4C4B4DD1368EA0B147630777B8ECE756F86A68ABAAC5454C45945032AB4B1CD59B7
                                            Malicious:false
                                            Preview:..r..g..).....Y........|...../..j.::....2 ....7.J..'.{.R.....B.%....\.eA]...Ze.V.....4.....z.T...A.......{.lup...'..W...50.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.427628708794224
                                            Encrypted:false
                                            SSDEEP:3:FnZ0NxgOOUL2BIBt6fpkS2SpBKh/v6vG5X+SD1SNc7rKn:JIxYUUg0USpBKhnF5P1O
                                            MD5:65C388C6901ABAAA79BCDF6C236974CA
                                            SHA1:E52C00DDCB8DD4D4FA6F3A20D4281A210394735D
                                            SHA-256:3355552F640C8FDA782497B4CABD2E221EF0F88C5B8651E727BE06924E8F4E29
                                            SHA-512:69F9912A8F21317752717EB25F45EEF8877993E5F0782BFE6B90DFF0604A70747C92886134B95A29F72310CDD3E31067824CB947C2601269EE933DB0354EBE4A
                                            Malicious:false
                                            Preview:'#..|.l...ha?......Lr..h...:.({...h6..7d.>.............1.P.... .D........X..9......d..b.....C.!2q}..~.{.9...ZV........!.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.627430549963346
                                            Encrypted:false
                                            SSDEEP:3:E8c2yFV0Rh62g6tTrM3dblwIEFba7HCwqno8X9jOiCLWX6u6hNyXj+a:E3FV0Rh62jrM3p/EF+zdoOiC0p6hN8D
                                            MD5:DCB0DE15A787B24DAF2F1B74B5C49DEE
                                            SHA1:35D5A269B072FC088D50724DC827AD8B3A2760AB
                                            SHA-256:65342128D507EF726FC3D989D07617E9DA803F2B377064B856D0D00568DDC1D8
                                            SHA-512:F7F33306CC9EF85F38AEFD8EAD713746B76C64A84053CECEACEDAC5F85C039275100A3EDAE6F98FEFEBA3148EA2AB8FB5371F067143B17A45B6F81EFB2855466
                                            Malicious:false
                                            Preview:.j.OY9u...p.tj<.St."...|k.vY..A....kl4...Pf!.1. ~..I......2#..{.'.Dn...+...N.....h<..i....Z.....~...g...>{.h\o.b..\.[..'e..W
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Yara Hits:
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\NOokKHoMb.README.txt, Author: Joe Security
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):14336
                                            Entropy (8bit):7.4998500975364095
                                            Encrypted:false
                                            SSDEEP:384:5cFP7VtpK4p+31Mzh79W5vM+ZyUgGq4BtMvAxXCRsi:A7Vf9p+qQ02y5HW6kX
                                            MD5:294E9F64CB1642DD89229FFF0592856B
                                            SHA1:97B148C27F3DA29BA7B18D6AEE8A0DB9102F47C9
                                            SHA-256:917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
                                            SHA-512:B87D531890BF1577B9B4AF41DDDB2CDBBFA164CF197BD5987DF3A3075983645A3ACBA443E289B7BFD338422978A104F55298FBFE346872DE0895BDE44ADC89CF
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Avira, Detection: 100%
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: Virustotal, Detection: 82%, Browse
                                            • Antivirus: ReversingLabs, Detection: 83%
                                            Joe Sandbox View:
                                            • Filename: yEB1xvr2rZ.exe, Detection: malicious, Browse
                                            • Filename: 71p2xmx6rP.exe, Detection: malicious, Browse
                                            • Filename: 98ST13Qdiy.exe, Detection: malicious, Browse
                                            • Filename: c8JakemodH.exe, Detection: malicious, Browse
                                            • Filename: Document.doc.scr.exe, Detection: malicious, Browse
                                            • Filename: Rcqcps3y45.exe, Detection: malicious, Browse
                                            • Filename: LBB.exe, Detection: malicious, Browse
                                            • Filename: lockbit_unpacked.exe, Detection: malicious, Browse
                                            • Filename: maXk5kqpyK.exe, Detection: malicious, Browse
                                            • Filename: maXk5kqpyK.exe, Detection: malicious, Browse
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....YPb.................,...........9.......@....@..........................p.......................@......................A..P....`...............................@......................`@.......................@..`............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...`....P.......4..............@....rsrc........`.......6..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 16, image size 2621440, cbSize 2621494, bits offset 54
                                            Category:dropped
                                            Size (bytes):2621494
                                            Entropy (8bit):0.2070552830299633
                                            Encrypted:false
                                            SSDEEP:12:GKm71jTv37T1BNrdVRd3fF3bdJf7vhpnzBxD1fJ/tBfJvTLtFFdF9tlFNtnvDdFn:2
                                            MD5:46CFB9EBD3B96B05DBDBA1B56F9253EB
                                            SHA1:9DAE3BF6AF6BA1AE6D8CBC49AC3EAE681A8A0C1A
                                            SHA-256:F629C1653A9BEF776BCCAA29A5915ACEB04C7F017D237B0D547875837C19B2B1
                                            SHA-512:B11FC9E2BBB25DD36AB892C93CF9E12343023D87221767245F38B9A21C6D3E0BC3CECAFEA96DFA9C9B98EC88CB4EA181E19D51F2B5B9FCE17C632E09395C5549
                                            Malicious:true
                                            Preview:BM6.(.....6...(.....................(...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                            Category:dropped
                                            Size (bytes):15086
                                            Entropy (8bit):4.262047636092361
                                            Encrypted:false
                                            SSDEEP:192:jpBaAlHSa2vU9G/8MMBD7O1lXFMB8VMJP7:jpjmkMYD7IFMRx7
                                            MD5:88D9337C4C9CFE2D9AFF8A2C718EC76B
                                            SHA1:CE9F87183A1148816A1F777BA60A08EF5CA0D203
                                            SHA-256:95E059EF72686460884B9AEA5C292C22917F75D56FE737D43BE440F82034F438
                                            SHA-512:ABAFEA8CA4E85F47BEFB5AA3EFEE9EEE699EA87786FAFF39EE712AE498438D19A06BB31289643B620CB8203555EA4E2B546EF2F10D3F0087733BC0CEACCBEAFD
                                            Malicious:false
                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):239
                                            Entropy (8bit):7.08788035390629
                                            Encrypted:false
                                            SSDEEP:6:usmQcYyOc+Fgg1qCTsvh3Ctr7PttkFi6ksI1AN:Tpu+agKh3sPfkFi62i
                                            MD5:68C3894A056622D43785148C49BB814C
                                            SHA1:1BE090D13B97C8D45DDF1E151CF5DC3849335260
                                            SHA-256:E11CF344F85BFE5E5B4F7289B72F93300631611F20277A596A470F4085C313F1
                                            SHA-512:21ABC69D31DF7053BA9AD027740AF9C269E71BCD59CC46F4E454923FCEED56F2062AFB56AC7D11B3F3CE5D7509366EA2A05288216022DF00C4227C1ED13DB834
                                            Malicious:false
                                            Preview:_ ...$...|h.x&..#....8....Q.-...=.N...+..d...J...W..t.........$...D.'......g.[......3.2@..X.1##.;..a.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.866293433421066
                                            Encrypted:false
                                            SSDEEP:24:Fv9W1G/5FlQokoLmSIRDx8mxhXtr5PyDi5rMRwgylyhHNuTFE/pg92fB62i:DWy5ISIRN8YtOerMdNgIuG62i
                                            MD5:EAADD25A7235D2693E07AD47F8998029
                                            SHA1:A0628F1B34CA01D71BAD0C0F6484CA372EFA545E
                                            SHA-256:5065839CEC61E672CE121DD527F7AA8862D820D78D9CDA9BA6DEDB558283ECEF
                                            SHA-512:32E5A4127844959A5C90AB8433D5AE14EA5FFF5CC698AE1A82478F3058373111B388BE81F25F49BED80CF5F035AD453D119CF4C62FD2365681F2872801883C36
                                            Malicious:false
                                            Preview:kP.......f{;....g_!+...$..:.....#.m..|.,..........,9..J....*[....5.xl.Hy.X.:v.C/F.TQ.?.V......-...n}.4.......[....ct....:%.I....*Jj.... ...F..y.o.-j....a....gW_^S.u\....~..>.9.oV....../..=m.Sa.RK.L.L.........K..n_.9.Z..........2.mkP..(c.(..bbV.......od7....zN*=...!..+.....?.u..e.+........1%..T....+_..s.2.}h.Kj..I.1p.C;].^@.(.@...p.. ...hy.(.......B....tx....3.u......:...7n....b<...Ru....YK...D....r.:....H`..-aA.......Kj.O[...s.8...<....Ep.....d.*.n..b.....N.'.5.^&D;..r.........^-..dC..\.-C.......t.R.".=.h.........>..T...~...........R...a...mUxD3...}..G.G..........7P...g.^...9n.*..2..L.~...Q.....:..2..`..1...8b....o%...O}....^I...F....k.>....J{..#jA.......X}.FA...k.:...*....Jt.....m.'.m........Y.!.9.X!V+..j........N.R..E....A{/n1..3x.Q..]TP?...s.....R>.>.....q.5...(L.....<..k..s..K..P.H..D..w5..y...Xl..Be...ch.....;..<.v......j.....C..<..TF...qg.r.*....o.Lh.>....i.Jx."Q.l.....8.NP.....w..c.O...sCRo-.m../..4.....+6...L...8...2
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.870890232287251
                                            Encrypted:false
                                            SSDEEP:24:WX4xF4IoZXQGjN8P7ckjsQDyHgcjSwOdtoYU5WRsGJfB62i:X6ZAG+mQDyHgcEto3Q62i
                                            MD5:EC546869A6096DAC80706F0122F4E617
                                            SHA1:99B265658BEC8A05A9327E7597D2BB818DE88A5B
                                            SHA-256:39F44FC033EDC60CD7D212E06A49D548AA94744490E8F8CDDB5EE6866CE7E545
                                            SHA-512:9D49310C376B855CEBBD279D4F495DC45764A01AF2FE772BB86024FFFA50D27DA395C67DAAD9D551272788149E1A510B54D2CFCB0F0D1128E6973AEA88A0522A
                                            Malicious:false
                                            Preview:...P...t..kY.G.i.P.7....~9.@.\...9y..~..3...(%5.s.y...d...... .;l..].... ...M.T...PN6 .....?...5.B.O.o..E..t.....>.5.c...._.....n&....U.4.P.=..%.....h.y.>..|-.|}...r....Li...C.f_...OQy?..\.....lB-....v......3Z@...]..Y.......q.,......Sol.W....AO...D...n..tU.S.n.A.!....c..I.X...%x..e..4...'0$.{.dc..z......&.7l..]....1.n.M._...KN<1.....1...2.O.N.~..F..|......5.!.t.........4....5i..."...........{.S..AFS..m....w.B6.a!..Q.r(x`Z.q........>....K2.....~}.%Q.9$b.e.g1.JZm^>7.!..k7..hP.....B:.;-..P]..3.H.P%5.@.......y{.X_..E..+7...`..|.Y.R...`.:a.2Wk.......#"p7.,T...Ba...3..... #..e.2%....(:+9.4.QD..?.%bk.M..............+.....|..$............f.I..C[V..l.....~.@-.z*..M.k#jpG.b........"....]5.....tc.$X.42o.g.z5.Y@p^)5.<..m0..dU.....T4.i...?=........&..M./@...-.:>U...2siV..F*:...xX......v&....$..J.4...]t.q.o.]Ua..k3..B.~....m..."v..ZF.b.B..?..r..N..I..W8i.e......h..=.=......`......s....p.....@.?..U.2.S.[.....x.,.chpY.==./.M...y.j..0l.....n..J.....'..u...^
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.832142423168335
                                            Encrypted:false
                                            SSDEEP:24:aFtcsBTO09o4Y1N1OWtZ+NioO1VPD5mxLUMQH21PCb8+/luaLEj9mi0JIafB62i:aFtdBTOGo4YLEFLO11ExLUA1q39qj9gY
                                            MD5:E37BE5F22BF64F117B52B379A639B101
                                            SHA1:43D2653360E39F0A016C5FD8F95F99DCA17E7618
                                            SHA-256:ECFC4F1DBD1D1050D738DD8E35D5B9B9532B3555C823CC01442F1487E21DE974
                                            SHA-512:8844598B05ED330790A87006D648656381ECD03A98F21FA832E5BC0EB51D7C5842DA1E909F16189EE7D9CFC2543CC631DDB18D9EF2EA1274CF630CEBE20E918F
                                            Malicious:false
                                            Preview:Yg..\9.. .UJ/dos.......Q........G.l.M|W.!.B%\.E<.u.d.,......;.?6.v0....."/..|.....8.....S.QTM..S5.Y.A...F-..u..J.R..TW9(.*9.l].EK..1.@./%'.......}.H).....T^...&..dN.}.....m...96or..j!\@.D%......+qQ.*k..(./..2..?....L.4Z...Z.L.6l.......d..J...1pgPa.:P6..:.\U#{{y......Q........K.d.LdK.8.E)V.J).~...1..a..$.>2..z0.......1>..u.....,.....F.PZM..T:.X.P...Z0..d..K.Y.D@5=.(.V..,.Y4.e.N.L.t.....Cx)....2:.S?..I.d..E.9R.."...7.v...W ....lo=.....".k....w..'..u..8....>...0k/;%.@-4.#.....^.....>..&+:..1.w.....E';....)...cF...U.7.....LD.J.A...C.zpB|1z|d........\..i3J~........8dbb@mm)V{D.a#.9.S.P:.t;lT.......*...._..0..F:.n.U.C.i.....Jx4..../=.I2..T.w..\.=O..%...,.x...G9......kf'.....5.v....x..-..t..5....1...#q2;2.F08.%.....F.....(..f.q.JJU............./y.UI ..=.w.x.8S....j ,....x........q{.."e.R...M.t.^@b .[.S.P*Vy.....7n.j..>..ej4...AY......Z...Q...*&m...N(s....C....r...,.x........84.B!p..#H...Q...VL.?ci..'....|.b`.0.f.0...`[..\."3Z..l...4.c.!..8...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.841105794521684
                                            Encrypted:false
                                            SSDEEP:24:Zdd0DWVj1LzGh1rb4rFm7XuAydc2ENB2xfTtUMbsQKkGakKUGvPfB62i:Zdd02q5bTX5wc92xpWQzW5+62i
                                            MD5:D897DB79AFAD0C184751EEDF6ED640E1
                                            SHA1:7312359E9E84550BBA1C0C82CB691BF027813029
                                            SHA-256:88CECF2B2609741A736035D13D6FC6DA6A8D37009E61AFFE011EA774C7DFE48D
                                            SHA-512:BA963208B55085D28760CD9625211B85A0319B1CA9A448D86DB7FCC4CE6BBE96B1C75F0D3B6C55930090AA52E0D60C80E4F8A158120CA01EA7824ECD812F705B
                                            Malicious:false
                                            Preview:..l.;e.......gc...n...X.M..P+....c.).=tM+>.a..d....v.......,...73Q.]$M......hPo......M.X.....vB...N..@..".......o}.xK;N1...1..Y..............d../[.........5[...U.cu...O..4.e....q<N.......:.B.Z...x.....w^........o&......{I.......ScG}e.....O.]...A.@....c.2d.......st...n...J.O..S3..$.s.5.(rN =.v..f..m.......<...0<D.G4J......r@f.....iW.M.....wY...[..Z..).......nr.cW4M:...)..JF....].1..\.d.3!..9...2.....ZO......r..^.A..&$$v..u....yQ...5$S..a......kP..q{24.d.g.'..).....?.R9._{l9it9.iFNCU.,.5(8J....D[.q......2..J...Q.=...k7....kPlWr.N..L. +}.k.8^.{...D..d...+:..3..t......|f.Z.."k:J=p......R.>..Bty..T.&.oZ5.}....dA...VM....E.;..Q.g.5,..*...".....ZU......v.Z.M.."!&k.......l\...4;G..i......rT..{f1:.z.{.$..&.. ..8.S;.W~o:ju#.y\IVR.8..)?K.w...l.A$.y....0..x..+|.x. .5....=.{.\.<.v.#.....X..\...'....[.......QH....Rc....=.....&..-...|.......[.8g-1d....<...|p4.d].>...@6..y..B.)8._/E@S4.f....`.......8(..w...W.NO.W....m.['O&.l..-.#6{6........u.E........J/..C.v.H..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.842309222933122
                                            Encrypted:false
                                            SSDEEP:24:wIy2sBAmwBnN+BDN++8XyKXW7rRqOumVJ82BvcMpjNfIVzlqn/fB62i:ny2smmM2EFXW7rRqO1DBkgjNfIVJqnhc
                                            MD5:D3341B18871099A891D3E3C971A345F4
                                            SHA1:FFF782FD1046FA717B1EB6CC43F4E24EEFB2496F
                                            SHA-256:0092FE2D77DDD765827A80E87A2C98972E529A220627D5161C43E0144A36BD9C
                                            SHA-512:2F5253E743F08B488629AE3C09BF39164234D3391B62BFFD65DCD4DD28724719C474D880AAFC58AA3B64D1AFBB5F2F794FBEC32FEBC2CFDF67E058637D2C81D4
                                            Malicious:false
                                            Preview:l..=.s.....f@5.:C`\me'[D.....zu......K.G....\.*.......~.......IZ..`'.}....v1.x.u.meCf."...evcC..Dt.K....P....Z.T.a...B..8t........pP7.al.%.E.7.....A.....j.S.<...H.U{.a...1S{..+2...|.^BU@'Y........\....y.mc...L...K..c...q.T..R....A...o.J R..4q.y9.h.....uE/..BbLt`?\O.....m|.......D.D....[.?......t.......]C..|(.`....o0.u.v.}f\o.!...r|aB..Gj.G....D....G.L.{...K..*}Y...^sd...u.........@..#.U..,........M.W.H..f.a......bW.B.|.'.H....V.4....iK<.%.Ee?8......a.?.s..g.(z....^..G.o...F.N:.<>...X@..f...z.(.(..Y.:d. '.......s.D..n..<......{..V.....".t...D.tE^.u.}....ka"....(.Y.!.32.v..T...w'...w..wM-...../cK...Si~...t.........^../.@..3.......8[.P.K..}.f......{E.I.y.9.Z....D.>....v_6.>.Oa+%......c.?.`...p.<r....F..Z.s...P..w.o^+RK#.!.@Q.......Mb.J..h...IN..b<..4,&O*4..KV.....Qzw..P./..7k=.6..;.....\"3.=?.!.E.QW....=.y.1..pY...d..- *-&...&.(..O...G.._.%.u....#.......^u...-._..!.z.!.e....R%.Kb"....z.........f>9Da.4}.N...gF;.=.(....-&....T-
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.831519028135285
                                            Encrypted:false
                                            SSDEEP:24:tu4dZ1exPpeqltfZp76MXKuUkwtTEFhIMMpwqtTUK3lfOkgrs1enLck7KefNnfBc:tujxPIqDfTX1/wtihIZwG5qA0Z7Kw62i
                                            MD5:584D4489E2304797BEB99F2A3FB0EB8B
                                            SHA1:DE1763F0B25312A78B089942E35C96A6164DACA0
                                            SHA-256:ED96D2739102F3744B54002BDD365D23423BE5C5F228B4FBF499A3A4C1EB93DC
                                            SHA-512:E08591AF1E60F0B21F341EC403B852975DA6D3DFC18AB00617494B102E530A5245444CB2BE5B3C04CACE507F115789506CD1886210F3ECC2AEF31CCE20E46382
                                            Malicious:false
                                            Preview:/..f.?Y..D....ON. g.j.+.=.%....)5_....A..S.1.......P.>TP....Z.^....f,m.>...^ya.Yq...VDp..O.c4...N4..gC`E....D.o~_W...(.I..m..;....H......k.....)..f..K...q.I.M.O...Y....'#.....i.aL..r...5IKJ.J.dK....)...J...k..8...8.~.Q.l..E...F...Wk{..9D..r.T...x.'5...p.:U..I....^\.)h.u~+.4.!... ?L....K..W.?.....\.8XV....I.V....r7|.+...P}x.Iv...PFn..Y.n/...^9..uPuI....L.`.S[...%.C..o....^Ro..a.?..:.../[..V.P..\..1...|h..QT.id.4&-....\R..?.....hm.x:..].*...P.....R..F..I.R...._.$.@Nj.V.h....t.=..v0.O.lO+..2..DJ.....:.....]U.Rc.J.\....>.3...+..kA.c/...V...m.[..%.....F.<".....c......).P..V.."...........7.I.K"1...nc^. ...?..uJ..=...b6....VWw..o.1..$...([..H.K..G..0....e.y_W.ei.4-'....T^..6.....q..r(..E.*...S.....T..Q..N.D....Y.8.PZk.@.n....z.:..e9.G.nJ?..8..I.T/.....@......e....,..5.oFj.i.e.....1..y.f.....|_5Z...|..g.K...A!.......D..}..7..3...I.P....1.......ma.>. a.Ge.P......8.A..KA..w."i./,N...u..)e....z?..)c.^@.Hp....Y.aK.b....7O.b.n..#.F.,|BM.Y84.Y..L...{...|8.2...j..L}.l5
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.845534051092631
                                            Encrypted:false
                                            SSDEEP:24:UNTqmaPRHM4S6NfVshK9QBTPdfMziehWcMasAkKl/fOB36trMRlC2fB62i:LmstM4Sids89I1/APkUOQrM162i
                                            MD5:CFE738C7FAC3135E85CA8C2DAFD555B3
                                            SHA1:409251B362B6FD072E7406F6F19C9B7DDBA7AE24
                                            SHA-256:CCDC4F691D18632A57BC85D1BC367B7A3C712C534484A7EDFDB65FA1ED615003
                                            SHA-512:63BD672A97003F5018C0C5134AC7CF6F5F2020792B48C5FA90F4A61C2A803F544A6D84B4F10D2C72784FAE57D974DE6F403CDA5A24A981E1B1B490AB0477CF31
                                            Malicious:false
                                            Preview:...T......6+S:...AW(....?.z..9.Z'.....?....f..X..7................o...'...g...V.B5..x...;....S....M....+Co..A?.~.w.J~.g.w.?<.y1..)...".O5.+....:.Y .IiU.U.iR..(..I^>#.+.........j=m<............n&'.=.7B..*......<.Q.@.M<..oE..h[...K...),..5.c..1..@......4$L=..GQ6....0.p....L!.....#....e..A../........#.....m...!.v...Y.[/..z...%....\....Z....,Gj..T..p.b._~.f.q..... ..._..I...v.....0.et....9.._...l+..D;t....x..ZB..Nr.b...... .$....[.......U.o.J,.Y.]....w./...U...:.y..M..#.....sE.$nG...<.f....g.....,.2..d.5V1...A.F...vG..'.%..-=....1.V.+k=H..2.{.C...........d9W.9....m.c:Q..ZcZ@..4m.P0..<...."..+.89........+...Y...V...k.....3.uc....6..X...j5.._4z....r..FT..Zh.j......&.*....[.......D.c.W/.L.N....q.9...Z...:.r..J..,.....`J.5vT..d<.....BYq..O.ag....I.OL..Q...<.b..h*..+.h._S....j.>7...}....Q\.i..1....?.m.-7G.....Tk....Y..vAH?.[c.P....8....{U.p...<&f.&%f.......b%Li.HT.>.yUl..Q$j.v&R#......(uq..(.~..A.[.....*...0.Rg.7.L<.z.1k.6.B.a.2...."..N...rt
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.837125812162684
                                            Encrypted:false
                                            SSDEEP:24:KLKxLNWR0tebCHRUoJF/TQrWvLmxacBaLoIJzkPFZ/kfB62i:eFRy4rcMEoP062i
                                            MD5:C3D96C93DF5C1D002F39FC206F9271F0
                                            SHA1:9D43C0F3F350FCBA7A45675C2F1AAE9DAED8586B
                                            SHA-256:3B7C022DA760FF0A8134E836C47860F8A60AF8BF640D0F2E6EC5EEB991D8772C
                                            SHA-512:0622F836F2D46901B5DC642F2E2DA2EB15C7AE278B7057FFA85B3365441EBCE60CB08D42C20ECAD6AB4BB052194FD871F9A612B3B3C619107FCC6D81FA1C7B4D
                                            Malicious:false
                                            Preview:.U. 9.?;.....+...-q... .D..a.... ..q.W.....a..1F.).?mc....hN.u.../...S...........6e....f....4.6...;...f]...=..E^.W.......K..C.2...C7 .{.M&..s1...+..L.u......1.|S.p...(p...R..7.1......t/e.@.......F.eg@KH.......1.W:.g.f4%.x....{..m.B.cJ....7p"...?s.J.>-.1"....."...+g...).M...~....;..p.J.....v..2K.0.$ta....{B.w...-...E...........;d..1.s....*.%...)./.xK...*..@S.U.......Q..Qe....i.5f.<.._..D.o..C.?.....$.>.^&..f.}.[..x...sY..@L..LX.....A...+....]..P....r.p.....^.W!....J.2.O.z6~A..........F..|cp.o.)b..[....|..7...F...un.C P....A....^......^...U..t%....i)..X...z$..\...N...d....[.~r.).,...F....|..=8..K.M.....)zdu....b.-|....V...E.m..P.!....$.+..C3..|.n.K..x...p^..DE.._S.....@...2....G..S....z.n.....Z.O7......D.>.].d6x]..........H..{.l..e#.\.......f..g..9&./...Y0...&.A(.....g.u5]6.......2.e.....@=...u....ZH...g..}\...Z).....>.q..V.a.M.l4|V.+.).6Xu.GC:. .)?R....(.bro@..2..^Z:......m.,}_..>.F...}.@....m...F....W....v..'.=...]L.5..=..9[...".0A.(.........
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.823455607688666
                                            Encrypted:false
                                            SSDEEP:24:DecGFBRX4SoDI7bDlV8rxOG65poTadilQsC5AdwnmIg7UQRfB62i:ycGFBeqbcgG65poa+TCee5gwQT62i
                                            MD5:853E02FA529740B198048BE8C0DCA5D8
                                            SHA1:DA75CA30723F043ED6CF319EF912BDA793A06598
                                            SHA-256:CE2D3663179E8B32509D57BEFAD7A46071DD172011A65FF5FA83B167E7C91763
                                            SHA-512:69C236A4BDABB6310DFBD3A479F105634B51165FE74123826F11725C25399AF35AF9BDA4D5B7FB5B7E9C2119C1F7635C5547801E7EEF4802C958386851E993E1
                                            Malicious:false
                                            Preview:.....Yc.K.v%!j..2q*mM...+.-..@..5..XZ...[@.\...]S.......xO.....;<.....fO.D.Y..a..{N....L....~{*........J.51.G.A...-Y.cN..SP....[...'=..jL.....q...\.P.......e.~h$.......{.D...a.......z=..2.....w.S.0...C....a..K....A...2j.Y.T.%.z.]E.BX..C...._M}^w......Wc.R.w'6}..'f8k_...1."..V..-..OH...A@.E...PK.......gM.....??.....X.\.S..p..cP..V...mx>........[. 6.].U...?V.lD..]Y.....vfH0.o.....2E.MU..5.P.e..f...?N.....G..VG... '......Qn./G.X..Z........n...$....r.;.Q..._G.b.,S..@,uA.={z..+.06.^....@.A..Z...=(.>..TJ\D.#%...t'....<...vn.Dm......4.;...Lu..|.........,]l.....ph.....F....H.hH~.@.IX...Q&.....[.....G..Z......xjK3.e.....;I.MM....4.L.r.&p...<P.....W..PZ...38....`.Sz..L.R..G.......6e...&....k.5.F...T[.u..N..U<bL.0|n..$.5&.Y....`@.0.....%..XxeP.......+..~."...$h..T.M&....Fr...6...j3z....}..o...<..$.brZ...dm..)..m......@. d..@.:?%.....].n*%=..N.T.Cl.:...LZ.....vEs"gE...8.8...6e/......w..F.M..bl<.....f...j..|2u..0....U......U)s.;q.6V...4.#.....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.83984564841776
                                            Encrypted:false
                                            SSDEEP:24:bGfns6IMHz4a9J1A8zgDR33esNjHi1b3Oie0Uzc8CM8dDAmZ4fB62i:s7IMTf1/LslPzK+Go62i
                                            MD5:D2681AD423F318DF0C39DEEF777B606B
                                            SHA1:3E99FA0B9F215F9C4634847C0578F8952C3DC7AD
                                            SHA-256:9B6BB9F68F1D46A8ECF484A4546E19F27790BA76526C8E8073B1023E8AFEC45A
                                            SHA-512:3C9619A9EC2597286CADBC6F8CCA6B46A7AE9F1FC121EE8B9B95E7CB8D5F1ABA279675BDA2ED37614D9429B63886F06D60E77CA1E281831225F067866DA68C9F
                                            Malicious:false
                                            Preview:f...T....9x.....)_hl..G;.8..cF( .mE.2TT)B(.q........Z.3H...C....@2.#.h.hy.j........[qH..v8.-U.}.Z.$../......S..f......M..$-.,\......O..+b,.T..3..0^..&QE.BPlLJ....C9>$W.%N7.&&.......m.8H..(.........1...H.8B.D....F..b!|....T...].....f.9.uj.[....i...C....<y.....<Hzj..B!.7...kI0&.gR.%YG3B4.p..........T.1I...C....O#.:.w.bs"j........K{^..u,.,K.}.V.!..;......Y..t......C....z.....5......r...P.,.M...S .F...`....U.yZ......,U>.l...X.drC}...E..8..r#......2.0U..i..S5.....T.....['...*../...`o-.q..6.o....^M.|...L:.<woK.e.h.j..h...y. ..^..el.T.......U..g..H....sg8..^.^..9.8.'.....X...u..i..w.&.m...0./%.$.p\....(l...y.....>......o...@.#.Q...[6._...~....E.k\.....$@5.z...L.eyGw...\..:..j(...... ..[..e..X).....A.....Z*...5..*...ju6.h>..0>...5...1.W.s.,......7._. o.0...+..u...*...$.E.......!..e.z.(=i..Q.BX_.9.E.Q`..A..O....M,G%.u.%...v...,..,...lhEk.k0Sr..$...2$..+..j..2.9I.Y......O.amB..s\.....^.y.f..-.YFR.>R%h.a."......11...!..b...>7.m!P8.Oy].AS.K...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.848494759172286
                                            Encrypted:false
                                            SSDEEP:24:Z6I83WqWZz1jT6Sb+QYnrzT1S4gJflEZ7T6bUTXLPi3VlSH7UpEJEfZ4fB62i:EGNZzNuSb+vJAkTS8K3Vl8wpEJ6Zo62i
                                            MD5:B1F0243D1B3E168B73A3399D62E82D04
                                            SHA1:9F4E673DD3E0B25D72DA61B7AB7A08CDE17959D2
                                            SHA-256:0B1AA9F0CA8922DB6CA1226F99E4E6849E00BE434E83B2E10FD598478391354E
                                            SHA-512:65E8F6E750EB8B0C4EFB77CEC0D162D6B8A55D389650B673D029D623BAD57C2085D08127918118E4FEB6D4A82F36798E8CF57881E724F53D7A7D1E84D4FFA1F4
                                            Malicious:false
                                            Preview:...]67....6...O..>.+...t.<K..b..........1{.C..i.....>.-%.%\\8.-.C!2..a.Z..\Z..%I.....Xb.T..tfg..Z..e.....3.....\..W.e!.c..b*.........(e.%.%.M......~......n..#..T...g.;.U1.O.Z.]_...6./..\........'+....c....-.^...vH.B....2Z.....t..H.i.?I.......J87....!...Z..8.$...y.9E..m........-b.@..q.....=.#:.$Z[+.).R.=..x.E.VV..9V....._x.^..wra..Z..`.....?.....S.$J.ky.....#..B...[5..%.A....<^O..........!b......Fz.].bg.u.}.\(..M.........l.zt..W8h}mXwh.9..93.|..4..P..(...u.fr/.}2...(.76.(Os..l..y1..~...<.(M..m...]..n.-.....}...*k..r.>...$....I..4E...."..1T(.T..`..VFB.8.".....F...3..hZ..W.^.......ZUM...=vK.z...&..A..._!.. .M.....3_P....w.....?|......Oh.@.j~.}.v.J7..Y.........d.e{..W0i.wNej.'...?.v.."..R..4...x.ku;.b=..7.=,.'.).......vgE..\s...F.....'+....HD.A...08.Q..m....mg..*..W....>,......\.f...zl.:.../.s<i...0....kOM:g.7..j.....c................[a;...........G.i.h....$7.]....V>....k*...L~&$j.n}..b)..*....x.......9.iEZOX..I.......r........
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.8459027024170185
                                            Encrypted:false
                                            SSDEEP:24:QKDhC6TUo/qf2d9fpc5NHt2K8uOBEHGwL3YqRLLx5XwVQ91jehP5fB62i:5jOf2d9fpwZt27GmwL/3sVQ9hAD62i
                                            MD5:C52466EAC2FFC7BF585F1C4DB62B0BF9
                                            SHA1:AB16160D2B7ED593CC8A94A0B4BDD13B0A5649A5
                                            SHA-256:0427A1DF2B493CF70DA17BB280E68A75277F3DA7CCDDF29829AF8784052724FD
                                            SHA-512:8C9315AFB964C5A8F3326CEF2E02BA5DF81490F04CF16333B3A91982F7230CA23195FB4080EEEB0218E022C2D6FDA62ED7168D455CB4A13745563A594551B709
                                            Malicious:false
                                            Preview:4.v.85......6..r<..^.....\.W.E....#.:,...@...C..B...C..g..c...Wi.'+.=.....I.;.2.Z(Jk."..R......2..s.!v...b..R.. ).x.m.e...8.@.z!...AQb...PT.;..P.h..:.h.MO...UFQ..n.[...Y...-.#\.=l?!J.(...y.=......>..s.\..u&4.7r...B*......7L...Y...,........VD....i..7.`. ......*...6..@......U.P.J...+.?7.M...L..I...R?.z..`...[u. ).;......E./.1.@+Pj.$..J......6..t.2|...c..T..:9.u.|.x....F.hW...\...I....Y.Rd..D....y1...1./.3....D....`.x....D.H8...y..v.I......It.[ E=E.".......t..F.Jk6.?..X..;&7.vF......L<...A..OGA39A.J.`fX..i...DX..g...[YY .WC..FnG...`........6{....O....".+.>m........4..o....xb.@.....Gq.br..........._.X7......a...N.sT...O...T....K.Bw..S....z2... .;. ....X....a.p....L.I>...w..m.U......W..O9L(_.".......l..I.@j8.-..I..+5+.{A......@:...VC..L.S......J{.>..........C..&.K6....X...".....\?...\V../......u.(!...>.S...O.}...Vx.....rW..|Y.R..g..P.~.....\.:r.#;..hv..^.|.x.7.....I.......0..hn...H.N.....y......4X[FD.S!.lP[.U......r.9.u........[f}..|A.o.D...Z..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:PGP symmetric key encrypted data -
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.852776890176718
                                            Encrypted:false
                                            SSDEEP:24:0oy0SfIs8pEZvXSGbggkv4KG2PLDaC6OzDHhf5pD5B2bdxHN4Cg0YIiXw8PfB62i:0oy3Is82dX3b+q2DDaIDHx5sDt410YIx
                                            MD5:25F0195A4819DBBC9FB28C4938F9EE35
                                            SHA1:17C6EE504DB528CFA1C68FB7214FB4117569E763
                                            SHA-256:A214FB2997B7DC5D72074CD9918CE0D061F10B566A2F82B3D205DB4194AC2C05
                                            SHA-512:4AA3B1D77A1BEF6AB4ACC218418E81F92C6948DAA21E66CA1DBD3708BB413AC32C59988804A724CAE1B5BF3D5BC581A9E3697E727ABDD3A4144DB26AD5F15C0A
                                            Malicious:false
                                            Preview:.;Y...f./.F......esI....U....:...C@.Z..W..{.*.....(.&S.`o4/@.h...\`.L.'....Q.5+.....3..F...?..8..s......',,&.......Z..VV..&0.....(G............nF.J..#8g.F`..C.y)O......5.@..z!...=hb.<..B....:...N|.^.}'JE..r...qK.N....'.....N.V_....N..x.....0A...j. .A......}bM....Y....3...BO.B..H..f.,......,.9[.gb)3Q.f...Mg.O.:....].7:....-..R...#..:..o......04=4/......W..XO...5..4. ....+.n.........3.5...Z-n8U.>~wd....*y...j=.....OQ.c.Jc.a:..P.K.5l.&.!....a..+.,:.N.]..+._......4.D...O.w..ls.J|...G^....LK.,@..5..EY....!*....\.j...h..T^.|....xR....k._a..d...g..DU..f.y.........KB]....Y.-{nY.....?ML....N...Q...VT.....6V..%.<....".p.........,.>...L9c.R. ~y|....2`...{=....AS.b.P|.{&..E.L.8m.+.+....a..=.,<.Q.Y..%.B......$.W...A.f..rg.Zd...Jq&..G......U....u.h.G.@h.....n.9......c..\ fA...rg.&D ....@.X.(>Z........<I..S...~..`.!3...A5.#....uz...\P.....^...c:.......T B...r6..#..>@+..h.L...@... -...[2. .u?......h...1t'm.-..S.S/+.I.I(._.2[u.?.aT.zP.Z7".E...:.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.852886628224428
                                            Encrypted:false
                                            SSDEEP:24:Td/6lfenhpf1cse10PmRf97MvXi1ILhj2Uwr4oPyNVZFIbrKfB62i:B/6lfC0se10PmRf97MvaOdRoUAbG62i
                                            MD5:DDAD0DE3A17BC57A12C7B04BD2A30F8D
                                            SHA1:280FF507932FF29729D4590DD7D954443ADC6F8D
                                            SHA-256:2DDF3F97B5AF89F0C039975BECC2500E51724F7C8BC20B4EBF251ABA935B970D
                                            SHA-512:45E49D81249E5ED68563A56A0FF28225504321C97E700922DCB28DAF8138B005ADE77D2AFA7ED381DC7F927304F6F3428888D74A56D49242FC23C5CB2F9C924A
                                            Malicious:false
                                            Preview:....-..mSP..N_...#.(.o........U..Xz..Y.....Pxy...lX.3...j..... s.*KvOI.x.....B}.Xo..6..rTx.....@.8..H..._...''\.F......u.h..)!"BF...b;.....}(..g.....[m.E.%.Nx...;..(63,.I.}.q...jP...`....|....l..=....].YV.%...n...).VY.bj2...`'&w...P....*;.6.a....3..eYL..JK...=.5.j........Z..^}..Y.....Uwu...nE.8...m.....5u.<ZxOC.n.....Ve.Wm..3..wBl.....E. ..B...@...(8C.[......a..D.fv...zi..Y...l/..."..mU..D;+..W.<uD^.v...P.x..@....YHR.x..va.Jv9.....=.....=..:g-..Y0$I...00;D*..*.F...<...4......O.....t{.T._0@...3..F.h.m4...[..I......F......:.....).(.O..$...nK[.~.:....4.{.,.R~.z~.7:~......$~.9D.4.}.L.J..A......(..6.e.......DS.bt...wi..]...{2..!..jM..P0".S.6eKG.c...R.g..U....\HL.f...s.Om;.....1...../.5a7..^"3C...:1.Q,..7.W...7...6......P......-+Pl...g.0.e.:....oy..Vc....L/..w`.0((...7&.Y`.....D.tA.x..3.(rh..c..e...a.s.Tc...=4....`.w.....m^..qZ....>y-s......K.&w8..%Ov...A..7...'..;..h9"t..;.w. .."@q....x.?%.....{..Y.....f*..E.Gy.!k..Q.........G.()............Ih
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.8414424008588215
                                            Encrypted:false
                                            SSDEEP:24:ntVJ0uavGBsg+0wnQ3x9g2mzCl+UPNanCRoygkkPuBoOfB62i:nVCv8sgX3x9mniECiyJkPVO62i
                                            MD5:3901B7905FDFE3C0073F6ECC678C46C4
                                            SHA1:2803E2CDFA3DAF7B0886B0056255674ED394D8EB
                                            SHA-256:5584D1E488AA520A6F0109A32C92B60A4F925462E09ACA1E4B24045C164D8DDA
                                            SHA-512:358323F956A62F1D19F515E9B749F99EB8D0A307EED52C58E400EFD41CCDBB5970DB34DD0C542304EE35A796D711E7BC87CABFE6806EF92495CC024A5AC2B5F6
                                            Malicious:false
                                            Preview:..~..@.B..H>W].Y.%c{...!..!.<..H$..n...;._..f.I....>].1.F\e..%}..[.Gx=.....VS......y....T...f...n..#.>5N.+...u.A.(.|x.......S..@....Fv...t......."B.e..b\X.......`....xm...9q.v..J..t.....6.....p..'y..B....&.^.x...Ra..+..^..l.|..v.[NXVY.[:..@4..i..u..}..B.N..E'PH.Hm,jt...!..$.<..O2..}...).^..|.U...."W.'.JZm..0n..T.W{)....ZN......m....J...k...c..<.,&[.+...}vN.$.vx.........NA...-.......lBk-P.j/.G.....8.[...o.k.....t..^}.....Ma...N.NP/X.g.....K1u,.../&.......n.0.x*-..nB.or.D....Q...K...m.x.].+Pk...:{['...Ts.q.]Vh.u.MP}i.q?..&)..L.{Lv.~...F........4.S.jD.G.4Z_?MCUd.._w.w..[...u.3.._.:\.Q.`t.x.J..R?.76G...52.S.6>..K.RI...#..........pWu4K.j4.G...5.]...c.r.....~..Ob....._~..yV.N@ F.r.....J5b?...98.......~.1.n=+..sG.nu.A....Y...N...`.h.P ...%.o.Om>.V..`7...1......i...X.....MQc. .......5......Q..jz...=.u...,.2..9o.....$...k..|aK...r..TU...oa...W..jLA>..#./............W..e&.G.../.K'....g.>.....66V./.n....R.W+.`j.:d...}....w..p..o........z@.Q'H...d.Sr....5..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.840515571195609
                                            Encrypted:false
                                            SSDEEP:24:y7kSHMnI6yoL7Xlw1dCK3WFgq89JE4zc4eL/UlUsU9mUxviqpzgmo7on+ZZfB62i:y7k8MnrX+d37q8jSLMlrU9mU+4Ar62i
                                            MD5:0D11AF7A964CF649F37862BCD4D488FB
                                            SHA1:BF79E0833B5E3E8A65790B2308C650530245BFEC
                                            SHA-256:40BEF3F1549C6F959C74C47B98EB87F95F79C649A57930521AC89E70CDE21B4E
                                            SHA-512:3397490787F5477EE31A65E9E5E6FBFC557F3B055E985D1A48D0A3EBBC0BBAA66D6AA3DD63001E7218B739CC66EE42C349F2637EB733660E1BA15020BF6953A5
                                            Malicious:false
                                            Preview:V..x....R..br......C.g'....V*&...h..y.%.j..`...y......E...D. [...X..e.Z....4.l.|..0.\.....W...:X]s...9K.....G.....[........67A...P:;.....\(s.........J.x.K..9g..2..,.$..Q....N.].[,.-?OE....b<Mm|..W."......v..8..WcI4df...w.......<.2..(ODn.........I..l....I..mm......].o$....E*1...u..p.&.}..w...w......U...Q.1N...F..c.B....=.w.f..2.R.....G...7LJm(.>O.....I...]........."..._....`S..=.S.Vm..[..v&2Xi.u...r.q6......D.eD.2..q.....m........qy.q..Yj..%..]p.$.E2....op...[EX..aM....*....y .....[...c..j.B...D.F..<c.......[.+.?.@B......hg.r..*e...e>.../JY...^.....F...~.^.l..}3_>I.%..S4.d8A.0...w,......K.(...`..%...%...J....dL..<.Q.Jf..J..c<$Rf.g...p.o=.d....M.oH....d.....y........cu.q..Rp..'..Qo.'.P:....tf.....MJX..aV...k%(...c&...w.C...8.S.#OgR..)t....^f;...2.GE.....FZ.s....8....<.|...:Z...m....;7H.Yy...Y.w......n...3.e......).Hw...f.q....>....S.muV75....z...R..*..<+......4.w.O(p.D{...in.[...F.H^..C........._w..yPH.#J.#...V..Q...d....8..B........G$.....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.835972723394356
                                            Encrypted:false
                                            SSDEEP:24:YcHcIqBQ4WmTO1YDKIj+yqzAy64Ty0DEgW0cx226JE5YQmBlC2fB62i:YBhFA/Z5TnDEgW0cYDE7lG62i
                                            MD5:BB9B5D70F9903C287E87146771B55113
                                            SHA1:22F54BE078C52926E6F433EDF16AC025FC7907E9
                                            SHA-256:06F2F55DC946A561F79C47E0C95DEFE68D1CB4E5EDFBF383DB7CD7BB24C08F46
                                            SHA-512:A43338FCCEDF8EC897496D24A093C31C5974E09D081C2A6ECB8D343942199F350AC9EAB4E978804DDD9F7F9E5F7740BC5F34FE61C731F59FC9E6996E4FA03343
                                            Malicious:false
                                            Preview:..&..R0.C.`...n.|=f.l.X.f2h....@.?.6,D......S"...^.....%R;.d..-.@dl.4.........f.m5...w:..5n._..d......1.........g]..E..Z....s"..H1.e..*p2..N&..........B9.....nL.?#..e9...!!.W...!.&.5f&kZ3.'U.......<..{s...;.h.......C)C.E.U...9..f?.R...8.....3..)..F>.E.v...y.e:f.j.J.d4c....L.:.?9B......W ...Q.....2D7.t..*.Uiv.3.........o.b9...b6..&o.D..l......5.........fR..Y..Q...n..C..F.m..<.....2KG..}V..,....}qPW..KO..$u ..?.z.....].t5}..Br.0"Z.;3f.Wk..G..}.......2.5.A.?d6.+. ~....D.*.......VP'x.3:..Y,..EvS_(..su....0._ D.x..+.oA._..9QC.)E...$...g&....?7$.=..1.j.Q..%..3..G./.\..\....'...!.3.....3k...:..`.S..=...3q~.-....]..^.g..1.....;GT..mF..9....gzV^..JY..3q5..8.~.....H.z p..Vs.*>R.*3~.No..Z..l.......!.!.O.)c%.).({....^.:.....MQ y..?...3.^....g....]M^.,..z....Eb.4..... .J..c..JF.w...b.a..q.3...8X.l.r...7..O.(C.......@.q..(..-K0k.rt+[.8R..d*0..pc..'.`..MZ.t~...D...%K...Y.......wA...../.......Tnh...VQR..l.\./.2p...>...C|..x...:cT.@..D.......>
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.867960115042274
                                            Encrypted:false
                                            SSDEEP:24:VD++tJM5tW+pn54OGZWvhPLLuhvxwEoNLgCbCesnz5mG6fB62i:VD+wJMxpnCOzPmiLa1mG662i
                                            MD5:36A18AF971D601AE226AC01A65197D66
                                            SHA1:0DC489B960CA4EA7C2E3BBFFB3506C712548FA9A
                                            SHA-256:29D5230F782324E82FB4BC8667C8956ED5E0F1BADE0146FDA2AA94F3B95A1FB2
                                            SHA-512:9EDFA387E979E1448D65BAACD3AACD5605D2203F6B0E8089B28D14791BA64C031FD3959ECF261FD9C9CF8F3CD9B5948900286598CCE2D1E6ED94D9032577C5DF
                                            Malicious:false
                                            Preview:.0..|.q>...SRl..{6.q.D^..$n}...-.Kz....,.1Y..3.u8..$..g._...8b~.. y.....DE(...M..+.Gy.`F....c....>..H...n....[.x.....V....Yw....i*..A.a...M[..Z]...qWR.N!Y....G~J[...}...un/..8T....e.o...z#..'H..).+.r.vTc.."......:H..=.o.Y.. .~x..../l{..i....^. ..o.s>...^Dl..f7.u.VK..3.x...0.^q..../.5P..7.h:..-..d.N...6p`...o.....EH&...Q.,+.If.bU....i....;.._........I.w.....Y....l.S.......L..R....g.7..^]^.@.'w....kd.N....t._f.`.~...a8.0.....U._.....{.5..m..f.._.].&.....w.....QQ#0S.B...~47.....]."|9C.4.>6..Z...M.....I!....V.q..Cu.Z.LM..V$...L......J.~.\._..6d......c....g3;UH.....J..E...<.....Y.........B.U......_...l._.......X..\.....z."..UP@.\.3{....ad>F....`.Rg.t.m...b5.'.....V.H.....b.$..e..g..E.@.&.....x.....[P.)B.W..hi%<....._..D.e.).q...#..A.".q....'.v...O..Yk.punb......7..z&....H....K;62..p.r^...6....S3.m.y.(>.GO#3....w....i..-..)k.Z..]....O...5...S.T.l:%c..B.......*.K...w....=02.w....f.w ."..~=.q..0N..h.....X8.n|5[.\]nS...|.!.a......ca.....Y C
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.808226702524706
                                            Encrypted:false
                                            SSDEEP:24:kt1lX9bZuipd5Yc0cZLRGOQqGf1CEPadbn4y6bjMIhTLfB62i:kZXmKd5Z9LR73eden0zhR62i
                                            MD5:90F564D527A2B444AD5976469C9F9211
                                            SHA1:9F071EF635B0BB4E4383982631A2B3D5817939C8
                                            SHA-256:BD8EAB62EC2D4B0C148DDB6D728E453D0BCA581D67F5A9AE554DF70FBB08353B
                                            SHA-512:8930E5237B7B7FE5B383B5F0105CE5542EAF0B4AAE823415F49AD47A0F63F7239543D5D5C640190CE770786962D960316DF64BFE4EFFA7255FBB7BA0C084D24A
                                            Malicious:false
                                            Preview:.h.}.D..O.X....l......#....<I.......k\....k..z....$.1....)...2].Q...R.<..(4..{.4z.=..|..Ki.%.Y..G.#d.x.cm.~o)h..pSQ..G..5.&....'.....S.`....t-.D....~.Q..zI...Oe....Rg^.&...J.....3....*U...N~s.fB..{<70u..z..).....cH.A......(.{.C....M.....s.k.Q..U.N...w......-....5@.......cT....f..}....(.&....!.|.<I.M...P.&..(/..~.?y.'..{..Vq. .D.M.$q.r.xo.|s/`..v^]..Z..Drmo...!............^..{..w....R....m......('.?.D.......(.P..w.~..AyU...[Iq.\V.#.....z..x..d.+l...=#.:.....y..n.$..Q.}..60..!...c..$...+FU.5L..(]7.2r..{..V..t._1..O}.....i.7[&WN....;..A..-.r.....hw%...fyX.T.d5...U....\..S...'...>.O..0=....~..M|{g...'........t...N..p..~....U......u....*;.>.A.......9.T..t.c..UlU...PIe.UC.;.....~..`..k.*b...,$.*........wl+..Q.x..!..;..M.$..$..?^.j.4.]..X.>.R.k,;.c).....C&.wK.;....>....;.9Z.d. .4..v....7.Os.~_2o.-...4.O.....`..:..T..xi...F..x.....I..av..p..4.r%....*.]..0...J..$...O"-...../..4..P\...w-z.c. .y...zj.....W..V.Z.0...ke.^+y,>[..7..R.`..m..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.8336350061836635
                                            Encrypted:false
                                            SSDEEP:24:LCRBDQa15cVLqJNCzxbvfW6C25x6T4BRpQAZusgetSOlpujq9kS/NAj22gkbfB6b:LU1QI5qLqJNCR3ze4LptZurnOOjq9h/r
                                            MD5:20B8AFEA86605DD94D4CBE2E76A339AB
                                            SHA1:5E4BFA531699F8E1E7D21AA5BD44B39B3D34AECF
                                            SHA-256:99BDAC753C311577DCD6561EF013E28F5F5CC4285754E055D4AA69ECEE4E915A
                                            SHA-512:E0BA42A866AC644BBCE13F3A056D80AA4CD45BDCCD1B57C8568F39EFFBB4132F551EE234C7B22BA2DE71532BB2750BCFAE5F60A8F877D3B88F2437A756CF98A6
                                            Malicious:false
                                            Preview:`...L.[...a...........&Q.B|..^.B&.%9....\...VA.f...!.....xW+...:.~7...GU..{.<@ :......z....P.k.0..FC.D*s.?.2.+q .....P.....o.9.j$..7NqZR.....8+....."KA......%..G.v.5m^...\..vUM....I..g..:..X..w...n.l....2.rTK.F..e`..P.j.F.........t...?...gh.rgc...T.V...w...........!K.Ku..G.W5.-1....N...QR.i...6.....pM(...6.d4...AO..`.0E41.....}....P.v.4..AV.N*h.>...#r:....O.....J..1E.g..pk..$.4'S..a...C...L"...s.v.r.-..>.S.?.p..}.&R.Q......3~..F...Cj.O)....%N.#...v(>...@?;.....iD.)..yf,...O..>$..(..&a..%g.\...5...9...7M..q.....<...!s.P.E.!.......{..{+{.....4.cX7..r.V.E.........!+!v15.0.Me....o..x.tM....s..`,:.>....!..D..)^.a..cw..9.? Z..q...T...N!...n.k.|.5..".^.#.x..j..A.Wn.....d.b..R...]a.[0...%F./...o0?...J>5.......yW.....h>.C..-!..?q..8i-RTE...~.......!.LO..l....}.r.vrO..G.g$:....E......7?..!..&N...+.P0..@*j.8......S/......B.)..c.+..MJ.#..R... .U.a|.l.j...F.m.ae.93.ik......<.P.Z.4.e..0..p..=v..!..R.l.b#.*.D0.. ;..uI= ...;O.........(.A.....D{..0Z.Pm...|D..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.856660644684462
                                            Encrypted:false
                                            SSDEEP:24:EeKSmW7809d1k1P4rjVsR2IMyy4fsAUDF5DNDLPcIwks9C4fB62i:4nOdiFRscsP7JDLkolo62i
                                            MD5:A24B37EDD4E9B71FC355A08D43C37F8C
                                            SHA1:49276F55F0A78C6B46ADACD5CF47537E2B842614
                                            SHA-256:267A4D075B0B3DD7AD6281EC79FF1CAB7C98F207F2DDDC8552751AA2F3D553E0
                                            SHA-512:3F0EDBD5388478B23338FD0EFE62CFCD0ABEF700533AC7378D5755A2DF44D40011284F0AC1B3C6CEA58C97D0BFF4624EC9A16EF643CEF327DD851427B0DF3860
                                            Malicious:false
                                            Preview:..G}..aZ/y..E..S2...W.MU......NM......7...,X..B=,.L..X..T...}....... ..f.i.....>.X...F.A..Kz.{....&.s>MM......l..%1....D.4..s.`3|&..1_...q..p....d.In.=...<.Y../..].j...^..9v[...<sk1.9..(...O.i.Q...qp.7%...@...q...b.X1...5......{.a..hZ.t...........Ay..fL7...@..G3...R.FH......GP......4..."H..W/4.Q..V..Y...w.......<!.{.|.....3.[...Y.N..Tf.l..../.m+AC......|..86..N.?...<.i..7....\...)1.y..._Y.vI.G.X.A..Y7m..kJ.'.P...J...*0d...\..7.....<..f...S...C...N.[... ...X........K..)nVCqI........!+G..6.M......w....l!..&...p...i?..o;.Y2(,+...?G...g...7..)(2.xo.n5&..Z,'-.qR..I.D............R...{..g..%r....O.VX.&>le.v:r..9.{..7....B...'>.a..._G.fE.R.W.^..\-g..o\.;.J..Q...&"h...@..,.....,...t...K...D...D.@...4...M........I..1z^].B.......66QZ..f...a1.d...-....[.f5CX..E`.2....@q._5x&I8w.!..b...~f.<...O.....M......7 b...=O...y(./.|j..)b=.{.G.K.#.93.L.k...e.".._..B%.Q.T.........[?|\,.U..+=U..,..d..O..rw..9..Uk'.(U3{..eA....@.0r2...z/ob.?..''6i.....t.C.Q/.......
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.849159924728097
                                            Encrypted:false
                                            SSDEEP:24:1+5I5Svt7o4iTdgvpWNiKAD43ARy8cQStpoIm/I26LfB62i:Yy5Itz4CvpWAhRyvXoIf3962i
                                            MD5:DE5F7B8A5D9D7258E4DF81C9626C5605
                                            SHA1:C56B9F3D96322B5A62F62391CE371C323CD470C8
                                            SHA-256:C2D2C0F29F7B1CCCBBAEC006061F460FF19ABA2F2682C28A171D7EC438EF7186
                                            SHA-512:57AEEB809D5383747E8A06852FB95F7A2A4411209E6153F5D18D2192ED954AF1F137E0BC9D23D9AC005C634F0E03EC1519DE2B885AAE1C3F6DCD5E73251323CC
                                            Malicious:false
                                            Preview:.l....?C.......2C2....n....F...........J1...d8...E.$..6..I...2.....u.]...1.E.....'..+..>.......dp/..^-T. . .Y(...H...MI...i..MT^0.Jx.....)r._.<.x.NW.....:e...eL.a-..O.../<?..#X-..x....Y.....(..y..b8.S]}....s....}qw..'.;_.mw).>....Q.....'./.....s.g....3Q.......9V*....f....Y...........U l..b2..jQ. ..>..T...<.....v.@.../.T.....%..*..=......xu<..K(J.8.2.J ...\...TB...r..D.ZY..j...a`K.P."."N..G`gc.3.9.....=.......@a.}Xth"y.[..'.Cm...UB........d.D.......h.?Si.`...F..>.......p....O.gw=[tX....>....q....Wl.......\.'-....gz..".VE./..+....L.!.b..==..X.[..P..0.{.........5.@.$R.b.V.C...l...V.C......[...O..K[VJU.{.e..X.YG..o...tjP.P.,.=E..Zuqwr%.0.....(.......Qp.nDq}/}.Y..2.Gw...@^........y.P.......x.'W{.n..._..=.......o....[.sg-CbH...Lz.R95\...k.M~-..A...$ c...c.W6.... ...1PF.B.l..g....N+.S..di.'...9/...A.....EC.D...v...S....<(.O.#J....,.wG....C}^}.kg.!_..~..>.YR.+..Xey'..`.....n...5........>.dD5............l..R.4~l.`..3FI.v....".I.....!. ../...b
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.842837848173699
                                            Encrypted:false
                                            SSDEEP:24:UoO0ha7EvA5abUdKMpbrbURaKOJVJjnNDQCvD7X7XdU2y3yUuSuv8fB62i:U0h5O7dK+rs8RNDQC3rtU2y3yvu62i
                                            MD5:6658E93318EF5219F9FA5E7390ECFDD2
                                            SHA1:1CE19176EE07915CD90EBD931E734FD8505302F6
                                            SHA-256:9FA0DF8B12A3FC19B150A3A6214AD600A45C72289AF2235E494697E644DF38C4
                                            SHA-512:FD56B8D04FD26ADAB4BECB9AB13492ECDEFFDEE4520AA90DB45D0783948D26AFB4CFF50F776D178114AA84D885A9B4ED7B5227C01F75101C88E2F734CF4D53CF
                                            Malicious:false
                                            Preview:4..@.]w4.M$R."9q..p....t....i..H2]U.v9............ V:.$....[.L8.U.c....b./.H..9.......).(...FNT.8]..`..-....9..LB..j..F..'.V.RR.)..6....|..;F?..^.....W,...F.i......]...G..T.6....}p......<.........O....k.G.d.s.bZ.......H?.[.nT.?...j&J....|".hn-..G.Mk..L/Q.!9e..c....y....p..K)D^.h*...........;Q<.9....F.^(.D.r....l.9.O..5.........1.-...M]].2_..c..2....-..TZ..i..Z.o..SL.B....!p....u...:. N]<t.hyi.B....a.Ta....G.3.C|...A+...m6..M.WV<..h8..X.f@..nO..xd.y.+/...Qc...3...^.....]...Tb.!/..<..!...i.X.Q.P.......X..l.~_....%.U'W.9....B:..(g...0..f.?. `GG.)f.i.)L.q.$hM.8.....5'.e-..H.?.y..D..'.....n....u..P[.U....>{....q...0.;TK!z.brd.W....c.Xk....C.!.F~...^*...n+..MnSX!...'..O.fP...S..l|.|.*2...Vk.,...V.....J..4k5l.a&&..`X......>.N.Y..'.0...M.'.H.$..%......R/.r....B4$.....]..L.....v.o.=_....>.._.j2.0?.Y.!.T.H.2..tpv._.y..!.....j...d...Y=.0(Af...2. .2...r...dW[n<......;v.3...Hb.C.[A.u..3..w..[m$..AT.T....K..x?y...l.$..k..2Ih.._..O.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.839889352132288
                                            Encrypted:false
                                            SSDEEP:24:egIq6Ee+Hl0DKULTImIsHy6DqD1iTQkJiom0bYOioCHgRsyQX6fB62i:Cq2+mWUo1ByYIQkJiObWjq62i
                                            MD5:CCF8122C21ED0DFED5D236EC7DCDE9A3
                                            SHA1:D2647975469E37C061BAA8AB6498F87F62082353
                                            SHA-256:A76D52B0B105C2612552AAB331E6FE1748292F491DAC30D42C8496BBBC65CB75
                                            SHA-512:428F962D693E97CC7C23C621596B25B807B232B3A86F77DC7D143CB27B5CA40DBB704CECF8F8B179E9F16CDCF5AEA3417812AD4EDABA8F100B86A230E73ED435
                                            Malicious:false
                                            Preview:....qbV..2....+.......$.W...E".OM...)..#3..< ..:K.._....+.K.E..`.....=>y..Lo:H!^.T..y.%.j26..8.....O6...k......~.)..5OD.'.l U..U.t$..3c...|..sV-......l.}....h...Ji%.d.......#D.M.s..i..Qj........)~....?1..0....X..%2'..........'9.W!.V.^.....Y......}mZ..&....!.......$.R...L1.CX...1...%4..#/..1C..B.....9.T.A..l.....>-h..Lc1N)^.O..h.2.|38.!!.....L'...w......g.,.."CQ.%......1..Zh.b.g....K.z...e..2.Qo......K./.F|M<ieh..P.2.~aB..R.y...i.g}....j.1..g...0%b{n...Vb....\%..-:bE........6.*.,k..O...T$..v...=/.x@PW..}.P..\wUpw.P..M.n7..u...v..?.D..2..`E.D.H..(..RlkN....B..{.......r.\<.e.ym..M.{&.....ev.........:...#.}......2..Tc.y.h....L.c...x..$.Lh......N.=._xP8`bj..K.<.~}R..@.d...n.}h....v.&..q...<*ftd..._k.i..S8..> .E......&./..v..A...g......n?%.V.g&K.p.dN<.][w..U.<".[..D]...r.....3..YPn...TN....".d....8.....B..C....}.......9..!.>z3R...D..Z.S.y.........X.@...J..c.../r*.F.....b....u.x.R....G.T.$.5..gm...a.XG?J.....Y..G.mV...i`......4....l........&K..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.851425378247803
                                            Encrypted:false
                                            SSDEEP:24:rLudet2v2lvu6xKt23YADqR7sOWD42w3yjljx98Tg3Z8BnH6fkyH13HfB62i:PRlvu6oU3YAfnc29jlFn+kj13562i
                                            MD5:337A8B0D61C3FBB990EB32D62F94FAD0
                                            SHA1:2D3783EEA67E7B77C799D660E046BB0F7BB46F3F
                                            SHA-256:0458375B4DAC10E7DFADE2771AA627D91C429B424541F190EACEB99BB7CBCA49
                                            SHA-512:806443D968C04AF210C3877E4251E5DE038CFBAF8269039B5412D696412B46C21D3B1C237BF84E41C4EFD66FCC65DEEB42298F05D16D6416E34EF19377098D66
                                            Malicious:false
                                            Preview:+...-.x...e...,....!...FjG"......5..O5k.5.6.....eZ.....:.I..9.+.....a....z....{%............F.th.y...}..Oa..wY.h.....1w5..s...........]..h....pH...7.fe.C.....vU.6a..I(..r..:...|6 2.5..5.".O.i....[....V.P....o.|.....).)3....+..w..j.J...q...[x...$...#.v...g....9........KeB,......?..X8x.5./.....zX.....%.H..9.(.....v....v....h=............R.uv.y...x..[t...{R.b;....>}(..C,.pq.D..ss.n.w..F.N...H ..kZ....yE.3.O..Qh.[....r...<_=.j)AUc..h2 .:E.(.x....$...,..O.......K...............:..S....n.s..F.P\...s..,....>|....<.&. u..0~..d}....|.r.. ^...^.M".(.d..G}.....u..3O...!B.?"9..T.K..OI~..o.*..blf.z.T.e.q....:.x..2.Y...h.G.@/.or.A..pp.d.c..C.B...X7..tF....i\.0.Q..E~.K....v...#W(.m?^Za..i9$."Z.1.o....<...-..Y.........A..............7.._....~.t..].[I.f.%..G.A...>$."..=.....$...{.!...~}6i..Yq.X....0t[...a.....<..z....3\<j.I`..6h.....,.$t..Z*B..C...~.F.i.H2...:-..f..|~...{* ..y..1.L.(Yx..n......WL..].....j..-0cy.}.H[.......FU%f e.^# F.E\....C..r...d[.....}..,.Sy0..p-
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.853572023654548
                                            Encrypted:false
                                            SSDEEP:24:OUXxQbgOQdepiI1J7eL7qFde1e4E560JNOejpeqs6QjKrQYfB62i:OPu8i+J7eL7N1e560zthAj8H62i
                                            MD5:2C5203226745BC5F76B90B643CDE4EA5
                                            SHA1:B9F0E92B75BFAF1DC9B7B6DD5589E79D80AD3709
                                            SHA-256:E8C894AA3F049B066623749A2A60603BB00AD1CA9563E606FD2B0DEE8E031892
                                            SHA-512:D3BBC6FC3DBAB2B4EB6FA97A220ABED95B3A90CAE7787509F6E2894FE8831BD380576AD0FAA84A8599F4B5FFBD0C514ABE5816CA721272A4F0ECBB8CABBD52C9
                                            Malicious:false
                                            Preview:.BY\.....r%L..."....... .W.i.....s...G....%.W._.)?D..^(a.g._.....X8..q..N..R...1..i..e3......|2'Ik|.)..r.$.IT....".g.*....r.,l|...Mu.j.....0`]._=.B..g!.".....8J6.)....a.Y5.....5....:.\...R.#7-Z.'.."z.]....N.%...7.O....dB.V.o].N8].vl.....5>.P.lV.Z^[.....s.O...#........+.N.b.....m.(.K......Y.D./7\.E5t.v.Q...n.I<..c..X..W...(-.m..u?....w!.Ta~.+..x.%.P]...n/.`.6.j.9.g....&u4..).NmM....{...Ez.&.."I...'.!.qq...A].9........!"...zbW.}C.!.f.........i.3....-./.W..5..C.o3}.)..[Q.[v...o.H'.,..t$..iE..Q.. W./v..=:..419.X.Wj....X.H....1!..G[.rw.o.F...s..$.#@g.)`......n...a.t.?R..._.C.x..T{.o...0. .h.z_.mh....Yj.p.6.p.....j?..*.CiG....a...\p.+...^...&.#.}{...HV.=........4/...~kT.lU.!.b...........|.?.....5.*.R..(..Q.h;m.7..ZP.R~...p+_5..9Q..../rog.?E/!..cw8...s['..N..1..g...z...3f.^V....N.;X..vVd%9sJW...kH4`..%o....O.5^...%.Gw8'y.....R.....).v/|.:A8[..|P?........'?D..N..=...............;.....Y........$.we.g..t..\.Rk;|..?l.c..~./...h.=.....W|E.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.873253039345116
                                            Encrypted:false
                                            SSDEEP:24:9YpBuW8aYuf59b5NJrQsBmPtp1K8sQcQhXD2t4lfB62i:GUg59fJVeaacQhXBn62i
                                            MD5:712A995139FB3E218AB0A6A805B4324B
                                            SHA1:25C5B5F9142EDBB3F309DA01A7A3CD4E201541A4
                                            SHA-256:9DCD3247E52D15B8F32856ABCE361CB0EBAAAF953822C26639CDCCCCCEC9CAFA
                                            SHA-512:1A65D7D5974CDCB61C1AB9D56E00BA61C99CACB366D26C6826DA27ED092DD676A001ABD73781D04354CE664E109F646FA08CB5679B277C88E5A8376499E2A815
                                            Malicious:false
                                            Preview:......G.B/..ha.H..].D...:n...%.K..,9......R..i..y._...B.............-j.Z......S%. {R.Z...@.fuY.^.!:..t$..]...X....o(.[....}N......T..+.S...T..l..7e.J..&..4....W..:.r....~.. ..hC..X....3a2..*.%n.......\*$.4.u=..f@..6f6.Z.[....B.Z]..{.PO5..G......_.E$..ok.V..OyY...3z...=.M..8"....O..e....H...\.............:h.@......@".8qE.Y...G.uz\._.:&..~3..\...M....b;.I..@b..pl.}H-.. .5.&.?.i.F...~/W..4.KC.>Q...h..7..<.....x.E.m../..cyk7.f.......t..Q.2.3..O..A.4.o...h...<GeV.%....Ki.~.F>..v:..#.!2.4....T..~.n..-n...^....~..l....L.F-.2l.U..m...T'..:<.W..W..;.....HX.7.D.3.GC,......o2.1..w^..Rh{.c...*}.oa]...[....$..Lh..gr.sL3..4.0.&.5.w.I...z7V..6.@F.*L...... ../.....q.I.g..1..`hk#.`.......i..O.$.9..C..^.;.m...h...<JxC.7....Gj.s.Z ..g7...E.(Z.XO...d.....L*d..|...E>..q......G..rVi..>R....).......f.<:.?m f_G..q%.^....4.U.cE}:....83N.........E...K..U(.*O....$....wKhk.H..."....?.Q...g....+.LK.vbbw}..>f.I/..}[.L..F.Y..W..J`....]..>...S.|.........=.|..(Q..m.T.6
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.836224074811613
                                            Encrypted:false
                                            SSDEEP:24:vOvsv0vNmkj3STYn8fqSNfWdQfv14OHX2iDJw3J9O5FJzuwjjfB62i:v87Js3HTlHXlDCJ9OvJzd62i
                                            MD5:117F29401EFBF629BFCBF4D435848234
                                            SHA1:A1AC1252013551760E72096AA33BFACD0E03BF27
                                            SHA-256:28F56FB0A7A268BBC88CD040E13DA463B8D1169D38F520DFCD370E3BFB8CC3AA
                                            SHA-512:9B648CBAB10385B175C76947C68242944C117DBD74E876C3C2FA50BE53E25816972CECB4DBE1CBC119A96C633B09C0CAC869C486BED140F0311CECB8E3CE2DC7
                                            Malicious:false
                                            Preview:"H.A....a@&...e.LwWG.s...}...k.,>.@.s]Y.. ..\F7....?....7.[...!..y..........,..^..a.roQ...>..h.......0W... r...W.._.O...mC..@m.....o.).............e.vO....$X..].I...\.W..-q..-.91...+...!...$e,.J.?u2..I.2L.r...u...H...M....Y....=m....M.Y.$=G.U...z@$...e.JqIP.p...w...u.*#.[.zAZ..>...EV9....8....:.N...2..g..........#..D..c.|`O......|.(....."_....l...B..^.I.4N...7LpG..O..9Z..^...%J...?..I.5..lH..:........%.Y@.S8.......v..so.aU.(&^z..>n...%.\......~f\.DY.{..H..P./z...?*1.{p.#.H...`w......:W.D0>...`.$.......i...!.[.^_8. s.8&..G..[.N...F...`..].*.........7...7"8...-~.G..b.|X...yp.~.t.d....{n..P.%.r..3A...$YcA..K..8G..B...5]...5..[....rC..5...v.....3..MZ.[#......x...l.sE.27Lx..2q...0.[......wyJ.DM.{..G..._. n...79>.jh.7..T..X,......9N....3.$a.#.Q...u*%kr9.U.....V>3..x...=.....j..MA.*sz... J.!.....1.|.C.Zk+..{u.Y....w...V..j....9..1&iU9...S.`...._|.......:.+..+.t...I...0..c}4Z.......u..lh.....h.....Tu.#..,..J..c~z,..l...2.$vZei....|D^...U
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.865332235061865
                                            Encrypted:false
                                            SSDEEP:24:AYmnVPm8aunF3LQbQqBmyhYP2OcWrFs0mrTKsGiubVY3PvYHcx/mk8efB62i:A5Pm8aGFkBmn+D4FsZr2K6evZrP62i
                                            MD5:0E5C5E422C32F857E10524C42713839D
                                            SHA1:10D57DDEF602E6F3B33501A91C71DB136924FF65
                                            SHA-256:93803E671BE1897DBDC58F1C25F9DF2D9EAC6F23A4DAB4911CD8C798DF6BD59F
                                            SHA-512:4B60C26584F23648F4C31A7AD02AFC0A4D898848C3FFB1B0E4B4D3B83E3AB59C5118C34E031B99BC735C8396A27D9C40D6DC3E274D97257A116A0085504D2DDB
                                            Malicious:false
                                            Preview:....eT....S.s.C.....S*.......fBi.'Bp&.?n.}o....f......hO....E$l^...;.....{..Y&....j.'..c.|.J.....by.r...S.*.....AZq+.%c..._L....jD..|9.Wb..\-.(=..^...8.#........,...E...B'.h.$z.!...N..."..#l..R...#...:.[\.0k...f....F..}.2.TZs..<.e..Y.M...m......qV.f..P.t.].....Z .......}Nj.=Zq4.4y.~t....k....f\....T&k[....7.....q..^(....k.8..x.`.T.....px.r...K.=......L@~..+u.Mj!V..l.._-c^..=_..uUUID....4&....3....l.O.v-...]qR...!..1..8x..2h.w.}./.W.Bh..g./.....l....%~..Y....c..:......A(4.v...v&7. .....L.f...12....+U.)n1g~zF.C.._....).vC.G6..:.QBh0....k...,.Fj...5m..D....|Q..]Ras.%..RH5..).S..SrL..N.u.:.^V...Q[..H>....j..z>G..v..T?xK..(D..wIWZY.....,&........p.M.w(...^vJ...4..:.?h..1}.a.d.5.W.Di..v.7.....`...'n..J....o..!.....?P%<.e...e(#.'..F.}.(.8S...CC..c....G.8'.a>+..b....sR..Os.B..7..x.Z...C.....n.....z0.C_..#p..qZuEf.J..u..c..^..Z.,F...D.BT.4.+.)..A..S.~. .>.Po.-.hL?..[......Z..h.....6..8...N...C.*E.8.)...AdI....(F.....35.....@!..[G..t.M.2....pN.~.V...G.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.858170222012514
                                            Encrypted:false
                                            SSDEEP:24:LBrP1wUHzJx7P1gI34IWzTnyrSusQHdrGafB62i:t1wUHzr7tgI347yrHsySa62i
                                            MD5:49D076DE932555606F580199ADE5C316
                                            SHA1:48A7DC61D8C45DD879AF8BDF7A52C9A66E1075B8
                                            SHA-256:8632300D9FE4D92D4F85A55ABFE4366885160A88BD89DD5B19A2543DA6FE35B9
                                            SHA-512:2FFE6030998090D6D873FF290CC075BDCAFB7C9A99BE63EA9A8FACA423B7CB27E084DB5AD89A5EB28C588EAB05306F54C73D765E226EE7FC36B1F75962DA3A2D
                                            Malicious:false
                                            Preview:#....O..[..2=..p.rq..m.&wR1..iN .....>9..$7.!]C......}. ...:@C...d.R...U.q...4..C.p.f.]....P'..H....;."......IuX&E{.p._.$.r.:y.2/y....H).a.Do.3D..}.=.._.#..(.=....-.}.N....".(3-...........I..*)C6.~7.)z*b0*..{.w{....&C..r...H..:.jBU.FQ.[O.E.G.r7..8..x.Z..G..6)..i.xl..l.+}Q-..c\&.....$;..02.-VG......i.'...-JC...r.\...C.o... ..L.i.c.U...S'..M....1.3......VjM;[d..a.D.=.g....l3..e0.P=.2.bi.....T...+.@..d......j...b..IC~..%..Mo..s.*]!..j...v..:<y.1.(.[...y......V2>..\.G......Y....$.X.Z:...:..q...f..~.%N.6..DH...X....J...U..E....l6..g}..\J."......d.. P..Q0...&/9A@ws.p^-.[4Z..w...R..CF...N.-..L`..z..fO.6"R.......f...n?..h0.L9.%.ut......S...?.I..`........`.._Dk..8..Ho..m.'T3..q...}..61`. .:.A...z.x..F#>..I.A......S....:.Ti_(...3..../.n..X.....o..~8...3......_G..=.&,........E..........}..e.%.......z:e.........F..5..)!D"..vln.*.......\.~f..k...y0.z.0a].....W.P....$.8.x....j<..x<.u.%5....C....[.-....ZI.......P...;.Q.<5..w...PY..{...TB...L.\B
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.8106182330934955
                                            Encrypted:false
                                            SSDEEP:24:73ct786Wfgj1EqVnPajHZnE1iUZb7O3DutFkWoj2fB62i:jclsc5YZS7OzutqhC62i
                                            MD5:822D3F42A44F52EC573C9511E50EFF27
                                            SHA1:509626253BA6F9E2790BA19C6DEDD776D9CD349E
                                            SHA-256:A007EAE55A1FE8BBBB0F04DFCD61EC23563B73C99162CAD42187F0EC82058498
                                            SHA-512:887E3AAB621C38D7C78E3CD5094B13F52A39CF3D499261825BCB6DDC5914B65FC77E05F2CCC42785D85D0C37F3B9525F157F63EB127E708B9921122EFD38AEC8
                                            Malicious:false
                                            Preview:$]./U.k.8.1o....O.s.p.).....8.o.....C.~.j.F.1Zgj.M3.l.)o?y ....r:..K..-...-.^%.!vSKy.qE...:..G.....5..........hL..f.v.G.....n.AKMp....i..cI.c2..v.H@.i..0.."C.&..#4...H..k*ky._qE..|.....!S.....U....n..P]Y.?.j....9.S...<..x..d.....k..8..h....>@.!C.n.3.<v....].z.c.(..v..8.y.....L.t.t.\.-Vw`.Q9.j./g"`5....e*|.P..8...#.G'.&bPJf.s[...(..E.....&..........dF..k.|.E...i...~....."f.d?i....P].F~...7.+...~...x.<ar./.'.M.=.y.Y..".RH.........#..&6..c..#.f.#.f...."..."y....r}".....8..q...C...P....[.>........9%b........-.....a...a.......z..{..'|....%z....W.(w.g.'jS.rs._I...:.L....F.a.n[.eW.H;A....&...?....T^Yw...f..... x.`*n....KZ.]m...1.(...n...s.<hx.#.8.Y.5.y.K..0.TP.........(..'2...d.i=.`.%.z.... ...;d....px=.....:..g....N...-.`....;n..j2...0F.s..r.x.b..Xf.G.z..qk...@.l......l,...rk.....W....."x'.u.....Y......r..?.L....q.....(^G..-s.c..b.....G....%.I..Y#.e...-.+....p.~.@....(..Mm....).m..i.:e.......PQT.....&.WM.9f.Q.o.Q`..}"..Y....p,.m.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.825364018734729
                                            Encrypted:false
                                            SSDEEP:24:QFiSQyhU9JP2m9jQVYEMHPx+kL+30DZaH7vQAkcnGVIGk7Bvk2fB62i:IiSHC9J+mtQVYEWPQkL+309C37Bv762i
                                            MD5:C3B3451B9AC7256688C9631C77F71B00
                                            SHA1:1F9DFFE14B582809B1C838B678CC41619BA7E445
                                            SHA-256:D513F4B9935FD342F7851F9B139104DF6E4DF5FE234C0CD2C477A73488EE58DA
                                            SHA-512:6AADD1ECA3A5BD08F86CCDC3E61CA9D92E30EA7929BB847335A8ABA1A92C4DC680342AD3EE6B91B5402F5264D3660F9E4A71646F37DB16E9B05E6A22FD739A90
                                            Malicious:false
                                            Preview:...)......s.Y..K....r...&.(..z.RG...%'.h?....{.,A.&|..'..{.j..6.p..A.w..<-....u.]....x...M(m{.&..Uj.T......3.G,`U..W....:8...*.....<..../Jm|e..Ha..4.. ....^c.uJk0...H....g.......j.....c.......s.-.c..*.4.(F.......T.+...Nq}.........g....'......~.^...Y....m.../.,..l.DN...$9.r1.....g. W.*z..>..c..}..".a..M.y..>=.....w.V....c...]%rx.5..U`.U....9.P!{_..E...t....Z:.47.c.Q.|.T.s.l..@c.)D...O.F{........A)....i.B.......x.LBH;.8....c.r)u....._.S.iE0|x.?U.{0>..Y..f...:....d..*).,....w.;.1.>..&j.J~..Hyo...`>..1@/.U. #K.R.*.j..y.;..o..J...s6j.-....MY.q:..b.....v...Axw.l........ ..SX...Q-S....L....@...r.l.....|....T0./5.k.D.|.A.j.k..Sc.=B....I.Ek.......J!....}.J.....p.T_H+.&-....p.s-b.....A.U.oG,dh.>W.l60..\..a...)....f..8?.&.....!$67cu..!.....S.u2...P)...`.G.Z.>.....u%...O..Up..t..os..,...t...Ze.....*+-.|.....j.#`T......8.R...4...9x....."...>&...x".7W<.5.....Wjv]f.A,f.$....V...&....).._".>..ni..P.c.....?..o..o...X.'.I{...?.A.\.R.$.<.. .....Hncc
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.845508651498544
                                            Encrypted:false
                                            SSDEEP:24:YmiAYYDsurC4DrPFNpSuU9D2jO6b61Mto81XJtQppYnbCefB62i:8+Dwg7FNxU9mO6b0MT5ApY+e62i
                                            MD5:C2BFF6240DFE4C40B599455A4221DE03
                                            SHA1:A7140EC8921AA17BDCC4FC76C49837521D1AAA68
                                            SHA-256:47B63B78D71EE498174044D6874E7C4A666F9D78906143B1087197AC19E7DFA6
                                            SHA-512:3232B6D1D396019D4C788B1627965F92E7019A2406F5AFE286F6B86A748AD74F410710EE194E67EE9914AEB88D0CEE3FA9D0D77E70FE2F9F78D73EA3F1C74E0C
                                            Malicious:false
                                            Preview:...-..8r...Fd..aw...u.....bH.$.L.\..QJ...++.."019<YO.}].y-....:`.......TD.....3.6.I.|.............=.O..G.......PB'.?.)rY........YB........W.N.n..A.......)d..f..[B...?.."...qA.~.b.....-.L9A.........v.@...i"GS8../....g...].m.o*.!k......p...... ...!$. p...Ec..we...j.....mF.<.J.F..[W...06...<8?%NY.zG.t'.....i.......H^..... .1.\.v.............6.S..Py......PY1.2. vK.....mj4#.]d.k..R.<.0=. ...*.5..g.9..A.H...@...1.=......cS..I..uC.|.N..70.L\E.A.....$..l....y.y.I....2...w....Px....KM.V...n......=.7..&....AC..f.......S[..j..."..)9.-....#W..Oy=....#....+.}'~,......SU....#....^....L.e+.X.[..?.]5.......oUv......cm#=.S`.s..V.-.47.>...2.1..x.;..D.\....@...&.==.....pZ..T..u].b._..1%.NFT.V.....)..x....f.v.K....0...b....Mq.....WS.A...`F..:..1n../.,..v..+.....^).Q..........|P...}W-.....V...+.l...JI3.x.....5U7.Q..MI.....)d[.)....g..V..z...7ys...,DF.]...f..{c}g.n..,.7...|.lk.l.L.....L.8..B....*".`,~#......u.o".F......I.y..*...$...yZ.A......If.|.#](..B.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.847728751743881
                                            Encrypted:false
                                            SSDEEP:24:o51CIXLkCcTJ+r805o4zYn8+SFw1fYz1/z/hYRmArxmfclQaZ3z7C/NEa13UJZ1x:o2EeNB4z8lcrz/KrlsQQU7C/L01HUR6b
                                            MD5:752ECA66FCD8F96C6CC769EE377B0AF9
                                            SHA1:1B42E2999100C1B5E155AD789AA8D9C452147F10
                                            SHA-256:679D9D0505D0BC769EA52553DEEAD8647B30CB274FD25AC76B0BAD52454074D7
                                            SHA-512:BEDA887B19704DB96E944ABA7C72EEF2F386EE84BE9672C076089D7C51802B23E103EC7D6A9FFD5A88C26FB32CD8CE708CE2ED88FA1E1F07C23A670CA8443E9A
                                            Malicious:false
                                            Preview:.&.?o.-,..g[#..4um..5g...?.w)Q~J..V3..Q~...w6.....U.M.G.}~&../.Y.p.E...|C......cH......?.D..c...m.R...j1...aj.Z.6lqf....M..3...<......E.4.#.........ZO.......5.l.?f_.......E..%f..)....j..aci.....H0[h.!..[...z2Nk.`..g..*OI.....g....c.'_bb.|....3.5p./+..eX$..*q{..({...2.x'KfW..L'..Li...~-....B.W.].pt;...).P.{.C...`Y......pO......1.S..f...v.G....x0...tj.L.;.xb...mI...+.......b>..O....n.O.OM.y..:........$.......]4.t.@)].N.p_.'6./W...Ev..T...KE..n..f..qLGv..}..U".3o.S1.U%...v.7.z}2<./.....}..... J...=.^.C...Vuz...b..H..T ...pV.m~jh..{M.o<C`.....9H....~h.Z..3........]S..Y,TY..I dp.....A.NH!......G...[.*..eE...5.......g/.*E....a.B.WL.i..1........:.......C$.g.S%@.G.nT.$'.;T...Gl..R...FS..p..l.~GEm..}..P"..z.A#.H,...{.+.}j#1.!&..a.a.._=.=.%C.1.?K|..u...Q.}..*NZ..[0(.*...T..q...]..l.2V..S$q4...q.......xc.).@.....}.K@...Y..t.o.Q.j.?..).j..O..U....2...?Z..#.<..R..(..U....3...oErgF.e\....#H..!7.+.{.u.5....YX.S.g.6...cPz7..C/.......^.E.....d;...t[..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.847306724234007
                                            Encrypted:false
                                            SSDEEP:24:MBIeEdR/MqRoW2opre4ie/8iNcFUcuKquLaxN4pJ+tE6JNFLHWZo9fB62i:MO/Th8iEYKquLWNptEkDHew62i
                                            MD5:278AB0179317F451382A56761331872E
                                            SHA1:7B68083C33E3CC4459399F9B5F7DC3F43AA361B5
                                            SHA-256:6326A36A7CACC39846ACE3DCC060A3B97530052FA0EA11778C6CD394D02E4208
                                            SHA-512:B7ECF4BD275E1C8A3EA3E7F227873B5F16B6104A7CEC78BF30A8CF15D372F9DF2085C05C060C8A1A94D8D5FE2E226DA01A883EBBC5B012273D4B9EB13F7930EE
                                            Malicious:false
                                            Preview:gF..h.K.....k.pD(....T..g....ly]._....2.@B5w.Q....Q~..z..#.].!...pvI.IS.....F.P=....r+`.KW7e.,_....J1VN.*......|..?gE..5..-9.k=.e......4....:.6..TI..F.q. ..'h~../L.-,.i..,*..aUIyG>..8.w...X..S.*.w@;>.,6.vMn...B.U3....9;..Pi.e.q....uS-.'8.j.d.x.....IeV..{.I.....}.mG!....B..q....vjR.V....".CM1~.N....C~..~..2.B.7...ofS._U...%.G.^=....m)`sEH4g.>D....M%UK.5......t..7hU.. ..=0.....a.......g(....+F...H.>..3..I.B..,..u.............C....`..'.f.9...no...([;.L....a0p..Z.......N}........u..D....0.N....[.....|......h*..r..E.`..(.=.............8Q..".Ow..Z...X..e%f.l.|a..Ue..e.. ..RMM..}....~).........\.t3....5vB9C.R.u....a.......s7.....&[..].8..>..^.N..%..u............U.....w..".c..5...we... R/.[j...a7...D.......Op........d..K....-.B...`#.9%.Z.;...AsLh.(...#.X...h2f..r..o|.z.P/....Xn.C..>.U..o<...S..O.d.E....4.....f..[..Q.vZ.a.r'(.`._.<w..7......6.V...).;>.Ek..o....?*.h..%.^m....'.......;...&.....Z.eh'..n-.U%...u.Q.j...=.*a4&F...E9Q0D..Q....C=5"...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.835676747898223
                                            Encrypted:false
                                            SSDEEP:24:Fx86QwgFxrimnkfOU6jkAgv/XPz9bK2EgLIvdmgjzHTMFUoY/wfB62i:4VLrimkfOjj90Pz/ENvNjzomoY/Q62i
                                            MD5:F2CA0A15AFC8270B3672D07AD92F115C
                                            SHA1:3A8A76DD4E2BAF275BD08BD71B1907363795E584
                                            SHA-256:02F49AFC038BB26B9BC497F674A742579299E549C1CE0EADF98BBF96ABC130E4
                                            SHA-512:91239451ABBD331DBB0A6E70961210E05B859FB79D1E13E485D2E0317B3845C2CD7E18BA4595FF96F2AAEDE2F51FADDFA0F8BE89D133F1A013FE4BEE6162335A
                                            Malicious:false
                                            Preview:e.......~Z.f.......4.Q.{!L.GPu..`...^_.Q.J/K..,..x..ue...cYz'.Km..N..tH..L .A.6.$.\.Lu..8..".V._..."*'....ZQ7.\.Z3FP-...2.xT...6.....z.S.....YDK6tC.:U..n.^...l.B.s.U.5.;....7.5R0.2......C.....:.u1.QiG..'..t0.OH..T..]..&9..Lo..+8.6.*l.A..X....f.......dV.j.......-._.|;T.NHr..u...I[.J.G0F.. ..t..itn..~Q`$.Ey..T..vG..Z?.Z.:.0._.Vv..?..?.R._...& (....ZJ5.^.\;EJ=...#.eC.8p..b;....YG.V).|Q._....M......rUj.]...K..3+..cWF.+><L...m.......O.....L..%}.K.....G.35F1.v...f.....2...Z..\..Nz,D...(.........H...c..\|.H.(./.......i.o..\....9FDlE...6<.[.2/~...?.r1.. ...#.\[.<.a...(.IF...%S..OwP*F*SQC.~.q.g.G..Wr[B.....X.jr....6f..y8.....DL.Q .nA.Q..I.....cH~.E...W..17..fCQ.#-=J...c.......Z.....L..,h.S.....C.*-G!.x...k.........]..Z..Wi#H...-...U.........?.I..f_.F.J..f[k..z..5..w...4...L..[F.NT...mC..1.q.j.[. .........'._)[$.7..`...Y.E..K.red/(..+5....;.h.....0..<A%.QU.Q..u^l: ....1BL..t../..*2.I.hQq..._..U..ee1.;C.....J......R......cg).R.O.3A3k."..q..A...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.837899539475128
                                            Encrypted:false
                                            SSDEEP:24:S1u+BpjU6zruzI17Rfw9Ks8A+rTTZ4J7ouwGDIQKU8o8Eop8CoaUfB62i:quKlU6zruE4Ms8xrTVs3wGDIVo838CoY
                                            MD5:21EFD64C6393AB82C8A7EE05055C9691
                                            SHA1:ABED8F3DBBE87C7764814589189A4906E2DA2A89
                                            SHA-256:B5001531DA255276B0A75FDB777BD850E403347D4411247E5360D8C3919A3D83
                                            SHA-512:8FD193830F4D5E13CB2EE42F25077DDC36C4F961BCDBD9055B5758114792399A091E421516DFCB9C427803147A7294D8469DE4CA9711A6F4D18C4F1AC53AECDC
                                            Malicious:false
                                            Preview:J:...r.....s.s.y.#...M.c.M..a. ... t.j.1..l...e'....5..%.F.S...Z.L.....h..`z.X!.ef.L.cX*....]..o.S.s2C./.y.....;Xo...D..2.n!...R.e...b. .W....?1.Jk... ...1!x.5....osQ.6....|'w.0.. .U ..T..E..$Q].s...p^g.7...Z....y.r..]...9u<....\p..^...6...(..".8K9..x.....y.p.s.=...K...T..l./...=r.p.*..{...x.....,....?.K.N...\.E........z}.R=.vu.N..iO>....Z..`.C.x)_.5.n.....:Mo...I..6.h#.8Ld..).0.m..3K&...J..L8...5..}..'.....A+._....VI.\d..).#._.b. ..|..".$\..HK......5....b.i.$.,S.......!I...v.0..?Hr.|../..Kg..pv..H.`k.%.!........q.s.....p<.m..y..g.x...{|5&(..s.......5.B.QUV.....i..l.f`3.U....._.$..........}g.(x.4..Cm$&.A.4Fj..'...%.h..7A0...E..T9..:t.u..9.....C<._....FF.Uw... .=.A.s.4..n..3.3Z..TU......9....m.k.&.,P.......3[...z.=r.!Oe.q..........v.....>..zG.....n.l....b2S..oV.K.......$59.....@.......}"..v...A.VV.7O|..G^J....j..)y....R.F....E...W.{.(....J7-;U.E.r.5.X....$.&.C......ARG.5...*..j.W,...9.l..=...nY%..wI....)g....i..........B,5j...d.F.\1.t
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.861592601743486
                                            Encrypted:false
                                            SSDEEP:24:/MHXxU0T49S//DM0qnFOqWj3H6Ypy6FryRvNOs0idkDoM1cwfB62i:qXxUC49m/Q0ANAXVpyVZUswDrCQ62i
                                            MD5:D4EC18BE24FC4F32BEEA5B22C2FC9152
                                            SHA1:DD2A423C19A4F25264A764966867CC64D6995049
                                            SHA-256:5C9C6F32D6E1AE86FBD8E1E591479E646AFFF3521592C2AD433A781F5FA0EA2C
                                            SHA-512:B996BCD09831072A4A7F8FCD130BCBEE7B0208F1C191A84D503249E5FEAC5A6101906CD9874EB4739046001D9CB4BCF36B2F1AA37A6006BDC8872A8CFB179866
                                            Malicious:false
                                            Preview:.O.A......FJ...zQ..gf.5...... cH..%.R..\......7..h....b.sZ..[..P. .&[.WJ..K...y...)...e=.5..rf..x.:"..h..8I...&C.Q..3..R......G..<....;H.pU.W..sPn.:4G..{TG.ue...G..*'.........Z.:..m....E..w..+#.... &..?..|..&}ai.L..{.Z.3P.=..E1.....H.V.$..$..X.I.....\M...lG.mji.>......0o_..=.O..Z......=..y....k.bV..@..].-.8].AB..R..h...,...~7.6...q..v.($..e..-V...!Z.L..2..E._!. .]/?\.a".)P...J+.....`.u...I=..I..2_..m:.....2.].r..P..7vlw..p..Abo.+.4..r..P.....fY.c.......6.G}.6f....x...i5cF5.|'+......P....../.C......m......3NYr{O..^.%...?c....f-...W.B.PA.2..M.\$..(I....dQ..8J.2y..{.~..m.|$.~n.\B_......=.. `.[.N..o.R+.7.B:7]..p?.:O...@7.....p.h...C'..I...8L..d+.....".[.k..Q..;lij..`..B~m.4.?..f..Y....gO.h......4.La.-c....k...|2lF6.|"4.....N........!........v.......@\...c.....4.!..U.....a...P.6.... i*...o....P..N{....64.A.4.zkK.u..[.XsI1...w.D.......O5.f............R..'..0.q.S."V...z.H}...4...)....:.&..45..|.....$...T>.....Jym..=..~./ojLq.]XZ.r.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.829561894855604
                                            Encrypted:false
                                            SSDEEP:24:AnmnJ15KYQSwDEyuIy90GMlVs5dZdrFC2gnXMJFlBmwbXguFvmIHkJJfB62i:x15KdSby890GMlVadZS2GX+pmCRvmLJY
                                            MD5:6AB34CBA359BD8381B77D5EB981C2D56
                                            SHA1:405DDFC2CD9098EE74AD162222ED7646116F6D7E
                                            SHA-256:EDD31EBCF7278DB00F6E243291DBA268C12012A67615EFB673EDD4E0D0340C69
                                            SHA-512:4F7DB52FD03C0DD6790FE9E0DB5EEE8D34DDC459314429DF70E9F0D9FAFBD290CBD177889971C54786E3E6C90CE721771AF2E0EE234797969DAA17D4AC6D0808
                                            Malicious:false
                                            Preview:...T7"...A.u...m...M....y..B....{.k.i.G...........k.vR....S;.......w....E.......h...p...|..b.S......,.+..0._.0..".^....Y....9}.T.%.Ay+}x<...g.]n...OJ..e.E.S[.o.W.....*E?.+.x..hQC.....#".J.......pm........h...g......@>.....I.*..;7.......T="...C.s!..z...N....h..Y...`m.|.a.Z...........`.j[....K2.......}....I.......m..p...b..g.G.t...#.8.p9.M.%..4.II..f..H.u^.a9....$...La......(b.R....N'>......j%5.Fs(R.<.....P..X.m....%..MPm.=.....l=})$.=..A.g.C.6f...]..I....._...._.....Y[2e.*2....C.I..|.. .4{/.Y..Z...u..~d.}f.N....S1w.c......CW.K.Gp7...%.bO..Q.y..(...3.?f...a..2UBE"."....s^j.O...u@.6.,.1.Q..b..Z.w^.}9....(...Oc......:p.W....U1?......k'-._w5O.=....C..T.l....4..ZC`.".....d<v.#.*..X.q.I.7s...[..T..!..M....\...T..]m...I..aoh_.......f..(..I'..Z...M.....46.......?.BT..H.....-.L.3.....+.18.....a....[G'..8....."b.T}.@..:&........UG....J&_.+.e.{..0.7..ns..p#..~...P2-.x".Q-a..7>_....0...G%..$q.sA..JG<:.......W...O.N.O..>u%..RgZ.j
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.814023969926844
                                            Encrypted:false
                                            SSDEEP:24:iewljVyd4nFcI1T3+cSYE15aefS8ISVuphFL5lbF50VNIyf8H7DMNJ3neptfB62i:B4jVyqnFTT+crcaefSL/BLnhQ8HwJXsU
                                            MD5:A58C708B3948CA3E8C9841623577E109
                                            SHA1:10A59AB268777FAD93C776FCB43D5905EECC8692
                                            SHA-256:1BB084261FEA0CFF6C1C9082BDBE2846718B09F70DAD82E467AD7AB918E29966
                                            SHA-512:2474D2DF8F5705ED5BFA597AC6D792803EB148738E2E37338094FD7EFC4EB0613EEF340215E9BF85E156AE64C14B4E9BA8650ED81C07E980F99546B9CAF3C464
                                            Malicious:false
                                            Preview:e."t..}.......x..O....Y{(.G..t..nD......Wh..r.tog..\.$...Z'[.RB..v...*...E/xZh......'..3..G..#8..n=..x..,.........0.^+..gp.=\/,..&..........!.._...1..b.i4=.}.%.Y..9.i..W.W\.@...[.P...{..]...F.M/.Uy.....1....O.}..........<wnn.f2&.~.".U4...E..z.>~..r.......n..T....[f4.O...l..xL....Zf..j.bxj..E.$...X.F.QJ..s...$...J5uSz.....'..(..U..: ).|3..|..............,._<....WF...6..L....8...=...K......U.k.c..dL'b..Y..nO~..+.@.x}b..9.Q^.A..R.....p.L..%.q.H......0c..........E.......%u.7.....5..1...02l...."f..q'{.?.9s..q.4Svv.".oj.5..s=+..g.....c.GOw......u...bU.o..=..q.B.........Q....<.=AE.'..R`.k..7A......|...ZE...,..@....$...'...Y~.....A.h.f..pN-f.._..nJ{..2.K.fux..-.DA.J..Y.....f.[..?.`.T....."p.......n..X.......*x.)v....>..+.t....0(=......@sb/.1T.=..N.K.#.......B7.\:.../c.[.nP.u.4.....\t.s...E....D=.e.pk3>.......&..y.D$.@...../s%O.-....d=-Q."6..Y.....0.K..:T..]...r.....Gv.).....~.dy...?..o.....;.....@...0.i[.S._4"..3N.$.Z}.&.@hw.^..@.q.L.H..X
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.842031179636746
                                            Encrypted:false
                                            SSDEEP:24:XOZ0hv7j2HOkLiwsWqPCxENIib618M5e6Agd4LxY0G2e8AMJ3fB62i:XegzWOk+wsBsGIi218MEC4LPG2TJp62i
                                            MD5:35AEDABB7A6B261A0C12E0F2C8E4D6F6
                                            SHA1:DA56CD35C9441C68B243F461C11D477A916624AF
                                            SHA-256:F377D164228E1F251681ED827F37887DB7A209C19B1BB3790E67BDC37894A26B
                                            SHA-512:1F9C9161D4EB765A9FFDCF9CE43DB5A0213A02F90257D2DBEFCEA9ED37CF58272DE1C08AB543A6B0FDEAF88C86D9769E250AF04BA1E5E01F573C25A972E298FC
                                            Malicious:false
                                            Preview:..h.......h.iz....,.S;.gR.D|....?.....GZ.uS..%&g.._c.....uh......L6.K...9.F.).% .5.3...F..t).."...y.;Q.X.i.+...#$..e&.<.2.Z&L2.`....1Ib.."..@..'..2A.I.U3..........H..Q%_'. ..=.l...s.==|T.L..IX.|}.j..h.;.4...:.x^....!3........P.5.z.K.....f.....t$..h.......z.nx....:.A6.bY.Bc..../....._J..yU..8+i..Rr.....`y....5.A'.G./.I.0..21.2.6...]..o4..5...a.=B.Y.|.)...(9..d=.+y.8.-c.Y..C=..]Bp....ySl@U....<-j.~*a..:Q..k8.#3..5..g)o.....cW..s..s......k.3...N..3%?...zY)....4".3.o..j..x..P..,...x.9`h...[R.tL}.0..da...O.np....yS.....(1.......'...v.(2..\....ex0..%.eu..I$...Hs....>V....:.fJp#.t.Ca.i..t...A.....@...S...v.?.1|.Q..R ....BFs....eRuP]....67n.~5x..)R..z .<?..'..~4s.....fB..p..q......x.+..._..%,4....oF;....(0.6.t..y..d.._..)...iH+.^)..6.....1a.{..`..~....k[xp.>.b......Ws.O3.c...S... Lq.....H..5....vHt.X/.=..$^....ej.|7.'...Ok..m..P.i.5v.kFY.2.w....o.F.`...Lv#.Nr.pM2..,~.f-.<7..k0t....#...p`.:J..3*.3....?..4.....:4)Q......s~..K.....s..F.`.u......
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:OpenPGP Secret Key
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.857386349023753
                                            Encrypted:false
                                            SSDEEP:24:I2Vne60/yHgIJq3Wa21AhvSLKcV0xRBx1oF2MXbL7yOtQrlDB3YwZ0/1lfB62i:l0KHgOq3WaaCKwRBx6F2M7qrlrZk1n6b
                                            MD5:9AFCFD16636F12F0713EFC3E68D25BC2
                                            SHA1:23B28EA8BBF7A29A7C25C7A31047512876EDF8A9
                                            SHA-256:651927BFA3DD87FA64B0A9E9FA51D533B7186F76DCE3A707FFECF97AA0DB4671
                                            SHA-512:4D4CA1EF932E1177D3D6D77ACCF53A65D814B9292C383A1FA308AB79FFF20AAD5F7CD71F5F42E45F147A67BCE64A41DC4A642BA7056CC81D1B1CE0BD558BDA36
                                            Malicious:false
                                            Preview:.g.&]..A.x.E/.).09......v...."....0.T...VT.h.....2.S..?.p..k..K~.P`[.FV0>$cH...I|.r.. C....>.....;be.U..c.....< ....@...E),[..V........1c%G.}....K_...G...e.y.!.......?.A......z...y.`.wo!...V...-...H.Q4z.o.2R$..5.f..g..Bo...53.PY...=..~;.h.2U..U.x.Z(.0.7?......y....5.... .H...DC.k.....*.L.. .p..~..^m.R~[.@F(/5lD...Pf.c...L...........%dg.R..q....."9....@...yK........Y.....Ci.Io.I.....t.)..$hM.jt.~^...I[.....).-......-9x.$./F'.8......(..v..S......`..,J.....`.\.C..J@.....<...0tA.Q.{..4IR.../P...7.x.(.*r.X.....K ..z.Aj..CBxw/E-..5.].K.v....e,I,..O..Ez7J.6F.z.....:~Bq..q.......T!0M.I..$_......@4....p .E~D........].....Ap.Bz.X......{.;.?jK.av.qP..._Q.....<.7......"?}.8.#E'.(......)..k..F.....v..:C.....z.G.L..^O.....:...!lR.N.#.3.V~.|..ku....U.!C..v.yS?,..g..q._jF{..^4....-.x7z....9..4..u.wb.J......7.....x.P.m'...0.....S...gr2...s(.....S3......$.N.O.!O"..p.#.f.]<|ZB..X.I.......&Y/.....y...H.t.a...I...H...".@j.dT'.Q...m....._......N.3.....-.I
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.829085636597481
                                            Encrypted:false
                                            SSDEEP:24:QR2aLzNkd7vOuz9z2E4rZp9HQfK73MQY+SaB5jD6B7N0yfB62i:QZzNkBO89N4rtIV+SUShSC62i
                                            MD5:8BCB42463C026D7E30530B8386CAFDDD
                                            SHA1:4656BE2783170FB3F63EA13C73978526FD75070E
                                            SHA-256:E7BA279EB5D11F50938FB8CE6CDD099D1C954474F25EAC89B6C69E16748E188A
                                            SHA-512:363A76C7B7FC118D669C6F44B3B46E95638D00424880330A3BE281C679102AD36C659F4DC75048588E16AACC43880F23C6FE57E906C8BDA87DCFDA87AB2443B9
                                            Malicious:false
                                            Preview:...%-..F.r?.$.).b...FB....Y;..)._}..A].%N.....T......J.i7(..>........=F....&.O.?i..$m~Eh.q..'.e..M...u.N.7...........s.$`..L.f.....t.h..N..^..,A.P@U.q..U.=.m!.. .SI..c.Jg.....5.d." H.....W>k.x..`.:.......7{..HB..K...M.;....r..V.G{!....+...-...1%..R.r=.;.#.b...XU....Z1..7.Y`..]T.&\.....M......U.i:?..+.......%W....=.U..k..?ww@y.~..*.r..O...p.F.&..........o.%pwh.,uo\8.=..8x.|.,...G...s.I...5...^.s..C..1b...E..fJ...[.a.E.Aw{../....+l.m.....o..8.N.vs).1.)......Tg.j..JW...{.(...LR...F...f. ..b...ZY.pL...L.ON..........&.`.{rn....'iE.a..R...m...B..u...'9.0........P...}R.y....1..y9.tC.W........e.6....._wxo.'fzO>./..?t.a.5...D.9f._...'...\.m..X..7f...I..j_...S.u.].Gru..#.... v.......r..-..]..h?./. ......_h.m..LX..4}..'..6_F.5.B\5..b.]..~P.^S..,xK8?H8...Yg...L..9..........c1...9%c..>.C. ..!#.;.l..?1.n..T.!.Ylu..4K.....a%.q.K.....?Uc...x."-s.? ...R.C...7.'.M......7....k.t_.C..7mw.#>.<.4...-..~}.;kE.........=v.~...%.s..:W..S..Q.7.....D.!....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.851883933169139
                                            Encrypted:false
                                            SSDEEP:24:T09lnHfRRFxefdB5kFX77MLQg7IVldi4Ue2PUfB62i:TgtHf3bKdXkFrfg8Vldv2c62i
                                            MD5:DEB71589CE8B450FE90716E999C1A01C
                                            SHA1:ED346BF75C95CBA62D674A71B00845B710278BAE
                                            SHA-256:E61FB9486A6B25F7231189E0D21083BF1B9290E1D181ECC04D67D27E3467EF4F
                                            SHA-512:169C0EF116E49D31EA690F6FB63D2D1826C8D11D87B5CF0EEC148588541B54C87D9DD782946258949590511F28A886161BDED05947C8EEB89C344B0394034734
                                            Malicious:false
                                            Preview:.}.b.%...sf.i.....GS..Fh.T.D..K...!<.3+%...<+..s.J......"}?.)!l..KJEy....%94.g.....I~.S#....4..S......fY...7.....!...."..c.e...d+..J....W...O.t..p.I..E....Ds.....sO.@.Or.&..~.`..<...../......n8r........m..Dqa...*t.=.ip....O8.....'..XB._"u..../...G.)...r.v.5...sd.c...YD..\g.^.D..]...=5.092...:2..k.A....../j*.84...UJA.....*5=.|.....Ip.M8...;..^....a]..."....8...."...yd..K....].UI..'..H.5..L5e}.~v.o?&3..I..BEo`.........u.[...5.9.p.I.;.4.3...<`.V.T.|...p.._P.q..^..........b.w..V.&..rv.@.f..8z..(.R...3A.2.'.i.......k....p.xm.@U...B.....B.....P<....vD..K........5d.e..{.K.P...]..C...{I...>..j...F.UQ...!!%;.g`.....E..L....[.GM..&..Q.>...\"pg.ty.}8!(..W..YJaf..8......a.V...=.!.v.G.).7.!...-r.G.X.a...x..YY.g..H..........l.c..Y.4..ze.Q.u...A;.../v.,7T....|....E..sn-/D.ZW3...n......K`....h..l...a..O.-..m...R.^......q..w...aE ..0...AJ..L.jM.P.u...Q..-..r.......z...........Q..R.2[..erz.4...D{...h-...v.T%9g]....:n...%.r.Ls/...6....u...}..jE.W.}k.he..BIY
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.825863199276498
                                            Encrypted:false
                                            SSDEEP:24:6z3eIc/gIE+6AYFCXyanvDx6PmMhHjOQCchECXCryiIfB62i:Ge7xYEX9MXHjRnlBi462i
                                            MD5:D4E90C19835387C2A09B0D052D5A8D43
                                            SHA1:FAD1B33AC69DA1C8713C3A0D77A2E38A105942C7
                                            SHA-256:680547500FB8DE5ABDE2249C5680F7DEABCEDB8E91B51EC137F6C0CB97EA73CA
                                            SHA-512:573CECFBE494C174CF208DD296D6FDA67120AEA9E3925187923ABDC83920CEF2061A5C05FEA25485C571BAA11AD00A0C64C2F3D8CA01BEA89143D613E1A7CB72
                                            Malicious:false
                                            Preview:f....p]..%..2.wP...rZ.UL'.^.S.4..Z.R....=v.&...>....P.n.a]i&.l..dN.......<Ht..b.D.^`.2....G."...y...-.....y;....]....sn...{.qS.....,.r.T.q'.......R=%uH....S.B.,..}.&..{.&.XK\..zo..2Kc..a.9..-.4.............L=.......B.J....t..-..U+.....{.....z]..<..=.zF...uY.VO#.T.N.6..E.M....5t.=.3....B.}.~A`8.h..mV.......6_k..n...S.Ht.=....G.,...t...0.....r(....O....ry.E.V...a...e..tn8=n....}M.z.h......`..4....Z.{..%......x^..%+$2..b..Vv.rc...M..W.....;cGX..O....[.h,l$.2.~.?...z....j..#.d5.{%...}..).c.o.%....Q#7.n...6.....|>.uy..W.~.n..Bm9d..........<......E.....MG..%..T..8..E.qLgh..B.0C.n..&R.\.....p4V.....R.R....c...e..tr4&r.....@.h.z......{..-....W.z..!......iB...8>6.}c..Rg.kt...R..F.....<iP[..\....Q.i9w>.7.f."{..r....i..(.h...2.....X9D*G.....p.A....^h.<R<+.rV..X........2./..c[.<.yo..^.V.fP..N.w..T..#W...}..)..".@.......bG$J...U..&.D61...\..g..=..W.-.m`..5&....?..}{......f9-......]kf.w..R.....>.K.\d.....s#g........}...M..~.}<..^2:<u.WG...B.j.
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.824837453959656
                                            Encrypted:false
                                            SSDEEP:24:h4RhV9XLfBCBGjIKm/ozMPEuQ5fKllvSqi7BfdynfB62i:h4rQBIugzgE/5olqqiFfdyZ62i
                                            MD5:3290AE634D3CDC893D8F6A2BD24DCDB3
                                            SHA1:14A509656FA7236391B8217B622FE825CC273E93
                                            SHA-256:6506C83F735F1FB90A86A887F44EA53A132A38F78CED768A4A64D9997DC05081
                                            SHA-512:2176F9885DD7C2D3A2C738336D784D4591E9DD8A9E497D94F12BF1EC4EF3766AAD594C674DE1036F77F980E78C843FF8EEA87837BFEB9E6C5500AF571F425921
                                            Malicious:false
                                            Preview:.?...r.5R...k..`...~.zi.x.....ri....5............r_,P<..k\ C.e....{.W...6.n.h..j.Z.x......u.X...).'..z,.]3jV^.wNq1...N. ..?........>h.4u...g.....4N.1.....?.{...G.....F.s-..M...F.....q .....'.m......)'S^b..}b&..d...MY.O?......Rb.*.7......q.-@..... ...p.,K..z{..l...}.sc.c.....ie....4..........bD5R2..fO,R.b....g.A...&.q.f..d.U.g......k.K...;.&..l;.R$c@[.eL|+.z.@.:..R.=~UGF.......X....)..2..h..L|....j....]..q.2+v.Ck...So..p...!...o.b..Z.$5.L...&...C<.........7..b."...(...4.Z.r|.x.F.)w.8k..9..Z...jw9U.wck*...........#........d....b.~.&..}R......~i..,....Q\......>.....MNT,....M..1..f...hE..4.<-.P.O.h.+bR...<...B.,.HL\.......A....+..,.b..Ll.....e._..t./;k.Ds...H|..f... ...v.|..@.$6.M.......T7.........7..l.....3...(.K..t.k.D.>d.,z...ar..[?]u.B..g..........A...%.a...X.,..?.........."....(Pr...j.Tw...`.C.d.......L.-.K...h.oC.c.........j(..h...'..]ZeC:+...p$...o.k.m..t....Kp....#.p..4..j@{[....G...l.u>(!n.&.f.Z..H.t..{.s..&.7..DA.......|3 2.....@F
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.839086357515237
                                            Encrypted:false
                                            SSDEEP:24:doNstxxppJLBb7BzIXntAofFmUKvnP09LPrjq1lSv9ut59FnA34fB62i:0mdHBb7xwtA80U8PUnjqeobMo62i
                                            MD5:C547FE6C48CF74C422493ADA8D9D5EAF
                                            SHA1:8DA039BF884256C9B3A0CAA48F78DEB3999E4DF7
                                            SHA-256:1514AACD5AAD51CC67D9C8EA8F799F87303E2E726C6CCCBAF0EF1985229C686C
                                            SHA-512:4EE0ED0F5D330AE638DD193B79FFC1C93F672D3C6164C2DBD8AB81E1F51F8EBCEB3ED515CD4FBF842F16F83909F6F7698B6D89EA8F35055453935664BDC0B0EB
                                            Malicious:false
                                            Preview:]bx.@.....wX..?..M..+o...W.MS"..U.V..\/..Q.?.'E.x...a..S.VI..I.R......JW^...O.O..a/.....X...Bo........Rf...zm....]N]{....`.....}.>....}f.~./..>~..s-....\.D..?B.......3.,.CO.,h......e.@..z..].W%..?c.__K...f7.Z1k..7B.h.7..."...o......z.Y<...T}z.T.....gQ..)..D..0g...G.AP9..T.K.._,..H.2.>U.a...f.._.TN..K.N......@HU...[..N..~/.....E...\}........Dc...ww....KT@e.-.A_...7.O...H.....+)..GL.U?.......u%...mM.H..};.: ..&....~.tyY...!F./9..Z9~.w...|.y}.h.2..wf.+.X........!Vd,@.W.M.....t.si!w.%.].9..5.Q....G$.."#..L...{0oy.?.K..9............j.O...M...i.@...f..en#g...3sf.D.........{p..\.LG1*Y..M.......4...=.P^3..-.]...Q.....7+..RC..M?.......i6...hM.X..z#.>)..5.......al@...6\./:.._(o.o...w.uy.p.0..wu.%.T.........Gu!H.D.O.....e.0;.H|.9..o.N...z.&.....`3...J.y..D.3..zN...{...../.....M".2q.y.J....,.x..!....@\...-Y..S.........d....'.G..)..Y*$.0&O.....6..$........N..yS\t..s_x..f.%....#.S...i|.6*.Y.......Z...Z.I..\...@.......i..$"1.[u....0#.Y..f...Dp..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.820013187359184
                                            Encrypted:false
                                            SSDEEP:24:d+5K/B8y7Us9aFWgBPSCUJAkAo7SHeMte3byLfB62i:d+qB8yrMPTUJxLhMteu62i
                                            MD5:961F47CDAE10E963783AF69E0049B1A1
                                            SHA1:AD8CA86A01DD9980A86F76AAE73474BDE635D582
                                            SHA-256:FBD3BDD4C39270629528E760DD922ADDF5566A40D790A591BEFD4D1BE0B9E9A0
                                            SHA-512:E74689DFCABF928737805262DBF7273164F2D7DDCD4F3F8578779BE436271731831A809DA3403C5717EF72DF123E18085D9C1D6DE9C4C017945B03D66BE028F7
                                            Malicious:false
                                            Preview:+.......M.#j.@_,u...DK...7}ecb.`.. .....Ua..+...^...d....!........m..Y.1Y....=..gU%....E0.h.A...O...]...yc.......:..+....w'==I&.nL..g..=.].c1.:.m.W...)....GT.'1.......D.j..4.D.b..@.a.hz`d..2.E.S..g..n........{..1.R......4..v.#..M.F.....f.4...*...X.4z.NI;c...DC...*aokw.g..6&....Oa..#...[....}....)........r..W.?@........fB"....W .q.F....P...P...ct.......7..<...n...9..2M?.....KvS.....W.....p*x......r...J.;...1..$S...4Q.1.]...{>.?.......+.O.eB...%q. ..&%4u}.i....D.S......pX.X..|.w..>.....k.......m..|..4:..L.=qb.qe..K...'.KTa'.!..g.Lw...Ac..?...n.b.n...C.}.F.O..|....:%~k..Z...^..2. .xS........!EC......y...4..:Q3.....D}S.....T.....t)x..k...v...H.;...(..$M..<K...B...|5./......2.K.j^...)r.!..>%3.o.c....V.D.......U.F..v.e..)..gm..`..+o..+.1s.t....WP.d..RQ.L.opV.8..K+..P.POW..Am..^..7_.H.7...........*...~..`.H.n.^.;.._w...&..& ...f...w........b..n.....h.....r..v..g....sI..).Y.....OUOb.l.......&m|G.e..s..x9...&.z......^.).p.W.=.i.A.z..#......Og.eN.y
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:dropped
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\ProgramData\B875.tmp
                                            File Type:Sun disk label '\376\023+\352\270\353(>\257?n\300.\013-\362\265\316ep\335\365]\376\024H\317%n\342G"z\207eKG\200L\\362\212\2315\016\265u\023\300E\233\271\023*OJd-}R\342\234\245\003\321r\343F0\024\234\273\337\334Ps\206\0346\246b\013,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81,\345s\367M73@^U\033\325\220C\260\223\360\214\371\314\025\37705\262{\262{\312#\267\333\332\224\272\376\363\277J\036\375\337\214k/81' 10134 rpm, 9016 phys cys, 8060 interleave, 28483 alt cyls, start cyl 521729529, 1068392679 blocks
                                            Category:modified
                                            Size (bytes):164249
                                            Entropy (8bit):7.997113007642146
                                            Encrypted:true
                                            SSDEEP:3072:oLHv9pRGFx2LPx9ULHv9pRGFx2LPx9ULHv9pRGU:o5vGeLPx9U5vGeLPx9U5vGU
                                            MD5:5F2436F6B136B0B40C8AEC982F0D9DD0
                                            SHA1:0980466982AEFA118170012CE90D271499DF4B00
                                            SHA-256:FB04783E3E913BE3FA618AFFE5EF90EA9E25C90631D6296BD50B428067B12F6B
                                            SHA-512:B71DE0029B574781D160C140DE6AC2CCDD72E357FFCC159F4FBAE13EBC393C0A4BE9B42CC390C116CA64CD1FBF0D1F5D59AA90D2B2D801D08E3D1C1C78CA2029
                                            Malicious:true
                                            Preview:..+..(>.?n...-..e...mZ....^.4p..]..H.%n.G"z.eKG.L\.5..u..E....*OJd-}R...r.F0.....Ps..6.b.,.s.M73@^U..C........05.{.{.#......J...k/81.h.*Hp..)SH.:m.J.....,....6.e>.E...B......e8...!..?..4....d.ur...R...}(.U.X...M....I.V.....pD9...)..\..C..C.Zg.,....U(}<+.z..@.WT..}X..c.O.x......&.k..:..,.m.h_8uJ.K4.u.s{M..O{.Y....].*.bT.u.......`....d..^A.....{...'..r8b..1:T......Q..a.}.+....k-YiN[.I]......9q......V.g.......6..`n..[$r.9...N,....t......9.)....7..'8#....5j|.l.Co.....eS_.....`.?...=^l...J...7.....k....oZ...q.+..1DYeSW."......|..y........@:.;r$r]F{$.]..A$.u.+...)?)....C...Zq%.......d.v....%..B..#}.G.j...b..]..^l.~..........v....>D...{...i../.zVd...O..X..o.AQ...q?.#Q.N2Z..........yF..H.h|x=(]...q.tA.\xQ.L,.$8Fd..>....Y.)Z..<...nM..\..K...5.^`wO...63E.O86.P.3~....|K.....]B...."^.%c........]I......D.t.{....X....!cf......i../T.32.A.7Q.k6P....\'.e...\^.J.$.-+...b.9 K..]Sd...:..S.}7K...+../GI..H~...,......{....4.5K..4..9.r.....%....z.jc..&..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:PDP-11 overlaid separate executable
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.846229389213196
                                            Encrypted:false
                                            SSDEEP:24:PlXUQvx0xD782kZtWK+ITcuRwwqzu8tHFqoSQei3BSufB62i:EO2kCETZbIu8J4oZeUou62i
                                            MD5:8F414F45D8536077FCF86951222FB097
                                            SHA1:4E914B61A8E867CD9C4E9A9D9D83BA58E5DDC69A
                                            SHA-256:37C807FEA3240F71D3D3C8CA8ECB9FAACB73AE87711AFEBEF7BFE480E3B8B0BA
                                            SHA-512:5199C0BF9510CB95E31A491BFFFFD87675693E739AB06EA6A348640087EBDBEFFA80624F8C8E604F3D595E79A16CC0403419C0EC4F574251B94BD6EC03B7E8C1
                                            Malicious:true
                                            Preview:..i=.. ....U...x.rl%H..$..U.."z.w2=. O..k.,..}I...F..W.I@"....9.J`..3.T....E.:5.=`..OX.=.$.@.DNl.s....G..K3..,..d.X..<....Bg...2...L.%.a.dN......UTg..t.1..._8.t....et....A.{Vt..?R.k.F..o.&.v.i#Oqt.RT.....A*%.6.X..H8F..<..Nk.9..`12.6.w7"..y.[.......e)..,....Y.....cg3X..:..B?.1~.b:!.8S..m. ..hX....[..@.PR=...5.M`..7.W....L.6>.=t..EI.*.2.N.]Ic.m....C..V;..-..}.]..+...."..,...;...5Iz....2E.w.........,b........n#....M."........\........B..uW...,..7.ss..q....8g...q<...s......8....69....^n4.p...z.PVO;8F.6.P.[%....w}(.!;j..0...B.......yF/+.?...y.2.8V...!..P.$.HY..z3..#.y...%..?.T.KA......&.C..0..9.z.....@...3..&...$....\u....5H.x....&....+`........o:....D. ........W........W..yO......!..|..{....1j...s3...i....3. ....3!....H`%.E.......k.$...C.m.......P..H....^.2+....@..{..PN}.B>..[....w.RS.:.%.7^P.dY......o..A$.(.f..KK.3;o..]..Y.....b..K...I.M......*...f.w.....G>.2..*...e....&.(vo.L..!.H........&i.jWh..L.......;S..q.F.(.....-.........
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.820012243180874
                                            Encrypted:false
                                            SSDEEP:24:LRQn9C0mWtCOW5jmdxI8HEyRZmAEfulY3fAFLdwpxBRL4V/RsqC2pfB62i:LRQ9sWwOW56dxRmul6Yd+pNL4VJz62i
                                            MD5:D2D1017F51526812B71D1226131BC4DA
                                            SHA1:2A4A116F460FAFC29B82E79C2AA32C36C19D7CBB
                                            SHA-256:E146E52D5F1BA9E52B17313306CF8639F5527C41543CF20EDB43DBAE7295B92B
                                            SHA-512:ACDC03BB0F7628A4D48B7B8F32161C15A1F9558342C0EBA65C77DBDB847EAEDAC8FAA9ACD3E561434285F325DB1294F9EF7BBE3E42F71EDD9D940F5C34B546EE
                                            Malicious:false
                                            Preview:..r...d.O.d..-]...C(..2......!>....j..q....;k.....z.lpd#*__,pZ<..qd.|....5C$.....?s.\R.}(r.0.T.............}...t..w.\'....;...]^.+...R...]C.&x.>.7..........,N....T.........g9@:....fn...Uz)k.....j....1=;.;....f....;.{?..A.4...wfJ&8e...h.....7....~...h.U.m...9W...U8..,....v.-+....v..w....4~.....g.~gz:8@@-t\'..vd.y....$K5.....?g.\X.~?g.1.T...........2`...o..|.H7.....qdWe...1..wZ.u&...=.../.G...#.1..(k....D..>s.r....w;..7....U:..I.C....%j.W.j...#...Vm..p..6...v..WS..P.4..Mk`...J.39c..y..=.........G.?DV...H._.*........%...1....9 .d8..;...4.D.}:......n...3n.. .R~1,...jo|.w.Q2Y...Sv...$.*..o$..N7:V.6v..W..2r.xh]y...?..wA.z*...:....&.Z...2.6..%.....V..'w.v....i ..7....E'..^.J....=v.@.w...5...Yg..q..;...t...DI..G.2..Umg...R..9}..w..C.....v...9TK.L..[2.....!S.....-........adv...\./R.irI.`....'.9...kX.`4jN.....x/.!?h.....HN.&$..........iX.@X...D`..0^0.J...K\....T.%.,._.~...........l..*6g...,..3........^..C.0...R.....H.....m......]?%r.....C...F.....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.861684983867979
                                            Encrypted:false
                                            SSDEEP:24:KZakjGkUVtJki5HA0vTIyBBp+cY6Hnsfj3k6CEoN2qMGtIR0TaifB62i:NO4HA7IIcxnwkVh2qM0VTay62i
                                            MD5:A5EA003F7CB3124CFAEA716CA1FBFDD5
                                            SHA1:CF79F584CF38FD480588750F402E853F2085FEA3
                                            SHA-256:1AE30C944566E32E35051C3900A3D3087F4165795D16F0C21248D723630DEF14
                                            SHA-512:1F5C035A12BFE4FF6301BCD8EF45B4338FE91DD7A3C9C5C9EC0BA3F6CDE7566CDF923106BB1DE8F19CF3891CF39A8951568AB33F772F0CC58EF0112426C84866
                                            Malicious:false
                                            Preview:a]2!....h....Z.?...1D.....<m.D..l0$=..s.9. ....3|.1.M....#.J.qX.."H.4....Dw..<...'..a......c..|.._.5.:I.....F)..".p...Fh..._{@Q"_.. ..2-.]c.E\..xWQ.6.Gy....aK^.G/....{nZX....'...,.YG..v.k...Z.}.(.)...C..|4..|h.....S}\.nh....`.._...N."._,Ms.....5Bh[>5....r....E.5...:R.....!z.M..`%,!..o. .'...."w.*.P....1.U.u^.."O.4....Wf..5...!..u.....b..s..P.+.9X....N)..9.i...V...l..9..i...p..U.cP...&.f.3=\jZ...4.1>.k..(.j9...l......1..uT....e.%TT.P.NfL.\......'.t ..P......wv.)N.S....%...C..u.]..^+...Ju...x....#.....;;..B..C.^Bre..P8......t..!d..j.$M.dBu.0#.x..L[.....,...C.}~.|4...3A.....Q;.;.>...5.s4>....V.Y..A._}..3.j...{..@.eU...).o..5F|K...9.3#.x..1.n$.'.n......!.<eI......"_X.L.YdQ.J........&.}-..S......mk.>L.N....)...^..{.Se..l..-)U./....t1..[..YBsA.o..o.|.e&(K..xJ.-uc/..k..Hk:.j..gMCS$]...$...kM..f...gs.|....:......_$..k.<dF?..^,.9..+...NL._..z..`i.K..%.P..F.U.+...ZWo0(.I..@..zXE:j...Z.o.....5..'2#..y..hlNjb.....?+...s.d..K.eB.|z.V..B.....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.835272632960941
                                            Encrypted:false
                                            SSDEEP:24:ML8zpeZjM/DcaCO/tIQxfhF+0ioMrKo2fB62i:lzQIvb/aQxfhtEKJ62i
                                            MD5:EC911FF0C75DC800EBA82D16A62F8AC8
                                            SHA1:39CF97A352F2CF46B0844B490F973941540A70D6
                                            SHA-256:F8E2AF21FE99C41BC927BF486F0F32371B8F9536EA9C4237BE54C99499718175
                                            SHA-512:CC3D71D79F3B7FC5E384A5EA846A49BF078022066003425D9267C02FED5BCA7031F32B584B97679EFA140A9AC52743927ABCDC9D5CD1121908FD16C16454D59F
                                            Malicious:false
                                            Preview:.|PM:..J~....U~...iT...[+T.%@).G..f.z...^...^E.N..)?.qX ..*}b...X:..8..T....E.\.>Mb........^.pz.....EHh!;.@].....AFGM.'.......5pB..<..!....Aw>.zXOA.h..$&.......9..R...:B.4m.2C.Wm.J....!..*.8w..K[:>F.Hf^...*..wdS......C.;..,.[0.GI.....@....'*....l-.8.h_F3..Dv....Pj...nT...I*V..C1.^..v.f...]...IS.L.. 0.w@$..<qr..._5.."..T....J.L.2De........._.kp.....HRj*?.RZ.....DGHU.;........Q.]T.#....(I$.....dq.x.67~..n.b..:.u.-0B.p...2QM....Y..P#D..QTSG...19...6*>..B...[xcY..."a.AP..Q........#*aZ-r>...JLi....B.nh...}.4............@....8.W..<....\.tm...l...b..+7.w ..z....{.q..Cf.a...=..X.! ..1.*.9c.y.%n@R.|.U...l..*.1...#..J.../.h..Z.CT.;....%W'.....th.h.*"n..n.i..8.t.))U.e...:UH....S..F-Q..LMGF...-1...'*&..F...F{mH...;z.KC..Y........ )b[7a....MP}....CDmP...6...6...4?h...|pl{!..,.-.."1... pm..!..5.]..t..(;]=f3+....`....%FS..b.J..Hx...M.[...fA.8w....QHc..p...q.0....).....2f..,..%.3........>..:.w.Fi..F.-../...Q..v....-z.Q.W_{HA..A..k..Z.XL.~.,"..O.Xl%.e...Y.LL>.."+.e...gC.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.830681600232267
                                            Encrypted:false
                                            SSDEEP:24:4Gj+FKfpOZIjXSLGLtayLu4Nugr+Yk5CCovdL3FpgWealRsIfB62i:4GjiKfpO20GLtNS4Egr+Yk5BCLVBealQ
                                            MD5:A6D2DD7E50A0148A4C7FAD41130A12A4
                                            SHA1:3D70674C96E2F578F034FFFEABF64F5C47754B74
                                            SHA-256:494342DE1A6FFB13C8E005F15CC068B4114E5A18B346E2E1A6D52F0F9FFE476A
                                            SHA-512:7902909000DDE73304E4733BC2A0CC758C827C96D642D3CBB44B96CD779C357831EB1F70652E6FAF618EC846B60CAD47A9DFF1D21329FA4789851BBEAF80FFD0
                                            Malicious:false
                                            Preview:.mWU........[...qJ.w.8.>.$[.>....G.N........V.#X..n.2N..%...4:.......,.j9.Ae....(.T.9H.C*..;F....`.P.ZW].......<^rUUv......Ymb.Yy...f..5..........=..[.."...|n..a.;.....er<...e8_...i..|NR.0\.y......)...|t.....)..B..........v.vg...o..I..'E.0w.P.Y.iQQ........]...aS.o.3.:.(H.7....Z.P........F.<M..t. N../...20.......0.{$.Ty....%..J.:W.L)..'V....i.N.VYD....... CuMKl....?...7....2o...M.;`..l.5....."..A/Q../.$d.V...H$j..6_.M...O....Q.#..3tA...*.'f...GeR./../]..........J.m......y..?.."....<.%.d....;2lt..Y.69R..rTn3e`O.B.<...-.L.B;.|.S.N._a...7.g...PCp....ys.D..:Y.{9.}vDzq..K3.=..9kL).....(...V'.!..+....:...$....#q...C.;x..t.+....!.zA*K..<.2r.Q..S,m..'G.T...N....C.&..!fY....-.3l...MaF.6..<H..}.......R.e......e..(..LmkA..b.uP..n+.\.<.W7...P._..t..[.}y.5Ky.".r...|N.>i.Y.:Xn.ph=-./.vc.Q.Fy...C..]<....d...X.pf).0J.==k.).8....n...Nm..n$.....5........K.*adq.....;..[.L4..g...G....=..l.7..zML.7.\.1....>.1.3 .....u.jL|..S,.;.2'[)L...t..v.^l..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.852409284185754
                                            Encrypted:false
                                            SSDEEP:24:V8anG3c6PTRu8pjXxPNo0HerBkCpa/4darqaH/xUe1/k7q4wVr6fB62i:WDTpUrVdarLH/PK7q4Y662i
                                            MD5:03B13601BA1E51D324015F108C425446
                                            SHA1:704C5A2C8F6897EFA8FC1C04F4C5F1CB7A9677C7
                                            SHA-256:97914B79FB522A677B3DEB40ABE00483FC2444AE8331BA62594660A2E4250793
                                            SHA-512:39F0EC2C71423EA71C2699D26BDA73CDA2314A910975792018DEE80C7112CE843A4983A74239ADBA9306246695FB11EE93FAE70E7D0D90996BF87446EBD83907
                                            Malicious:false
                                            Preview:.S..f...;y.....$b.x...Tc.*.F}I....;._....\..I.....g7....@...q......).....j....Sp..O..8...mU|.....PeH..R.......I..r..f.^D2.Z...=.M..]."...dw..)^.F.;.....rQ.w....5|K... :.?.A.U..nLCx.Vh.%.W..2K..b*[.O........h_.i.../7....#..D..b....J...i:-.0.E....!..N..p....t.....6k.w...T|./.F._..(.Z....B..G.....{=.....]...i.p....../.....s...Pq..M......zWq.....CpD..O.......C.....r.\V!.4f.q.... .jQ..R..L.t9=.../".cY.:..{..&.|..a.mz.%.../...,....h..6...K.:.j.N..D....>...C..A.de19.\..:.2C......~.k.{s1..[....Vb..O..D..)~):.`.u...U....;.X.Gt..!..'.z....N?v.2.1~:.Ge..\......,.|.\|..N.6P.v..V_3.l.....E};}..q...l.q..!1.k...."8l.(n.i......tY.xR..R.o>=....6.uZ.6..x..+.|..a.gq.).......5....n.6...H.*.a.H..S....(...J..Y.pd3/.Z..'.3D......y.i.oa'..K..(.....k..."#.&.6..>G.r.Sb....J......uY...O...[...9......H!r....S.i....V..).3.;..$.T..yGb.....h.....{..%.-w%.y:.lO../.?...3d.b..]5....?..U..h,wyD.o...V.v.c?.z.....G.>wa.%:HK.iI.g.Z.._..GWK....._...N=.m.T.8......._.v...9..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.844455991139867
                                            Encrypted:false
                                            SSDEEP:24:h+8dlaBTCusfihfiR2oQihdoXmVGxhEDAN+PU7TOkfB62i:A8dlaBGusyfZoQi3o7HNQUXOE62i
                                            MD5:C150F6A200B691BD25DD24C4094DE471
                                            SHA1:2101BDBCEA4C36D6EE80B7F9FB61823ED4491F66
                                            SHA-256:88FAC404E6058306394568B33914BE56D31835F066D216C0088FA819144AC1AF
                                            SHA-512:85C018A4CE85314EC492EA2774C6CC7F35140433C7A43B957D5E53EAFEE9CD25F31C6782022F1E094AABEEE4BB0E75ADEF0C307EFEB37A1842138F49F3828B9C
                                            Malicious:false
                                            Preview:...w..S.Er.Cn.fX....<..7.B.b....}.....N...:.!X_..+_.E..?......n.E}..gC.e.."......4.zk.....4.*..F..(.M.E....AW.F.]..=.,u.?\../~."....+.0\...[.G.wi..).../.F..}...a.\.xO.z...`...lT..P.d`.n.J.{.95.Hkg.*.]%.Y..Cx........z.A.?..6w`06..K4z.........c..Q.Ep.\i..X....+..4.B.|....a....Y...4..S@..4O.H.;<......n.Cm..vL.l..;.......=.k{.....#.,..A..:.X.K...TT.S.M..;........[2.(.7..^...<..3.`.j.._.......e.xT.F.......{......5....n...6"...........#...E.......<..:b...e.z:.D.....d./s.O..'...[......1.KhY.l6].^......f`eiP...........).\.C.......M...eD(.......z..'...R...u.....`^..{....M...+..o3M.v.....F.JuL...........]1.,.0..C.f.7..".w.p8.P.......{.zO.H.......g............h...$............. ...B.(.....*.,m...n.t=.K.....b.<|.^.3.(.m.t._.IRWy..]..\L..C.x..0NL#..!&]?F......KB..5gpIdYW$.kwH.*!K...?....6....T; ..fp.....5.[...of..0lT6....u).....t.0. .vA...G..Q.5..<.g.1.P`.D].....j^.,-.N5z...x.2....c/?.......k@.730z,Ar.R.qo..-BO.....YU0.a.M..).Kow.-..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.84075629782383
                                            Encrypted:false
                                            SSDEEP:24:5pX08S+QenEmMXQPV3LwMgv15xhDGTB654bHSDv7bJvjlfB62i:Dq+QCPk5xhgguH+7n62i
                                            MD5:B197E5D66FF08BB8B4D33222082BD1EE
                                            SHA1:8253E429D9267A784D6481EA628A3BF7F8C3F32D
                                            SHA-256:0B350D6FEB8BBCEA815B3E05626E585FAD416EE2120BD36F1ED1076F0621C280
                                            SHA-512:0E1707E64CB081ACE49792DA01D0001EC72C8691168983DD70F23B5CBF887253FE88499540B6E34B4B06A74E259C5DEA94911128EC261F3C536EF766996C9688
                                            Malicious:false
                                            Preview:.G..EV%......G;.M..Z.5..^...MP.tx.L8.....(.^V8....;;E._=\R.\"p.O...4..;i.....}AzbE.1.."..,.SnTv.)..1s..I!.g\.B..M.X.....F.d@.#N.[.D.j.P.M..A.m(x..E..3..Oa`....(h$.^.g*`.v...%.:.^.0O..n.f.j5l......{.......{.9.0.i...w2.N.....M.Y.a....h........hP.r...X..QT+......N<.S..].&..W...GO.ot.W".....+.EA!...."+^.Q.[_.P3r.J...(..9h.....zOtvK.0..=.. .OpIe.4..0r..^9.pU.G..O.B.....[.v.W..t..M.".+..S..-x..@.%.[.*&.;......g.M..\Y71.....<..^.../8b..5 x8..]..z..........Va'.0."'....#...(..(..PS&C5Cv-.#2.l.Q.c.f.2.."D.k.".b....R/L.............we./..o.G<..F.....,.....s...Sb<.Gm`./).....r|..........s.*.j.NT..t."#.........B.UV..=.7.H..i..U.).0..J..,s..B.8.N. 0.;......m.Q..LX21.....2..E.t.9?r..65m!..J..z..........Aj..4.:1....0...$..:..PU:L$R{%.09.`.B.w.a.a{'l...CX.A..L3.@....i...9....v...N...Q...Z..X4.'..Sj.*....+.S....^nQ.%`.I..p..\".GA....b.e."JO.....J..OA..d.Gl..s.c.w.o.~c.sx...@(z.CR..G..5d..WiNC...f2(..6..r..........l~`.\..6.{....\..N.Y.$.[.4....(=..s[k?/..n.k.....d
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.858188787608057
                                            Encrypted:false
                                            SSDEEP:24:NJLoFFQL0ymSeO5oehDaFs5dcRo3vCR72q6s+UlASB5lQUoInOHnlC9FYW7UZmfW:NJocLjvVaFQcRo36V2q6XUl/TQUP+nlx
                                            MD5:8BFE736ABDFB10B1F1647A6692F55270
                                            SHA1:F54B2769A64373C869655D4D7751A688AF8B6849
                                            SHA-256:1A43D3E4619C3236951E9AF41DCBEEB6393981E85058892C5B58BA1C05AE88E6
                                            SHA-512:F61564617128978FA6F81A5A6677448EBB8FC87C99A50CFBEF7485A72C8D270BAEF332593B51E2D812348E0B12EA22567B022A2DE82DB25C67870791FCC0FCF1
                                            Malicious:false
                                            Preview:9W...FA...$.~...#4.].j(t4...%.DX{.!....+.....\3... .Cq.Y.A.._.&.7.F........X.fE\...n;.kxI.../.d;[6...e.z....r..b......H..$.z..j.B.I.fZl0R.s....._...h..<.V.y....Bs.....S.....5... ......\.J....2N..73\$..y.Q.A...k....w..b.!5.9.s..c.. ...op=.q.).u.6A...HA...%.i...6#.[.e$q....+.LWc.:....&....._0...".Lv.F.^..Y.5.3.W........T.zZO..`,.qhC...,.b:E....g.v....h..v......G..+.D.M.....G..\......_.!..3...yrM.. \93t...i..r...4}........3.z..6}{s.kNK!.J....mx.;>.........3....4.J|..c.H.<.k......a..<...9.1.Lk..@.{..4&.QM.J*..r^.S..(.h....i.]...vRLvB..k...PJ.'..zl.0....P/.x...p.xz.'.HT....Q2n...C..`.s....z.y.|=..@EO0mV...>P.G.R.....D..V......_.<..<...xeK..0E60j...}..b...)y........,.x..7v.y.tSR?.B....mp.9$.........(....".X~....X.1.f......d..;...6..dX.cV\..."..b.S@nG.c..Z.P..J..as..n..F....h.3S....d...&.u=....B.....)..a2...P.)v_'...bQ...M!,.}...`.a.......q.\.l.....:h}.Y.. ..M.....y....gL...}.....v.$J...Eb..q.j.g........7.b...Q..~._5x...../..6F........?..I.B...y.....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.831838744852249
                                            Encrypted:false
                                            SSDEEP:24:OYa0uieiGtScMzBHX57NiSuHJgPydTbRsXaM8zTfB62i:G18cM95hiSupc8fdB62i
                                            MD5:433088101927EBCFC4A8F918DCBDBD28
                                            SHA1:C7796B38915C6442924EA0E702797EC0B1C8390C
                                            SHA-256:818E9EFE26C57EF1D71482BBCF1AFCD72E656844E77B7FAA8E3CBA0EE4291441
                                            SHA-512:3355FDF32158AA1557C4A8E7D3459E66B84778C36B41EB065B503776384410439939FD11BCC63630F8A0192E0BA00FAF77FC6FDC215F39635CC3198F5FE9DB0B
                                            Malicious:false
                                            Preview:L1.F.....2.$>-..Et....\t.u.....Sw...s#..uj.In&ja.p..?..N.\...t.....n ..=.%..3cy+...V......k..~.M....bjm.\.{.Zr..BFq<.g.t$u....1o.J>k....1...C...I$;O.......8.'.-..XM.PdXI..A$4GL..m$...7.;.x,./..........c.....d.8...~.y\......h3.%..H..UkCyHC..)' .nC,C'.].....7.&):..Pc....Pq.x.....\o...d1..fp.Uw'ib.h..:..M.R..s.....a/..$.:.9oy:...N......a..m.Y....bwa.Y.j.Ou..IR{).u.v+...q.(...q....(.;X:b.[G......`2.ALEDI..?WD....O.D&..#7..%Y..C...o....@.7.z...D.U..G...........T...s...?._....hzL...S.....p....>03......dI7Z..x6}.VpXuT..b"..y.....ytl..].p.....T.N...Y.4..@q.Z.6u.N.M)-.IF.2.3.0F.cJ...j@.i\S..H..^/..[..i.g.7.`.g.+...t....#.?L%a.RK......o3.]MRBA..&XG....^.M4..'?...-L..L...d....].).r...\.U..E..........^....d...*.J....|vS...C........<._...w.D...F.D.{Tr..T..S..1.<Jl..o...e......>.=...G.V..f..7.*....q._......7...9...r....r.i.r..k.S.......&.5....m...ryM..2..H.....1..EF..7/.B.0j......b.E]..<.....i.b.....z.M.....y'c.... fFO...d..."...n....|...........
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.861808293077391
                                            Encrypted:false
                                            SSDEEP:24:cTrGNSVn+BZHhwLjI8/Ph7UC8xdaUbX8BGgg7UGXjfB62i:+GI8ZiZ/pUC8xfwlgwol62i
                                            MD5:E038DE4E8F1E0BD4040538BE4EAF8E9A
                                            SHA1:21AED27577E9A97B64BA04882B7153D9A42FEB86
                                            SHA-256:9627ABB64B944C3A6579F287DB8EF37E2D4F74370C7D8DEB3F36180BF6EF7EF5
                                            SHA-512:97B628DDE185AB91C2A44F688B00EC18A3B115A63693719239DDB54A8E9B1394F032F4EDD4359C4A9C4C650FB53644355286D3CED12E6F65CAB5A092795AE9A6
                                            Malicious:false
                                            Preview:......&c..U.Xfo..S....E.b[..^.:=.-..... U.....]O.=j..y..x.:.jq%}/..d.3.t<h...2...V1.........4...{.?......+&..L..N.K...2....)...Pk}.].%./.p%.rh+.g..M.kq.:r. ....<_...........=.L.Hy90|...............E}../K..*.x.oig......)...}:..s...m../\.....l.r.8.......&m..T.Oqh..D....I.xV..P.22.+.....-F......PW.?o..z..g.;.mb%y,..k.1.c#p...2...E).........?...}.!......'7..K..B._...=.....'.\ILn6-...6....M.;.d.(.c....{m.y.......i.=xE.6..wg.V.. ..eoYu..&Q,y|.....s./.B.M...s../.......8o.`...A.n=b..J...e.s.BC.kY.A....T{f..yg.7.C..E9-c.+..F...#..r."..u..IG......4....*..F.....v/.dFB4..8.y.P[...%..Z6.*..@c`.'.[.].wP.;./?w.?..q..l.$.".._RSm!(...5...R.>.h.(.~.h..gl.........w.#lS?&...jc.O..(..byFz..;P'}v......{.0.Z.M...i..-.......3s.v...\.r(r..K...i.|.GS.lS.Z...a+..)..."g....x.LL...=V...WA.....R.oL.kF.S.z..1&.M..Kr...0.N...L.x~d....'U.G......&H.\...<.~..?..._.a...X.5.BP.u............ad{P.....*HGF....Y..J~......V.d,..~..U}..7$.....G..@R...J.c...Z....=...h........z....U..Q..f}....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.834617210909655
                                            Encrypted:false
                                            SSDEEP:24:ext0PurI5lDTnNYCaVWrs886LUZD9kRKrYGVuJGOvbfB62i:erfrgZmA4mLUZqKxgJZ62i
                                            MD5:803AD903FBA5C564DB0438B9AF48CD81
                                            SHA1:1F7BD7E2D9724C63046E33325F6ADADF3AE6D0AD
                                            SHA-256:297A11FC65DE9CD84865A6A175EFB0ABFCA24BCA6B4AC275A6504CF030563495
                                            SHA-512:E64F7ECEA9DAB5571A3D4BD5FA854C78D6C0A2A128E1632D642EB5F35570E4DE898D20D447FFCB11ACEA6227AD999C3AA6B64D39EBDFE172E842FA5F2A56229D
                                            Malicious:false
                                            Preview:w<pT.Fan0X...`ls0...a.2>b..6.v......^..v38.S..P.J...X;8.L.nL.....8...IN.....s..Y.^.K&.oV..q...../.W...}.q.g.0.G....u....P......aw..7...N5.....2.k.......O.1;.....W.O....RG..Jt..i.*n'U.._.-py....9jowN..P..K.&..yX....y.=:".3.{......A.>...K.n.....yt'fB.Slq*T...|wh;...x.<:e..?vn....V..s(*.L..C.E...D*).R.fV....."....OT........R.U.H<.hP..i...(.4.]...n.q.e.2.A....s..M....Q.....nCr....R..3'..$r...|..G.O8....^............c..e....Uk~.qG....U].oa.j...........M..{|............/../|..~.t.Gz.....g...].T%p..l.@.........4....Z!....V...e.u..G.......&..9..qU~.]u".%..E....Q...........d..u.&.J./..@..Vy.R.dk..s......._....hPq....O..:5..7|...u..D.H-....P..........k..r....Szo..Y....AH.kd.a...........I..zl..........?..(q..p.m.Hv.....p"F......T..."..$.=LG.s.gUU....k.N.[/d.K..s..pOi.....-%.......z]..(.]...E......e..n_=..vD4Sl.}.P.vK..Y...>.j.v....v.F.F ?1e.C...S...(p._....6...;.).'..W>.8.[8......8.....;....).../.s...U....sLG..n.D..T.=..r.1j.e."`..2
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.829864478406157
                                            Encrypted:false
                                            SSDEEP:24:suKc8strPQ/O6xS12HtxsdxyVJOSqR9vLqKsfVC2Kj7a8Vfjaf+bVIEEAl/4fB6b:suT8yoW6xS12NxsOeLbL9MCVV7rbVIEb
                                            MD5:F3AD73EA1D7B9102C35106E9576FFC8B
                                            SHA1:DB79B6EA687E2D493D79E1B3CCC746ED960270CC
                                            SHA-256:A345AFBE3EC9677E4109E77B8B316911BF5FC24A243AAFDE2671849A81E825AC
                                            SHA-512:C2049CB32EF0A502BED672D55767B01FA3A5660BBA397E77002A8F5A58CD8A3AC86A2EC6E7041C8508AADDA1A1297F87ABC9F3B69A901FB73C794D94C6A619E5
                                            Malicious:false
                                            Preview:.....@._>...7m>...F:K..A..D...`.!.].........+.M.<...i....c..!.@4...<|:...n........4...l.g.:.`A?...fl...H.pSZs...V.....RI.Hcz.~.?O.I.e.C....l[.{.^...g..As.....c%.9...._.0+..........m=.%:.....:Y..a..'....,.Y.."z9.......u./dV..e.O..T.....`%LgM.....V.M1...$e3...W>Y..P..]...f. .\.........#.X.=...a.......<.Q3...!e)...p........6...x.d.&.rC:..ug..._.aA[`...[....ML..Q...Z.,.\.r.{-...cQ}...~'=.sv-...U...8..*.....$<.u.0...m..K./..C.L.{.......6*.}..4m..6...(.{...\......l=.W.4m.x.kw..,....#..aEy!(.Q..L..#.B=z..J..yPQ..5-..+.m...{.b.v...>`GM.M.@ql..........|....]..5.+.g<.\..d.1......a-..._./B`...]9.\..Y...F...P.2.U.v.n'...r_e...c2+.~`*...A...>..$.....89.x.>...x..O.3..V.J.z..}....+(.}..3m..)..."..f..._......s3.K.,y.l.{o..)...0...z@.^.^.j3T......._R.._#B.b..Mz......v..uc,-..u.b.@g...2q.S..'..<VKh4.cs2...~Y.6lz'X.n..|..<y:..%9&e.,.A...a5..m....*r.I....Y`.^.....2B.o.k..Y.B..HK.lj.I....}#.'UZ.r..~..jYk..r..R Xh.e%#|...Y.^k...SS.%..h.u..q.S."$DcjI.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.86818141124979
                                            Encrypted:false
                                            SSDEEP:24:UVXYnEVgR27rlktDNYXWB6MBc4XuFQJLMk8pnlyKH+r7plfB62i:QXtVg+yRTiQJLsly2+F62i
                                            MD5:848A7CB1EB4295782DCD7E10935A1514
                                            SHA1:EBED9504EE82347BAAEA5F229AD5E3941E052996
                                            SHA-256:18E19246435B16236233A9CE7F9CAA0E65462CE6908A6E830001E57F49ACE8D1
                                            SHA-512:F420ACE7655653859EAB9E27B15B3E2ED6A1CA4818FB3CA26CCA54C84AF410B69B46407682926498610D0D33365FB25EEEF65E94C99100BF6A000D332854ED37
                                            Malicious:false
                                            Preview:v.5..*d...c!,..0I.G.-...|^.;.L.(g..?n.?.r|.....<....T..B.......m,a...g.:....v?...n.H@e.1.o5.V...J.4)4...]}Y,....K.....3...n:c|]{..+ d......R?Z.=.8.h...h...=.l.3>N9...........hh..S..a.Q;.....HC:..I.u.t.G...y%.T.X.CU..93&.?G`. $1.f}..!...u.>..G_.......hm....?{w..n"(..9P.M......S.8.C."u..6a.2.pw.....7....D..V.}.....x*....g.<....v+...l.IEk.4.{0.U...O.,(7..FbQ/..1.^....."...w.vk.s.e~|d..1B.uf_.B-Se-......+..1"1.d.q.O....-..N....V.sE..X"|.2@.....`J../G....G..9O...."....8...p..'4..0......9b.p...8F.T...7..M0w;_..._...y}...D..\A}7Q~.~`.A.e...#..d.Y.d.XU..R.,.g...Q.aw-....vde&.Qsq..p....'+...Vl......g......s.dIT.D.T@.0e..{.grl|..1^.eqC._9[|.......?.. 35.n.~.Z....)..I....H.vE..F3q. P.....cA.."^....^..?U....(......9...d..::..:......5t.b...*O.P..ReW..|..U:&..>..u...((.......m}...IcS....(S V...k(...X......;..M.cn.J.3..\..T......VP..[e.(X.]......................3.k[..>..`.. .&87...HI.z...>..'|1.....Y......Q.[>.4N..vCh..,'R...ax.j/..P....o.;...FA....C...u.\B....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.851683342863796
                                            Encrypted:false
                                            SSDEEP:24:1Tx+dvCaP/n4pCSFGHFVEXbe/b1xErWHNEhHF1wRvV4LMoYkzaofB62i:1E6GFyXAbn2zhl1wRvV49p62i
                                            MD5:16B12A98DB7B91D131940AECBB999B0A
                                            SHA1:7EF9D0303FD850C6E28CE5774CF1EDBD058407D8
                                            SHA-256:5E91203C3A986CDCB1A0DF49E132EC609750A2072D6868A1AC0FC62574D2A6DA
                                            SHA-512:117212022961945756C9E5EF5B0F2B632F427B4B4DA6A2528D18E8E6FCA8467D61067AA61FAB667BB620A2B8FD8B05067FA6972AD4CAC3041A633BABBF7538A7
                                            Malicious:false
                                            Preview:..w...%....#.zC.s....(x..N.q.5......4.../N..N........H.+.....I.Z..h#.......8..|%..EG....g... g..F.J|k...=T...B9.<..@/.&>0.;t./pzrP.......G.B..U....t.....v.vO,&....i....Rp....r....F...$.e.#M|.....Z3Q..e...<0....B..#U.Mz..!W.T...d..i.;,.(3..S...t... ..j.:.oY.a...7y..G.u.7......;...%O..@........N.2.....^.Y:.y%.}....7:..h&..CE....j...-w..E.Yig...<\...N5.<9.[%.$<".z.2..I..:>..G...zq...w.r..H?..Es.w...[.....k;]....pu5.....l.g..j....v...>.[Bf.K#@.C..?......<..&0.1.e.b....W..]........!..NM.............P.:..T.>.z.....=..6...SuA./)0AI.Z../.]....N...&C..R.j+.. R..:..8G.H................T.S.4.b........U...cjd.:..W.00..Y...zm..l.i..I+..F~.q...V.....b1V....dt=.....d....z....f...:.HWa$]=G.J..#......+..?-.?.b.g....P..X.........W............{.....^r...d..>.x.7G.b`....{.q...o$....-..(...I...&.%..Z....j;..m.'>..s".........,....\I.`_.E.`|.....bVA....K......6]9?h__........'.k....z..1f....W..{..YS...V4..#V....+|......P^.......b.Y.... :.............."
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.843155905903744
                                            Encrypted:false
                                            SSDEEP:24:NjjmUM3+jFE5oesigv9zelBca21T8xPrJ4EnMbghHGLkT4wfB62i:Njj2+KehvelBZoOeEqgh6af62i
                                            MD5:F96360ECA5B5AB3E00EF869D075D2542
                                            SHA1:DA2D3945780CCC4446F8A334572B308400BE937C
                                            SHA-256:53A40ED7641F0131A670BD7A2366D71D190F7AAAC6D5784EA8EBD669CF96537F
                                            SHA-512:DA322723826959B37D09B6940C556A7DD184161F4E6B2649B3F2B49761886CBB797769E8E896D7113E6DA842BF816B4C2214C8F5F60755A8CC5A9CE005C416C9
                                            Malicious:false
                                            Preview:.H-...^....b.K........,._2....k.5N.H....Lav.......].../..J...(......j.......Lg".?#.X+S..j./...%m.....*x.C..V:.{.WL.<.!St......uJ)......'.P.X&...fE,.....&.R/06..|hw.e.5..3.U........h.._;....n.._m.vf/....:.j.".t.v...8t.'.>..D+...z....|..#]4..G6...\....m.L......../..\8....}.(^.A....Rba.......B...?.._.n........r.......U}?.=#.W5H..z.'...2s.....8p.R..H#.x.BL.=.. hm.....w.d.."'.*..O..'..kR.....n..pM..;..*8g.^$q.>.....[.*&m;8.....g..(I.U.*t.."..(..`.s...T..@\.Av....F........d.].82r.....8s.....'.._0...Q....&.7D...m&.f&t....'..|..y.2.T.O...!......4.XT}.>...3....zv[.g.\k..........Gx..2...o.......Xob.....q.`...&.3..Z..7..qD.....i..vS..5..#.m.O8g.+....O..>b==.....u..2X.W.+x..!.. ..f.h...B..O\.[v....R........k.L.+&m..bt.m.L..Y..J.a....+..?M'..Y1u.c%>..ed5"L..o.._2.....0s.IG....nBc.......J.q}....M.9..(...B.....a..{..........o....Gogh.Y.m1..&.m.K..L...0....X_._'...y....D.:.#.U#.~m~.S..d7....X(9..."..3J.O.vf..P0.~.0%$[....%>.6}{
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.857305993897124
                                            Encrypted:false
                                            SSDEEP:24:i9OXEpjlP/O5/aHZQy1RSizFVpHDLYXKLS7Rqj/A2d8ebWHvifucRFANfB62i:iQXGJ/OsHZQy+iBHDLY6W7Eb1d8ebiKN
                                            MD5:CDC8036226AEA284E664C8389BA0B144
                                            SHA1:96792127932A5B59EC29D5BD41700A2952C88996
                                            SHA-256:C72946E0188D0CC9777104CD66F08A1C6577658BA48943F2866DC33EC6901E4A
                                            SHA-512:7F6FF490CFC5A10485612D21493C833310C0D1032241C1404DE6AD5E31C41941ED86F826015F3A12688DB2E5B09A8DE6D405D30173000B28F6F275605EF20B4C
                                            Malicious:false
                                            Preview:.~....s......x..#.....fU2...:....}...E..,f.\.,.3...<.N.zK...~y.uP[.9q....c.g.$x.Fp .....\..yd...d.]0.d...F.Y|.Ue.....[%<Y...W6...U....w..+6-.......C'.....L...?X....2W-..... .C.0.LP.p.b#{.&O.B...?x.=.AV.|Q......4=w5.q,..Cm(..\;..!..9...N.j....}......l..:.....gW4...#....t...N...:b.E.%.(...6.X.j[...ql.o@\.6h....o.h.2b.S|%....S...li.}.`.O7.n...C.Vd.Ij....C..8......X../.`..cO....Y....... 8..o...66.H..Zz.~.G.".kp..Rc'.....g.........J=.p..........L?fk../.L3....`Vn7X..!.jr.%.&......1YR.(2s.\.h.z'.^.A.V.j5y.|.....S.!.l......Rf.......c..........df.........>..B#n4Pb...6;.ea...%..'.......t`....rmd...$......P..8.~..eB....@.......*8.ti...7 .Q...Vx.v.B.?.sz....Gn&.....s.......R$.n..........._0rc..(.N.....aL}'B..&.~l.$.'.Nx.".<e,..]q@.Mi.dE.v..7j;...9h.=.....;h..~.b...T*.7.;.|;..L{$`.......y@... ..c......y.f.9.....d..s.....!...LsY.C..\a`.D....W.p.w...;...x..?.U...\&<.....H.I....l5.. %.g-..G.._R..s.........t.4...Y.#G.V.j..PM....w.[..}..| *e[[.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.82660910941621
                                            Encrypted:false
                                            SSDEEP:24:PJ4cL+cVRp3K4bftikuWZNlAtedzurIt+NrNrXNpRUlfB62i:h4yRRp3KqldsEzSItINrXNpOn62i
                                            MD5:F63848095DA0814A8D03F5FBEB26A9E9
                                            SHA1:5EE92753F531944F04AA9323FA4E1F533EDEB9C1
                                            SHA-256:A2C993DBED2FF9EEDEF4A95C0BEE6E797B6BF37C2831BE717DA7C2F4A00601F2
                                            SHA-512:1B210D7AFF4E29DE02E47FD9110BE47EE1EED5E3F94335EFAB61A522226FC81F899C476621A0F1C426A2CAD7DE898E67C70706411455B8F7233B355CECA17462
                                            Malicious:false
                                            Preview:....`..}...H.9k..4w...1=z.....`@p..+V ....G..2..E@*Y....6y.....es.Er.."R..yy..z&....-..X/..=D!N/.@.f.@..u.*.I5..E.W....>...|H.E..d.N.<..f.X.qnZ...K....h."f.k.X.2.+.5K?GbH.C......Leu._.F.P.......G...e|.I.G.o.\-....W.q#.o|.n....L.&.0..b.W....\{........b..`..H.:b..;s....*k....iU{..<U/....C../..EI2]....)h.....ui.Cj..)R..wy..f:....#..Z<..-G+P(.C.z.W..o. ..L'..U.B....=..WW....N...#...K.....v.$.UGU.e2Z......b..^g<jUV..a...?........l...\..|i....i.?.GY.... ..y|...u8.H....=3....K.z..6@'...u.......*..(......HUq.i...^..L..V."...+OO..-.a.=...|e.\...&?...;...c?y.gC.A.l.........M.Q........zXf....G..E.....FO..'.......l;v.W]....^...:...E..r.f.*.DAD.h,E.9....k..No>wNI..`...,........q...K..k.....x.".NM...."..y{...k:.W....72....^.y..'K$...y........c.IO...=.D...W.....:d....$.j....[b....E...N).....y.zZ..,a....Q.....C..M....V.wV..j..W...H.N-..@......X.P...............Z..c.p......RP...Svj..FE....YD.....!...._..ANXvh.....5mJ`PA...,.Q.@..\......}.......v.....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.850853320331403
                                            Encrypted:false
                                            SSDEEP:24:0QG+uKt9DLSolaTOuHLYd2i3wcc5CS7o9U2LGI56BTBb3+GjJRJC8fB62i:0OxnlaTlspwV5CMr2SI56BTdOwJr762i
                                            MD5:3129B990422F02134E9B8262C5B2E8AA
                                            SHA1:9D99BA064D90CEF9381B8EF1955AA0A8BAA528A4
                                            SHA-256:F0F7CA324A54308EF3154F3DC83B4FCCBA044A0B250A20F2DC9553F60A7851B1
                                            SHA-512:9AC902B4389CE79B75D97EDA58E1AD180B62964D0EAD4033F9AE3BF28ACDB4332246442353D443E657A15B81520CA4EF85F7A03B13BC40010EF326C892411967
                                            Malicious:false
                                            Preview:k.>...5.....#^.J...:...O.;.#.O..+-#...6..lc.....<..6...j...IQ,..A.:)>.O.G.%..o.,!o.@.'\...N.AN...'.[...!.[!.....'U..|......I./.....9...+."...w.....Ft.........U...1./F.^...l..B.B.....3.......Y.......>x.V.\.=<Q..m..O.0....fi^..|....R..cV.g,'..h.(....*.....?E.A#..#...H.#.*.H..>>,...2..~n....3..=...{...SR,..M.9.<.I.Q.%...j.'"d.C.&[...V.DN...#.T...!.Y .......*Y..k..a.....w/o....S........S.|..%-N. $..v.M?=...tYd...1YC7.... K.........;....h..T..........B_..z..X..._~'........~.`.,.........~....<.K...\A...WAK.{.a.J....B..h....}".;.f..x.Y..q..M....k...p.g.q..o.a(..P...V0g...Am..[H..B~P..D...,^r..p......_qh.....q<l....X........D.u..&.I.=5..x.U*2...y[x...4MT>....1Z.........;....h..]..........[G..u..Y...No ......g.o..,......$b.J.6.m....s.5X&.J.F....U............k./.R.._..J.V......U.-...O.(..3....;m....[......m8.......3Q?Y../...X*..._U|~....U.qGe.U.....F..c.o.5l...}.\.u...?..,.k..o.F.T..J...d.|..8SUiwR...ZGT'i .....N...s..'1t.e..l...:U..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.839085109308014
                                            Encrypted:false
                                            SSDEEP:24:jSDNOcvIN1/ydGttfsCVQdQqDzBIrDEo0JVJDNtEfB62i:j6OcQN1/HfR6QqpKDE7d7k62i
                                            MD5:DC141F8D99BAE65E74D1F4A98375D2D2
                                            SHA1:6C9B5E48A6A4258D77215635F854C4597ABAF93B
                                            SHA-256:37DB5F215430FA05D2E9FCB25717B94FFBEFFFCB8F3AF16BFBFA6F77DFA802F6
                                            SHA-512:03D281BC9E65281D6E199F78C5BD851BE8B9687BD716A805966BCD55C7A024B8C17CA89393469DF106C2BA96F94C22FA7FA97B865B03CB505681F3A1C61569E4
                                            Malicious:false
                                            Preview:.4)....... N..G..s...=....C.F.E.M.}....f$*.....RI~.!.]./T.Fe..).VliZ....".jg.7..US..........2..N......2.!.,...._..#!_.09...A.+...g&.d..^...."f.[....3...r.k...}..^.[.%..pZ4s..C.."^.........u......b.....{.O.w....o...(M ...&..4...{...n!".s.EK..a./?....`..6B..\..y...3....J.^.\.X.r....c?8.....^Fp.6.L.>J.N...'.ZpsY....=.qm.2..VX...........4..J......). .0....O..>6\.K|.U...+..!$}.(LF7K..p.)....L".~vn..V..;........`;....^%.....].....!.#......R..u....R..(.,........T.*.+...-.....CMIif..\...)..ez..P...~=.T.,.=..N..f..+....H...<.@.B.-.......+$.X(.4.cE.?. .m.>..c.R|=e..<......7..P....biq.Q..K..C=.1R.,.o..f...Ej.M...8..=5s.#GA>Y..c."....N!.ycs..B..#........h>......X4...F.....!.&......G..}....T..).#........H.9.&...?.....F^W~.wR.g.7.....(s.g.`B........A.u..N3c..w.p......%.....p.$.%.)....*pz{m. .nW7&.'&.Y.....V.g..k...$7..V.F..P.hL.E.....N..N....?.COb.......`K..X........Q[..|..+..bu=..K4A.$.b*.h~IL.~....fdc.%.e.9.0.....r.GLE2.Xh>AC.YJ..r.:"b%B
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.842566914958352
                                            Encrypted:false
                                            SSDEEP:24:rlKpWKLd8qiVwjnsXz4Y42tzcViprMABy6H4iOo+mZSAv0yfB62i:rlKpX+FV9jNtzcVirJBy6HzOo+mZSAvC
                                            MD5:2816C19FD1570DB794938237D943F563
                                            SHA1:7AE3B43A23889CBAC54963B28940C6980A48D391
                                            SHA-256:6969F1805BD0A42F68BECFDB7AE5AC42166FA294BA9DC97FDA5D91A9AF878572
                                            SHA-512:5EDF51C41F9EF6083F4E5319A64884CDB33D8DCE0337EF87FA3B60090D5371DAF0852F6C83D91AA210E454873957EE5AD9FC2D31477645B54F35758ABEF7AB37
                                            Malicious:false
                                            Preview:^.z.W.`....._R=...p........V.c..;.~S......$...7R`.,.B.x....e.H8..=.o1tt.'....6..[..Cs.........S..[.79.".2...^....zr[`....fDJ.T.....u#.Ilc..Ot......ES.Q..1......ZjXS,(x..?...An4...".....b...:-..B.....R@.\I..T...=Q.v&......K.,..........F.....N...N..C.|.[.g.....ZH;...`........Z.t..2.uN......&...(Gr.6.P.v....c.M:..,.s>ei.2....$..X..\z........R..X."5.;.,...N...xblAi.8..v]...Lj/..'...E....a.]>..<.2...#..M."N..p'..T. K(c:.y..$.2.U%[.......AQpi..%U...Y.M...XD..q...nvx..A.Df.2....UW.G6.n..L..X.p........\S....y.........Z.*UW*G...[;.q.].#Cbb..Zu'UK.N&.m..9.1.Y..|.a).2....(A:,r.l...@.-):..R.U./.$s......33P'...J*V_...c...\y/..=...D...a.F8.."."...6..R."K..x4.8B.'Q+x?5q..(.>.M?G.......QCll..7G...B.J...RV..u...wc`..Z?Fn.3....BO...I=.v..Q..I.m.<.o..A..%=.."6....8/|...gc<....].q.eoS.Pr....BU...../.=.pq:......2w..f'....9D(..'..T..%..;...*VHA.d....z....fs...7B.L[..6.}f...s.....pYl]t'.T...f0..W...)..-:.........j'.......Bxp#....w...]...Z..2..-...,...Zq.HB....$~.g
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.85136710133081
                                            Encrypted:false
                                            SSDEEP:24:1wRgfNso2J5qhce4KBxP2GZ4J3J802k1dwW3UVslQvP9SelkARQi+UIQkmJ4fB6b:ie+Hc2+PXuOk1yW3NiPEAeyIQkj62i
                                            MD5:D98182BCF6AEE800C45958D836C30446
                                            SHA1:5F6E52053EBE1EFF948D8DB189FD6AFD293C16AD
                                            SHA-256:6D84D5F1AA129FF3D5E4B1137CB4B242E6F4F5992FE3A437172E673542F379C3
                                            SHA-512:527C8CA994B31A5567DD96A4781BE78BEBB7CAC8B8D9C6CED8D69409B50A71B40931A18BAFC895C9090175F51FC95DF1DDD60B73959BD95A3EFA65EB71216B5C
                                            Malicious:false
                                            Preview:.b^1.E(o.UY..i.. ......y.h....0......|....c..T~.F.K.`...1........."6..[..%p&..._..y.`. .^..:.po.F(....T.REN.2...b.<.l......D.GZ.....b.h#...1YD.Mo8?...c.[....8...Ga.....e..M$_..Z.K.'...|[N.....=.NA=.SY..C..kk.z._.Z.+l....4@2.BU........j]."\......iF&.S$}.RL..d..8......b.w...("......m....i..Aj.B.T.|...-..........+..T.;r7...W..{.u.4.]..%.rj.Z-....Q.E]_.3...f.(.b......W.y'.. .Q.?G3...iq.F_....J.F,..lv....W.>.q.(.M.U...[....G...O.0..n.p...h...up.. Cjs,..*..."Y.1{63Ow.-..z.u..CS.\].kiFD.....{...m7..t.TG./....V...Cx...e?.Z;./........=.%. ....P..... ...vo.-A(...^W....XYa5....#qB.@GM...7.2.f..N..<#.......ER8....H.)`....h"..#.U.:Y7...rt.WQ....W.P8..eh....B....h.&.\.F...V....F...K.,..{.w...q...f`.."Wjz-..*...:].;u).Jn.+-.j.h..FL.@A.s}XP....~........../.a..&.H.*._9R56.Ph.;...oe....?B.g1r{....u/x..k..._..6...g........9)G.F...24 ....t.pI..g.....q.k....R?....pG.........qg..Y>.*.97?..0.6e.g.:...C...nEU..}..C.` .J....}..j.B!pX.|$I.c.#....Q........4..:C..b...!...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.844994508232224
                                            Encrypted:false
                                            SSDEEP:24:EOl9nHyBJ728DnDyuUvgauCt36L/TGhIvfB62i:EOfnJ8DnDtouq6LbuIR62i
                                            MD5:8336C3D91CF708ED126F19EA5A2D42F5
                                            SHA1:B257958A01A2C28997A91348371639CF0A4908FC
                                            SHA-256:BCE8DCD349B72528507411884ECF04D0C2EFA53C9E128F574C895BED813D8EA9
                                            SHA-512:45BEF06F70F66A3CE1F78FACA7C28F9CB93252147FA8C639B5C17EA763E135C810B81C91130C7CE07D1B50889D3E636992BA087EB9B36F6E0D7627B733E1F8E8
                                            Malicious:false
                                            Preview:#......Q.}.....5....[.Q'..l.(]..+...J)\..:....3....8......P...E.....P..yF........D...8.QW.3.).,..!L...coft.!.:.........'@.h.8._...L.pp.zc..4..^.Z.....W...Y.pWRa=n..F.C... e..M.^.yt.p..P6_.....`......sPd..o...hB.yv.l....H..<73..;..M.........:.......D.v.....!....[.T*..p.1V..2...K%R..+....?.... ......A...U...O..yP......G...(.IJ.*.+.?..+N..ipgw.(............U1.L.....y........a.4-.I... (X-.I+...kb....K. .qvY.A...!.....<b..<I.v.@..u|.U...D.M.?.L_|..zgh..*.J...I".=..Y.N..{.w...n$...$..!..i;[$-...A.|:.P..ST.0:...Iu../Q.........w.^[.....D...n.0T.K.]Gv,....;<.J....qu....0N.@D.Eq.....Yc......f-w.im....w.O-.O.....k........k.''.R....1R&.T>...ih.....S.!.zv].S...(.....6f..!X.w.Q..h|.B...S.M.*.@N`..n.p../.K...[5.5..G.[..r.v...y6.;...;....M6.....v..0N..)~O..!.?...M.i.}...mN..%......8".....4...=.C.u...P........mWZr. .<..n3......v........V....R..g...qK..!~=......`F..$I<T...V6....@AK...cO.o....C.:[.21Gl... .`..M...N:.=.'q.....PC.......p.Q>...1v
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.827141445037173
                                            Encrypted:false
                                            SSDEEP:24:AygbYtzTUHzAnDxCFJ6ccv/FEwOsohOLZiZRhpxBwWlRsNKfB62i:UbYtzu6DkFJ1cv9Ew1GJLT62i
                                            MD5:BB155299AF7166CEF2E8C49F1FEECBC3
                                            SHA1:58ED9179DCDEF679D37BBD8C905577F21F709C6D
                                            SHA-256:1EA9C1EA64B980F6300723DE01795D711D8AAC12DF7F7088CA788658EC229519
                                            SHA-512:6D136AAB1E37878D4F28D6DA78164A36E8EEF17D4B596C8F47D73D907009063B204E4CD14CB40C219FED861F715F5FAA4739400C9DACA7665D32A1DD8B673BDB
                                            Malicious:false
                                            Preview:....R..Z...$./. ..,...[..2c%.s.s.ep...."....vb...N`={../SVB.3.O1.T.&\j.....q.......(.9.t*_..f)....9.P%.x.r..0WeX..KZ.JL<.../N..7.L.A../...5.s.|...-....;F..hB.1./..7q2N..e....T00.K.\.T..3.4m.h1..`%g.H.....b......j..B u..8...cUf$..>(&psw.b.=.......^..K...(.;.'..'...E..%r,.w.f.yq....$....yw...R}!i..6AI].7.T=.S.&Yn....`.....w.<.9.e)H..g'....4.Q&.~.q..8WtY..RQ.^\+...-.J....!Q.&...n.;..Y..s..'./J.......b.....}5.2.....p.'..f_3...$......*..x"eI..6X...j..1..W.e k:.?.s=.>........4..Ae.9.....B....F......;..|...~.._.G..8..M.....3..H.i..E...L1ELFGK..q...-...n...5....}...`n......MzHRr...e.Q.7.....6.A.;3i.........C....>_.-...a.&..^...r..:.5\............d1.6.....k.)..zO*...9......!..d rK.. _...n./..^.h6f9.0.w=.$........2..Qi.!....L....v.Y.A...Iy.$...y._/.~......K-.R..A...dn-..=.QS..9.16.,.Gg..}'+.....C..6.@[n..f0.$&;.(K0...I/ y.~7......Y..N..q..0.,.a1.&...%.#BZ...h...t.6.8..n.o....'...S`,|.9..u9..\....1~..^.8t. u[V..9.B.Bl.I..[._...........<..@..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.84821408576791
                                            Encrypted:false
                                            SSDEEP:24:b6KaBfFPzkV10va2RUP5ocUHbFMYVE7YeDyJNsNqcfB62i:XEeV10y2RUObHbSYYGNts62i
                                            MD5:8CC0007987DC405E2CD4C755388A17E1
                                            SHA1:385EB8690520551C64546F25EF301043F65E3FC1
                                            SHA-256:C21902839B24A17ED62594F09CE583F1EC8692744599AB088687DEEE4F9205BC
                                            SHA-512:4A7072A924C89902F7958C0E71350A2A8F20B6D23666F8E006EE1347A62F0E427ED11F68C10EC8502A6B3C719A3B553BD81E4C2B95BA6ABDF592F810498F48BF
                                            Malicious:false
                                            Preview:.9FRb2t....0/.r.|.A{..W.[a).....".8w\...*.}.e..L.).(..v.... 5;{F..!.G.... ..........2......T.a....y..NAo.....-...=.K.Q..v.....).}..y,....Wha$9iU....n......H.*'K]5.[....9....>'..6#\..Z.-..|.....9........[.._...#./.)..\B....Q$J:R...'...01.M.<../GIu<t.....'8.g.k.Gi..R.Vn,.....$.2`N...0.|.f..S.,./..x....'&;.E..0.^....*......0..5.....W.g.....u..BP{.....8...?.A.^..d...q..8....B.Ew,......&... ~...Z...{s..........XE..7(7.\.#OO....8....e..%...e./.......H4F..=(.....*]...'........(..."p...g....s..b........K.s.m.S...3Dxu@..te...2D7..cSc4F&..B..-n..}..n...Ci._.T....e......ko..._.....,......i7.r.......g...t..;....V.Fr%......1...<....L...xm...........P\..?=<.J.,M[.....'...m..*.%.m.-......U#J..64.....6H...&........81..8k.8.D........Jr....,/*.,4..:..?A...uOw.K^..=p.'..]/b.j0...j...7.-...x.R.[.W/.[.F..eK0.J.3..GM7..]l;.S....n..s..6"h..-..X._.........ZZO...`5..Y..C.j.".".?.4....\z.,.....W..d...Dj1..7`:..'......!.7..+dET..B...hk.3d.P+.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.8312026668858605
                                            Encrypted:false
                                            SSDEEP:24:T+CjU92XXdipSSphla34cKyePU4InjcOwDBC08mXmKq5ZfB62i:T+CGwNaHphrfPU9jcOwD4DmXvK62i
                                            MD5:663FC7CCB41BD01D6069E69A87C21966
                                            SHA1:3C4E8EDFECDE1977B180CA79901D7C2CDBDA9A2D
                                            SHA-256:A52232DBE08DEA8DD8642157BF641422C66E0CAA281DFAA45DE47BD2DA775F0C
                                            SHA-512:CC065FFC05843D8B9485DB96E76E9D7AF4853E5918108CF55907D073AAFBCC92B19A93FD25947B56404F414140E4671EAE7725E12134759BA882839A81D8CA82
                                            Malicious:false
                                            Preview:yt.;....d.T[M%W.n.4.......:..Y..@E....8.|.....rw......&.To.RBa'.7.]..Ty.su.o.To..d...yx..1.s.x.....o...B......?\1....q."T.V...0/V.....^.....{..b....*...OV)..b.A'fZh.B.....[>%j....>.!.B..."J...wq..i..G.KP}Z/.cEaN...VV.A..@...z>G.g.)......f.6.....`l.<....q._XT7T.z.>....+..'..@..C^....+.}.....yw......>..Or.OS|)m'.D..Mf.}u...Wj..w.|.}...=.n.a.....e...A......6]%....`.!S.J.....<_.U.P..#b*.".4.:......T..U*..`....../N*n.%4@7.].........*..k`..<.MOQ*..+-.....N...p...*.|Y.\....i!..T$.../...-...."0#....Ny....GP.G2.&...8x.>.q...D...N!..kdd...w..~....(.'I9@..4.m.O.zY.oB^6T+...].k..?......#.(i:{8.......'...i.b_.?I....Mi.....:H.Y.X..$n)./.>.)......_..@&..b.......7O+g.%0K%.X...........vq..<.IAL*..4,....[.".l...2.y\.L....{6..D*.......%..?.''1..............{.u.n..KW.....`......G.#Z..k......+...v<gIf....W.V.j..}..3..Zn..|..SC.5.....Z_..d........n...~.<.C^...Y....h..*:..C..n..I .5.,....3. .|.$.A.....B.......!8....(K).hl.,8.iH%..Aqw.R....(@..#`.[...Q..7..I....B..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.850011668844236
                                            Encrypted:false
                                            SSDEEP:24:KILbFx49ZC/nmLemm+BDh/po56XylulLmd8w5DEfB62i:XLpx494vmLA+BD5658n9myak62i
                                            MD5:C3A4FBD0774F75655C056A9769F9C087
                                            SHA1:A6B8AD31237530A2E8A60558F9F8DEB063291C2A
                                            SHA-256:DF16C654F5D598BE4EC6A660F704F1E1FB0BB9528D57AA211328EAE45A289B07
                                            SHA-512:BFE4201C74C1921F99B797C4E34AB3F8F2D1F11F0BEA805B7606605335E399734D71AF8E760B97AF2747FF7BAA4635A1178CC5A2E627E5D37CF4616F6101E2FE
                                            Malicious:false
                                            Preview:.......v.jO,Y.#.9:,.g..Y........X..}.[..G....8.o".i....F.V..D.....h.-........6@...x..D...Op1...#2....)........3..Z.O...O_...h.Z..5.C....Wttv?.@.fG.j........Pb.D./.....k..]....|...@F#....7|.k.......nXLdj....K.g..#"...r(Z...'B9...s,..`.r.b2.gWt........t.aE.Z.).'>:.ab.F.........E..g.@.P....1.c..o...A.[..F.....c.+.........5S...m..S...Xw ...33.....>........%..I.K...........1q.-.R:].iZ.,..g\...G|d.....jT%...v^..w...^...@T. ...%..........L..]..7z.o.T..H4g..u.M..%.42>A.....z.3.DU..".]f...W/..U.^.5.bp... 6.{.........A.n..C'..+.ls....\.0..:.@A.Kh.3q.vWS..N2?...C....o..........z..>...=..1.2...G.Cl......899E.........h?u.8.V?L.mP...#..cD...Eso......sT2...q^..|...M.l.]^...+...%........J..A..!}.{.X..W4h..n.S..'.4?#T.....s.0.IX...5.Ps.(!..XgOAk..."....u...I.j%N..6.7@8TOsi..G.,!..VoF..=.....t.. .^......}.H...|..q..pF.Mp..j._0......l.&...L...+,.[...L%7..=.6....V\.......N.....U.)..Yix...?M.rY5].C92$...H..>..j-...piJ.......*a;...LQ..aN......<g..o...[?..G..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.846825261375484
                                            Encrypted:false
                                            SSDEEP:24:MDjMyik3mpwdMY9FNuE5BjbcHUUvPVRgYLUScI5I+C/UvlvGfB62i:MDxdWpNYTNu4toU6PV6jnY5vlvW62i
                                            MD5:9EC53BA316AE6226BF804ABA6E3D0336
                                            SHA1:C3682A5E97E1E80DA399506F60AE120553EF7691
                                            SHA-256:38BC9DB094E73987B619E9DAA80115FF1D589ECCE53038A99F15D2CD43B43160
                                            SHA-512:F39B8944CFC9DBE888EAC4308E1B2ADCEA5D5B8D26AF6F9CA4F354CC3E989C65AD1B87484C8B58A3CB10C0EF3C13EEF90B926D4B385B49C8B2A234A8A617F447
                                            Malicious:false
                                            Preview:X.K"p../.\3b.E.h.b..|.!....+f.<#~..G.3/p..._..7..IW.MzI...+../S.Q.U.v4.:..X....R.UJ$..RSz".r...a!..x&D.....n-%.p..&....`5..Q..f%b.W..Z..G.W...GTxr.......`...q.Fq^.....g.qa.GR.*.e:..u...I.......S:n...*k....oz!....;....T..D..!(.#......w...Y...@....G.P6x..;.\1m`B.q.e..b.)....8f."5x..\./,b...H..'..F\.JrV...<..>F.W.K.r2."..W....K.DH$..LH`+.b...l5..~$K......#*.n..%....a)..zndS....l...4.k...J...|..P.../enW.....k.S&..TI...,.r.TD..{..T.I. ...U.*bh.:U.=.c....~{q[....b...V...._..n.x..t.i#Pv......BG$.+K..)3w.1..dw..xT...Y.a.4...?Q..d[..^}..=zk.4>AC..%W....W..#...i.1...... ..[.f.Z3.;fd.IM>.TDtm.WO..3.E..V.x.`D.{....}acQ....j...+.g...S...m..E... r|P.....`.\(..]_... .f.YL..s..R.G.2...G.!xy.8D.1.~....m}x@....}..B....P..z.~..f.o+Cy....sw..;.sk..*...`#=6.X.'bp...I..*..59........?..$<......U.T..zm.q...7..>..8J.6...J_..M_z.!..s.~p.'......H...4....z.O.V.ze..q.b..Q-?B..+...7h,>...UC....f.^.M.c.-.)b..@..?..a..........9.Kml'....J.....A.L.@cw.........ho.'...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.866223415222605
                                            Encrypted:false
                                            SSDEEP:24:2Tc6674mRlXp5oa1HowUFxJclbnRQpoTFKI1XFogyS7OXSfB62i:kcF7nR3d1IwYJcNWpoTFtFogT7OXi62i
                                            MD5:95646708CE2B815E5962C8372FCB797D
                                            SHA1:B643D1A8B37B17AE61FCB5CA3FA7B8DA9D91599F
                                            SHA-256:B7996FED9EBFB56D41BEBF1CA3F759C7083A6F6B3722413E61CD46CDBA0290E9
                                            SHA-512:2723707C96EFEDAF28A7E74B1A281EEFAD927C7AE322FB69A7437AE0DE11D1FFB9F038B8451A42B011FCAC3875CE07874B99EDF2CE9B5A9ECB518A668320DBC4
                                            Malicious:false
                                            Preview:...gDQ.6bW...B^...q+Q>......x...-*....6.).lP.7..8.++..,<ql..v......z..It....c...lD<....2?..~..+y.].4.\2...).h.H..*..d.,W..m.@.9_;.ToN.M....|.M..<M.P........Rz..n..M.d.........HV..(Q..{..-<....%......lR..p....#........../c..l....^./...RQJ.M...yPS./{I...KY...r8X4.......c...72....!.*.{I.4..!.02..?;|...t......v....V.....n...sD)....,"...`..*y.K.,.K;...;.e.G..$..y.>.....M.SuH.fK......\...@Kw...&..ST.9ze...:.`.....:........hk.V.7..N..g...q..~.."S|.ye......5Fh.$#.TX..Z..z..U?9.~#.B#^e!7....+5....~.*...F9.;n..F.i.p..9.B...z........;......p.]EU..,o.8]{.T.,.b..C..f....}M..{=G1..'.rG.^6.Z.....X..Rv....LB....I.......F.I~Z.sB......A...VSw...!..C^.%ig...*.c...../........ih.C.!..Y..g...t..v.. Dw.ua.....;..!Ho.(#.OF..F..k..D,2.r4.L7Ob(. .......u.gG......H'..03.H..#".L..{.@.dD..[......m....@.(.%(.%..!k..].lB...4..e.l.;.......A....G.Pl.Z\.Xn...~.e.p.l..^.f.j..r.}...>.....r..<...6J3r...B_.w.S,$.........Xmn.u.c8...3....F}7Y.I`..jVE.Z.&1...lJ....o.]R.C..9!!
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.850772634375799
                                            Encrypted:false
                                            SSDEEP:24:HG8YGgNtqgtjSkZ8OCzYrX9+OabVWa9fSg+5bjcKmXlq7SNyjDLsR+Q8a3K5Vo+F:m3Gg75j6bErMO0VFpatcXgkygRL3UVVF
                                            MD5:CDC7A155A4B736F029249796495BAECA
                                            SHA1:298EDAE5065A09B4D80DAE63332EDC47588F6ED4
                                            SHA-256:329FAA3DE57924657F5A6503E5C014EF998B64B19CC8FB98D0B3F83A8BC19E88
                                            SHA-512:9C0C6EAD01697FB8D7F01C0A1A26B20EEE51B780CA243C0504540116D1688465EB5D31056F52F2E5C90523F47984F04AD1F21F90BF8D64333F5C4F8601519A9F
                                            Malicious:false
                                            Preview:s...n...&NYgr.N,...k..<.F.....y.W2..pEt.=gb(w....4...hXh...ai..;v.q $A~.Q6..pE.@.r6....M`.G....vC...2........G..D.A.'I.':@.%"......x...m..-.. ..:..?.sN.[?.....g.....X.X...(...2l*....1..*....n.s]>CQ..g^.).P.....'$.].N.K.B..m&......~.>dP.`.....%<..h...p..,RTdv.A%..v../.Er....s.Q5..pHn.6dv-x....)...|Do...vc..%`.. .Gh.O!..d].O.s3....Ye.D....l[...?........X..Z.L.6R.,#T.2.O..!.>.|..e....n..5....J...`...?..M[..uU.... ....Gw...}....,..rp..Z.Jj$.....w............... ..6..+...2Q.-......]..v...NH?W0....d..8Q.[..c..[....R..$..\ L*Rs-...!1.......EV...y.<..Se...H..]...J...z. .<f..'d6.7.m.@...Q..mQY.V".=.L..h..b+.nY..p......G..-.&.|..a....z..6....@...i...#..BB..z@....6....Yo...i....>..pn..Q.Xf).....n...............*..#..):..#^.,......K..j...@J;#\9+...T..&...~.i....c.gv.K..Xb.......$.k5u..."}.~..5f.....<p{.\].{..OP./..ek3(.......Y......&+....Vov.G.....R..=..'".."..!-..M.....=Y./..+\;]'p.b..F=..>'k......k.1..i..V._...}..&.d^.SC..0..T|r...5..\........Y5....{.y.jo
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.844016146157572
                                            Encrypted:false
                                            SSDEEP:24:cZET9A1qn8ve7FoVxo0qxvxjwMU89nQkOG8fdeM9llzUbD3C1kAFYtfB62i:cZg98vVxoTxvVwjAnQUYlYyaGYf62i
                                            MD5:51B61A49E94173F068C9E2E9482C24BB
                                            SHA1:72FEDE181010E14A82BDF2310EA2B01173AE712C
                                            SHA-256:D555703E3E1BC80FEBEF51C03B8875330F40DCA2630F49E3AF62C5693A147E9C
                                            SHA-512:E6E05887D41965E8EF4448AB518B6B017FD334104CF9D85CC89B551919F76F9E45D04FB13BCE57B343A544001261A6066C036BACB74976C19C552822D1EC9B2A
                                            Malicious:false
                                            Preview:e.@...pc.^.;x..z...s..>Z..x..V.m.&...B.M...H...@t.~:K.....T...iS}....~..D..az[.g.l%.E...G.....+.p.R?*.h..y.E..............\..F.....c....c......a.mA..Q...O...N..y..0..e........O..6....."~.x.3z..?.%..s%t;d.n./...Ftg)..E&..o]..(.g..Cl.....3.@..1.$.c...C...uo.K."...k..|..?Z..}..T.j8/...G.G...R...P~.b0G.(...I...q[r....o..F..o~B.`.o$.C...A.....).`.Q-9.d..d.M..............O.u..\C..x..^.R....R.6....4.fR.w..5.*......1...)..wkj..y5..A1.b(.......5...'t..Dj..".r..3......ef..s..6.cC.E.......B.D..p/.AC..E.,......E../^...w..mc{......l.....p...k....e...R.&..g.....dr..T.O.0....R....E.zW......+..`.,e...o..;......F*.....kn..*.i..D]..r..\.Z....N.(..../.fS.q..8.,......:...#..ftc..q<..S..p .......%..!u..W...40u..5......gp..}..8.dA.Z.......G.V..z?.L!.]..!......Sv..E.|'...;......s...;.q.#.zb...:... .Ro.]..+8'...%;F.p.8..L.a.i.e..0..0n.O..W&.k..L.&...r..J.......m...].}..6..M..^Mj_..........>..3.7..7..z...5.....C.".!N...l.}..Y....8&Lf.5K..}..z.}.\#.f..Kj.V...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.822384924585611
                                            Encrypted:false
                                            SSDEEP:24:u+MlU5hogPwAAk8vd4VbQMw1Tf5tpaerX10wdBqoYvccARXk7ozUAT6fB62i:xd5+gPwAL8vdmb8THpa6/dBqX/Aq7oAq
                                            MD5:976530EBEE41E1B399857F4E037B4597
                                            SHA1:B924AEAD0474DD0FB0BAF2AEB9968D3A4D29BB5E
                                            SHA-256:63041D43E73FFADBB06C3531B8CEBB87D6EFD748B1AD0003E145FC900F4DE3A6
                                            SHA-512:98B74A7CD7461589DA1A03CC6A1C86815E5CF976687B923BB52639870CC2B53FC3231A778FBE54DAEA027B909005C7550338CA56F6FFF78DAE6DD559D67D08AD
                                            Malicious:false
                                            Preview:..[N..;.h...#.,J3..1...U......R..=..).O`.b&A..<TC[$...F.....:2...90'.*....k...Qr6j_.3;Jw'gD.N..3..../;..+...J.<...9.'-.<lP8....A...#...:...u..8....w.phS..*.^I`[.HhC....%..-Sw}.i.n>...!w......1.99..[..M.\..mz../..b...r..BXLy.J`^..AZ..OYOE.....UX..7.}...9.>C:......\......D.....#.Ea.f<O..,^ZG....J.....)*...:$<.,;...e...Vf5k@.1%Aq1uI.Y..#....:7..*...K.0...4..3/...6...arX%:..X.?.V%.uh.c/.....=...E...d.b:.......B...R(.L........0f..%$.@......n......<!..G8..*......t.s..E....c.[..LU...........:........}JX..x..j.j~..l.E.k.:..h.nG.d...h..qe.h{5....B...&....N..R.OOv..i6./..A..Gg..f.....5u..{M..}[".{..1....6.O.(...ylQ+0..P.*.V9.kq.d/.../.;...I...t.o#.......J...[<.D........({..*:.U......j......"&..E$..>....m..}..G...s.\..IA.......Q...d......>....Sq...=..W.y-...BF.R}d..w.I.)d.KF..t....dY<6...O..%P.q.....g.!.w]B..k........q|U....J.>.O...O..RV....7?.O$X.K...O538...%.>.[$w..w..B.....3.o..4..M.....P...X.7.h".Tu...d?.;...z..2":..r........;v.d<.Je.y".
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.833570862666139
                                            Encrypted:false
                                            SSDEEP:24:UfkLuBjE5UojYqt4hqDsFtCqwF+G9YkgV91/9gboDZTi+5FpxJWenYPfB62i:UtBohSb6FvyVXKaTi+9xJWenYx62i
                                            MD5:71DFDF2843FDCB3D6F9DEB5D573F19AF
                                            SHA1:1362CA02DE49C066DF9DBE564A937851ED21EC81
                                            SHA-256:61260D2D84FC5FCB7C3B0FC40193142E3EB57F4DB61CF7FBCE31263BF06545F6
                                            SHA-512:47D5B33CD61B7025F43F17A4FEA394487B3B0660B166F7CA8C664B6E89381E634DD955901016F75F14ADCAC5C24E7D7D146FD646ECC329D374C09AF493CF8448
                                            Malicious:false
                                            Preview:{,.y...^.t.[y..@.;.tx.7..h^.._..@..a..[...dx../..IjY..@y..]q.J...?..........i.S..4.[.PV.-Q6.T..f7...hz.#..=..e....M....;.B%.L..1..]M.5sL....-%.15O5".uK..-}..........>E0...%.....w~]....8..zx.."....b...M.\.X.......D'5.j.Tk-.Zv.w&...X.6....$3...b....'.z/.|...F.s.Q{..A.?.f~.+..aJ..P..X..{..Q...kc..4..OsN..Gc..Wl.[...6..........d.O..'.Y.H\.9R8.C..u8...ca.6...;..f....V....2.P#..]..E.....h.{B).r.~v..U....V..I;;6v"...(,,.XUD0......gg...I...P.....6-c...K...+H.{N.{..Y?^.gy}...'"f....E..6.E7O.7.........tAoF..&].{.M."x..@..i;.'%......C.*_.(..Pk.!.....P..-.Q?{.{,...r.......6.:i.....a..F.K.e%.`.....r.......H,.s.YL.(M\.Q..B......p...~S).x.`y..M....I..F0>>b?.....6.;.XFF;......kz...W...A....$/y...M...&^.qZ..s..Y0U.|{c...""k....A..:.K:B.)......dF.e.&.w&3.....0$C..7...t..-1....=Z.8..}.....]}".jn..^U.!.O.....I...._R;...Y.v=...!....9....:.!.h.D[..A..E.`...7=5.:..g.cO0...5..El.e...2.'Q.Z.~.).04........#..ov$9..`I.q!.."...R..p..:.*....v(.%........j....>..R.T.K[C
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.856446293975047
                                            Encrypted:false
                                            SSDEEP:24:Qp/lDfdVqjxsrkzRoiLesRjrjY2lckgja0IZwvlxKkfB62i:Qp/lDfLqVO0lRLblcPja0IZwvqE62i
                                            MD5:A32D115BDC295BFF675016505B8B3FB1
                                            SHA1:D5112BC9201A254EE3528AE74EFD5FB935DC20B7
                                            SHA-256:2B90F6B9E0D99BA9DA07539F60FE7926511E0AD021063CF00EBBF4A41AD1A707
                                            SHA-512:16C6F5211AFC324F79BF94C0590E38FF3C2120928C98BDDDDED90767734C58509425FFD542D95BD6AFBC19AB50D158CD66370CCBC370D8D2ADDE4B6F91B2E120
                                            Malicious:false
                                            Preview:.....:....P...R*.?^.>.uq.:...M.]j.0&..9......ShR.j..:P.6...=.S....0Q2...E...~....G.x.?".!};y.....Y.9Tsk..........3.3Iv..8........}.A?+P.'......`V.Bb.5...dl.y...2^f.F.....vv..[.C....5.#L..PTJ2......."..(..........(S../..E.h...i=`9.r...%t.O........0....[...U .!Z.,.hm.#...B.Gr.6..."......Zs^.c..-F.1... .R....;[4...Y...t...@.m.55."s*n.....I.2Oo~...........(.6De..>...y..9.~.K=M....T...1....../".,.u...H&-../..Z...+.......V.u..b...*...!.....p..g....0!&.]#Q..p.X.....M.......>p[R..X..}j..&Lj..-@.[J.W])"....mSYm[D.".\h.....h..m..^=7............'....5.."W..yiO.jq..W.;p}Nv...qU%6.E..gU/.....oB.FloD.....D.........w..'.p.U%X....T.../..!...02.#.p...V 4..1..]... .......\.u..|...>..j3.....v...j.....-..B#^..k.F.....P.......2sU_..F..lg..l..<L..8j.w...O...LW....m....-.W..Xm}.....t.gK..3.b..p`.....~........)..{...{..4ea....}..g...AR.O;./.H...M.~.....Tj.2\~.....t.-r..1..Q......'.....W..A>.~5..&.*...h7........;9....(..(...j/L.|.er.......R._...Ga.:M...%..j...acu.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.859184325618642
                                            Encrypted:false
                                            SSDEEP:24:vfRr8PP9PLnlrdTZTHS9t0xElDXcuHQMbizdtvHKXZjtWcfB62i:XF8PvZTZTy70xy1Hxbi7HKpt62i
                                            MD5:4304FFB0A9D85B4BB217B66B12C43E71
                                            SHA1:AB881FF31F6029B70756FEAFE5A1E7C14117E97B
                                            SHA-256:802EBE6A343D062E2D4CD0BC3348EC6BE3290C11802D9ED33E133C2FBA394C78
                                            SHA-512:B3252C35656FD64A0C0FA44C59BE56F602B5678A2815EF406132E9322FAF5340AA1EBE9202BE40CAB7FC8D41C54D7A1893BD418C8FF7D1819B7EABFA5D2C35FF
                                            Malicious:false
                                            Preview:~...pW#.N`....t..J.h...[=Xj.'.-,..:.X..l...k.....".......%#9:.y...X..K..R.Rh|)!....L.(.....\..._d{>|.....K...]&].H/..V[*.F..A..3....<..U..".J....~L.5..Q.....r;V0Y.(....I.....y....kCGu?.9....o.`....yN......{.6?..:......>B.R"2..C../^...8?.=Nb..|...cK!.A}...i..W.g....M"O{.=."1..-.H..h...o.....".......:2/4.g...V..S..Y.Ser)?....N.$......G....Kg~"c....A...O.R.C"..YK#.F..g.n..H..D&..kXb]...Z.....!XZ.../!.u.E...\...._..p...$-q\kJ_.B...9z7....Y..50./).d.B.q.A6,..j..o.]..pz9.[BDc.R.4s...1.k..|...H...v.vG........H..[a.S{..C..T..*s ..S...T.r.v.f.Swr.6*._....M..5....4..:wi.2.%C...(....~.!...l..#?.I.|...Nh7...O..U...c.m..|..N..]2..ePuN...G.....*UD`..;-.f.Z...T....K..q....)0g_fTH.U...:. ....\..$2.' .e.W.a.F9"..h..v.F..qw .IW[`.E.?p...=.|..oK|.jlS.........1......Q.B.o)r.V..b.).k;yG-.....=.81.&.H...?....|..x.{..p.....V....&.P3........j..!9..W....^..$2..z-.....N..........x..zz.-R...z$w#...s.@..K....c.............V...&...^7...._..&<..x.f.s.Sq...s..>%......i.S..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.840911912751659
                                            Encrypted:false
                                            SSDEEP:24:hvEpooum+rtLJHfUeOQUuUde43IfwFaGoV3DKQ7CIZTe8BD8gxnWfB62i:+Ooum+9J/+PdFSwZoJPFD8glm62i
                                            MD5:2FC9517DC9796DF5C7434B925CF5103D
                                            SHA1:77B2E1C5DB7EADFBE03242D0AB5A0CD3FF8A31C7
                                            SHA-256:13CC3851C1CD2246D89352376F93BDDB67E08C05D24F7FFAB525C7C0575AC677
                                            SHA-512:320C41B470C3A55924438A29B6EB8D746A3A5933D8D8D655F19D1ABE3273BA41B089C80475312539672ED68FE7779ECBD0A7EA42C063A60653A2F6348385057B
                                            Malicious:false
                                            Preview:..a........H/.0...8V..D..5.9.....`.%.eD...G...;.bKR..J:.......K..ABw..r..C...`.n.Fp.......m..'b...G..5.EI]..G9.1a~.\oKdZ.. 1.y....wKZC...H..`L..H.z6!..u..u..X....O....F.....^......X.o.......>...'.I.dJ..D.........)...OU../.y.E...E.*p.L...z....J/.e;.Zj..w........\3.+...>O..@..-.0.....s.-.r@...J...7.lGY..[+.......E..]Xt..}..U...j.k.Ms........u..'d...M.. .OIF./E%.9bd.ZbGuE..#"p.[.....67.#.n'\bo.o....E.n..,../.A.~.=5...k.#C..kdN.........u.~....J$l..*..9~.X1.....!.....n+..Zb..i..d....>...3H...xrtC."M..1.\./...=..,|C~%%.S..S.-'...UbT. q._F.....JG.8Vc.G..j.m.......9...=.....]ZO.'...l.......Z.7...[...}.6;EB9...g?^,'....mRl.y.M.....%4.?.`:Wih.}....N.l...|.(.\.c.3&...l.2N..jeF.........q.`....R(x.....2~.A8.....#.....o;..Pc..{..u....9...=Z...tttP.1S.Af...IN9H......SGK.Vb.lB.0...!..)..zy....ZY..u......m,6...S.>.i.3...Q...|.|.r.......mf.y...{..+gk.mSf.....q=..LWm1..b5d...|b<K....hC.....8.'.w.|gI.-.....^..<.. ....zf*..k. ..9J..w..TR.t.c..YmT....Y.M..G.+y..M...Q.......G4X.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.861989631203601
                                            Encrypted:false
                                            SSDEEP:24:lNvs5iU+6fIR4lolR7rJBCUfcrewjILoa2xEClY5PC65uJpsAhw6fB62i:Pvs5UdxVBCEwZaGr+5DYJhD62i
                                            MD5:15390CF4738F966995F3F962D473F350
                                            SHA1:A563DF5831D7185FD76DA569D4262BB06E2D4340
                                            SHA-256:30FBA3CF32CBCFF11CEEA55F39A8D4AABDE5CAB317668DE34BB69FA064E73A7F
                                            SHA-512:618B2418D643BFA83385F78A363E2ABB6AE8192068AF02BD11A43843623984DF69E3099DCDECD64C11CB4D7DA7AEC43B749495293554F3446DFF14EE6B097F62
                                            Malicious:false
                                            Preview:.....$N...X<...Q4.8j..S.." ....,.......E..E.ZvdA~..$G..*}..b.o.)....u....2.O.. ..J.a.`u..d.$>...#YL....T.#jo=.....d5.._....!Ah.S..|..W.Y.\..G..+[~1.;K.&.m.wK."...o....+d..o)&.8.aQE.BK......._l...5.`....q.T...t.m....V.*.7....;oK.Icyy...;#...+^......Q...S6...[5.<|..L../,....1.......F..L.VzmGg..>@..'w..s.i. ......w...8.L..'..R.v.c{..c.71...(BP....R."i~<...i.i&..M..d.k,..c?kTZ.4...{z...n..6H...*...g..Pm.v...q.r./....@..f....:.n.x......T..9..?f..xb.6....4R..A)5.....b.P.7.......;-.XF?.....xdG...Oq..`~..:p;tB.lv..Dh).Twu..........,..<...G.{u...l.S:..~.t.`.A..a..9.W.l]-..9.ro.*.\.FI...B........+}...U.Y.......h.e+..t1oJB. ...{~...a..;L...:...b..Ms.o...s.u.<......I..{....1.m.x......N.....&z..ne."....+R..C27.......L.%.......'3.OW2..p't......Tt...]5.n..].o&....5S....Y..@K=......g6...9@?3......ht...H.`Jb.f.?.F.V....5....r.......Ng.p.....v...X3.,.<].....{....H.......c+......|.....y...*......`.......s_.`.=.rj.U@6.l.)>!%.4.....4..P....r...s. .m^..W&..>..i.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.865309633425639
                                            Encrypted:false
                                            SSDEEP:24:dwPMBcW3ahiGLUNwCYDInKeZgZakSxj17YJGj+JwBnL+sM8llLPfB62i:dqvSBwCYk/Zaahj17YJo+aBncAFx62i
                                            MD5:162D87BAFA7C01C87A882CD39BFFA473
                                            SHA1:AC4F62200F09ECE44FE5CFD2651563CB5F7692F9
                                            SHA-256:300032F95521FC88C1B9AD3145CCAF5AEB05F498AC2C1A8015C3380FD2958277
                                            SHA-512:E207A245226C9A96210AA780BB9DEE3FCAB01BECF5A5DCEBAC4B1D0262BF81821FFBE77F297716B92A8085F82B31633A629EA4A57845D2691E548F64F5588780
                                            Malicious:false
                                            Preview:...f..d./@..1..O.&.S..2=.g.>....$....X:.t...de....X....`.4...R......5vFr...#...d...).........2y.........3..W..S...v._.....0r....+3.yE...+...a.p..".3E.O.@@....o.\..>..<g..Xl.8.u.....m....K..kK.._...?|.."@]...eT.../.g...&......tD..!.O.....D..B.L#..{...n..s.-K..6..G.0.H.=8.a.!....&....Z).q....x....U....y.!..H......8zXt...,...u...>......../o..........>..B..Z...}.@.......Ri?....Q}vZ...VJ.Z..Z.KY."..n...x{e.c...x/0...6kt..tQR...R..G....M.....*W......Z......S...0.......2".M.%D...p....=....o...V.|..%.e.h..]k(...0..z....<.,."...3...$5.}J.qA...5......y4..8].....N...y........iR...Y..G.....g.f.J.P.].=?..B...@...BE.|......Xn(....^lkM...IN.Q..C.WX.2..p...b.r.|..$k,-....)gj..rLK...A..]....]..-..(H......I......V...;.......- .F.7_...q....!....j...ck<..;....v5....&.u;1..D..E...S.}d._k@j-q+.l.......x.Z.J....a...|..~.........A..e.....S#..o..U.1..E.H.......EI...C....._0...Oz.0..W.....2...J"2..{*5.e......8..bD.yN|&.......%Pqw_.uq:..w..u.L[...&K.x|...@2>.pJ.:..-._.Ch.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.844020115769643
                                            Encrypted:false
                                            SSDEEP:24:+nzKuPY1iMSFUQN+1zS3F66x8E9dcv4boq37A5HKLLrfP2fB62i:+nzKuPY1ZSFC1zS1hE4sqs07u62i
                                            MD5:3FE4C1CA1C537590200604B9D9DA173E
                                            SHA1:5C829DF5A64B4A6182350679E2F77229CEFA8FDB
                                            SHA-256:CC9C7A708E3FF0925D557187CDFEA89852BC31B85A6B485D0291FB65E39800C0
                                            SHA-512:E9C99ACAF845953F3A2BA8F3AB7108396B101978B8208DC68561FC2F9FFFA121A8B5D73EF90B04AE1BA1EEC8F051EDBA52B2AB5E3139B5E4A788227FDE1933E4
                                            Malicious:false
                                            Preview:....+.~........ ...w.;V/*...R0^....l[..........nCi....=mQ0iP...6.4...).3B.4..g...v.E`c....h..m..}.0....A..Dso38....).#......F.q...^.K...bH.@..9....5wG.........E2]..\......[k..#.O%0..|O..#.Q..\..B.....(..HF.G......3j.....yw_...w_)....EaC.....!.h........6...p.4U,....T2E....qL..........zNj...."qX.sT....."...7.$].-...}...h.@rh....t..`..i.$....N..W|f"*....(.%..@..g..V.0..;}.M.._.`.....rJ._...~. *..HWC.'.e..Ll......M..O..M\9?#h).* .j/..M....... .4......N..z.....z.5k....mt.E~.I..f; ..K....%:n..l...........U..O.0.k......F1%5.O...s...Q.f@]...<>.Z.PV'i..9.a..` D.I.s..aK.x.-......m..$@.q....#..YE..D.9.=.D..u..V.0..;a.V..\.p.....`X.Z...e.!3..OKL.,.g..Uh......F..K..LZ6>'y8.=3.u=..@.......(.'.....O..`.....~.:c.....tw.Nh..D..GK.6.H....zz/A...?.,@o...H...UH...|.H&.1....0. .Pj?}..v%Q.,1.....^Ds..........a.}.......i..5G..HC..B$.&.`#L......u.Q...L^|c _B..{......=+..J\.mRCAz/...*.$..gd.3I.hr...S.".37....-;ZS.X...N..Y.vF.>.:.......Dc..t.l....I+
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.833548670401524
                                            Encrypted:false
                                            SSDEEP:24:FnIl3wrDjH1wfTtz/nMLdQWcF/84OaO82pMHMABIq6OOGbkxY4Fl3IR04fB62i:FIZ+3Vw7tz/OUK4Oan00Bv6OOUk3FlOc
                                            MD5:6CAF620E6553E724AA13C0AE61E35216
                                            SHA1:D3ABB1E3D5DAB7956BBBF1E1F727780BFC64B397
                                            SHA-256:67471A33BF1E679DEBAA1D7FA1817E6EEE604213DACC86CD6A7159A15781567B
                                            SHA-512:B32DCE700E5901ECA00ADA962EA6EED855633CFC0F8372F0ABD2AA0FCD0F3E8440AB4ED9F26FD48660F210CB366E713AFA6C9DD9BEDC62302CC19DFD34E0DA48
                                            Malicious:false
                                            Preview:!.|i#...9..[g...-~...n...sn...rU..z.1,S1A.R,..:.....#......`.....S..69.4E...O... k...h.Y...Z.5.......4O...|.(!....2...Q.^.....&.~YP<..h.cjG..+..X.....X.[.>.9C.h..A..._..%W*.d..l...W..Sa.......1..;.._K...}.#.V#?#.....B....{T.:.[.#:^.C..n...29.>.`c'...,..Kt...;k...f...nr...cR..i.9>E<[.R!......8......s....P..<<.4\...@...2x.....Y..Y.%.......0W...n.?>....9..yP.N.....x.6...l..;gW...9E?..Gi...nVYD.P..[.......G-.......t.C.,=......;..E..U.8...A..6..'-.....2..T|*.H.A.../..-......V.p<....'..0...0..o..G_;x^.....*V.xTEEN..m.o.3....v...K.....O...!Z.2...3..l.+3:..Fq./.....=.k....u'A..1.~;.%.....b.H.Udj..r...b....u.,...k..5{X....>D-..Cp...mV\R.D.._.......B(.......n.Y.3(......*..^..B.!...N..<..%,.....8..^s/.W.\...,..%......Q.{8...........S....mk..Au....u..P=&..Sr;..i.e...,.6;.(p(...".8~'..H....)..h.....`....)u.....s^$......wn6...LV.7.G."dH!.a.7._...+...........w7Ha...&....L!RM.@0..@nuUn...v8..0m.......CO1..{..J4..;`-==....".6..Zo9...........
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.8365741177215815
                                            Encrypted:false
                                            SSDEEP:24:coPmBChFM7UAeAx1ViFS1x5b2BoMCaWQ/GDVJtCmGyHVk0HwmNKLMB5y3MG1F4fW:coeBKFM7UAeEAFG5b2qHaWWGDV/t1rQb
                                            MD5:32A2DA045EC7D6C0923100DD6D6F1759
                                            SHA1:597C5F12DFF6E0F93A2B7765F7429EE397F57D06
                                            SHA-256:C397846AC97C0AE6B5F5E74CEC444CD1D1FEB704EFCC92D02FE5C1072CB5E7BB
                                            SHA-512:F3C492D99481DA7651CB165B139D2315D6F114E0DEAD31313EBFDB0868546C99AA7E8C0F8A3123BC65D08A98456B1C26A2979EC9A0E04992D9249C01460DE69B
                                            Malicious:false
                                            Preview:...wq,.M}Y.P..}/....o...BO.6...v..<>..z....NB.j..|..2J...8.i.q....8l.RT...OHk...'...o..KGK.]..s..]...lhL6+ps...i.A....t..;%....Os.P.....Kb.c..'m...N....n.aa. W...... A...I..M......%.f.>..mB...O..e4y..pa.vi.:.H...B.(#K....>Get..,...i6@3'...e....|.....b,.U.R.J..o'....}...II.)...p..+2..b......U_.d..c..0Q...-.e.k....5}.^J...GGh...0. .x..JWP.O..n..J...tzJ%9}r...k.W....k.. &........b....y.v=..d........f..B.M.....z..D..u...(?:.S.....%......}...m..8..vCez.O~$sB.@.(o.Ua.W.h.pZ.'....3.*......&.......1....5.O.*. .....0/..._.,.....30..?.m.v...I.*6.p.N&=j5....IUIb&....R..2...}.8.Q|V._.S3....KN.l.sS.x..GO4o.../1_..SM.........c.....a.e"..o........n..W.G.....c..W..d...$!*.U......#.......x...o...3..bPvs.L`&bG.V.#q.Sl.H.w.uQ.5....>.,......%.....VD.a]..4..$p.*g...[.R.... q.7K.(v.E........D....q3q}!....i...h..m+...a...z.)d...b.Rk.=Z.s.p^.(.PR....Ex.!.Z..U...I..k.HA[m&.....l....0}.?...&........;n.9.o..9.n.X.d......T...A3.....h.I.g.....Dp.P~.F..}..,.......}A.....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.852879936345027
                                            Encrypted:false
                                            SSDEEP:24:ufq/FnYAGJM0T0E9KQQiPIkgJxV2yj1H9gyFE3F2HMbI6fB62i:ui/uAGJM+X9KTiPKTT1HpEwHMbI662i
                                            MD5:4E2FC9B656375574EEF6A9920B7EE084
                                            SHA1:C333823494F82CBF01DE6CCFDE30AA0FA4858609
                                            SHA-256:E6B71C3660783268EFA887A7794843060F24889F67DC86D11F5E4FFA45FC16CD
                                            SHA-512:ADE950A13F9E1C1E37C036A5222033F5E19EAC3DCB3D058B36B4A07EF362A3D232944005A490B859BF7E8311BFE63B75A08B02B12316D725C61A8F5E8AA2C0F8
                                            Malicious:false
                                            Preview:.1..vp...L.......SsQ..*.q.D.W6.....=.......s...i.....V.Ox...........&..4..H.*s.`.\..(...f.J.o..^T....-.. ...ST...;r.@P%@Qq.\.A)W...).*.....5T3=.\s4.S....P......m5..rw..ds."...c..]D.9..}V.Q..|.....!.c...c."....~..].I....9NW.`(.....U._...}..>..~`...L.......TuW..".k.G.W!...3.&.......d...q.....F.Bo...........>..;..G.3i.q.\..6...w.E.x..@R....(..5...MM.|..r.AL#A..:E....})...s...0aA{H.C.;!_...F$.k.....!g...y.F<.6...........q..D9^h...y...x....'.#...mb....M..<.D.wN@....."..a.rvy_M.PJXUl4...vm|.2....'.}.c..J.G.]R_=.q..=..B.T,.....3i......1.w.Q.....F.(F.d....M/.4..OA.(..h....IW9..q@.....e.c.a:.Z.2.....:.Y>....=G....{*.t...2x]p].R..;I..hT#.p.....:h...p.J-. ...........w..X+Rk...r...z....$.6...kk....[..*.D.wUK.....$..s.t~jPE.HYLJ.......Oo.......9c!.h<.6.......U.tQ.<..+.j.Q.S..I..t.B...xup@......jyVQ.-.9?.S.9i....z...y..G.........Z..-O{..a.ru.{....sx......o....'...d.s..-.B.....5..V.,W...............{.?..:WB.r9....]\....$6...4^uI....q..:\.zd....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.879205573237802
                                            Encrypted:false
                                            SSDEEP:24:IMy3lvLAG1Zc9Dy1Meq0lPmM43JiJQmD37xS3yPpa2zOBfB62i:IMy3lDAGnO21p9PN43cJdPxSCPU2y62i
                                            MD5:51CB07E90FD90CEDB95ED42FAF098460
                                            SHA1:78E1EEDB9ED181446C690855E23378FF33DE5A09
                                            SHA-256:A1D96D72E47F9E83763A8E281719C5E9EC47A2E8BC0F289E8F00570B8A92A320
                                            SHA-512:EA404AD0CE61AEF37D8F884C8878A5CA5D69F2D78E79645008E3DAE7C82C30D621753E35780BC392DA0AD8F2F358B1CAFCC1C0EA3C776D57B1BDF00F978504A5
                                            Malicious:false
                                            Preview:q.5....9.......j~.!LB..eu...<h...#...3.bQ.[Ru..'.B..W........GQ.-....K.S.AQ.q......Gb!8......mav....k......].O..y'0.qU..S......h..1......kzP...KY......~...7r..f....e....mj...%.....<! ...../..v..:.=k&mTz.W.i......,!.zy.,f.L...R.Z..Va...)....mn......".......mx.?[J..jv..."~...8...0.uO.LTl>.?.I.._........EO.)....Z._.NJ.k.....Yy;1......yvh....n......S.V...20.pI....H.....S......p....w.;d...L....dRI8V....w.!.K......4.. ....P.....Jl.Q4.f.o.]..S.V....D-.8.].....!Ji.*\.x.1.jm..y.Y...]|...6...A......B.#e.R..W...*J....av..........d.'....XT...%.J.f.R.. G....U~...rce.....S?...-..D.g.R.Eu.e...</w.,..5.......J.....P......r....t.+s...F...cIK>H....q.(.A......9..4....V.....Zg.@&.w.c.@..F.Q....R+...B......:Af.-H.~.%.pk..v.H....(...C.^F._.2.S..:........].!6.]..QU.l4.dXu1..7..@U..:S6...z_.......O.....:.C.y.....Gyhr.. ..gc.."..7..........o>.S......m..V..!]..... O.l@...1.I.z...66....4P...e,l. .n3..L..E.]K....ktF........34B.Y.G.V...>.....LD.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.880199756784581
                                            Encrypted:false
                                            SSDEEP:24:zMkPB5e0HpL1UMXsvYLDkq4lodoOR/P6v1vda/TbyOgPfCsotfB62i:zM2w4gMn8q4lA/P6dvwTwfCsof62i
                                            MD5:63AE705CB3F38C37C550F646EF2DC9A9
                                            SHA1:AAC5C4CB97111109BDBD5AA13AFFE3B1686915FE
                                            SHA-256:91D411225AD6A20A81FFD746470C2C9D15CFCD195E383954DA7AD4644381873A
                                            SHA-512:C7AC8A3B97FA899C0D2121C5BDB15CDE2121FAF6B89A2316C716FA9D4938CC3763A2240D0769985A1B9F895C31B9C8A4E62A7E8E40D953AE8B485A5A13728F84
                                            Malicious:false
                                            Preview::V.....d.,......b!Z..5..a.@.:......xo.............a..............,..^A2w....:.,...or<.Y..J]..e....{C...98.+..~.)....h..e.GQ..g(....q~.D........ie>.uN.o..g....R."......(.W)Z..A..?...x.t.D.A..'_.i......,.g...O".W[.H@.S{....C....{f+'Af..M=...z*_..X.%Y.....p.,......b&\.."..{.C.).......df.............~.............2..XQ*f....!.6...o|3.B..OL..m....eE...==.#..p.'....n..u.[W...i~.S..)......e.....m.|. F...; .....<r....AS...F]X..IZ.Tw.S...9.Z........^.hN.....w+......E..6..j.%0.5.4.:...,W-6.l.v.>(..o....J7... {<W...y@..Vn.]"(%.....3.*...dAZ..X....M....PKbR........#L...0.2aI5..w....T...3...^e......6...i.\..._..j...\.AuuUV..n|.@../.....d...x.m.7S...47....("y....GW...JLD..\N.Y..G...?.Tc.......D.j_.....o>......S.. ..|.1*...;.=...#C?,.d.y./0..p...J.Y.6......y.K+.."a....[...a...O7.....e.#A..P..5.a...X.O..d.d..`.$....5$.v.>-G...a9.b{s... w1Z...p....n'..#...;G`..v.&.&..PT.'..k.....].........5/...R...I%.v.....*jD.\.xMS..RY.X...N.|....O.N.QF'*...t.n...X.....n$..E/{.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.837853513841471
                                            Encrypted:false
                                            SSDEEP:24:xjlcy6flrFtuqzB09I4mewTKA9Q07NJlCwb3/mRkz68XGMfb2Y8pfNkY2fB62i:xxcjlP9N093mewTjQ07X8wbPmk682M6B
                                            MD5:808DF354134385465AFD97FC3C21AFD5
                                            SHA1:D2E076119DB6874E5D5DB0EC318139537F58C172
                                            SHA-256:9206438B4BEEC8DA833080AA57D015D45C93287C8400C8707930B36138CB902D
                                            SHA-512:4922AD55AA3E23C076ADA0F4C740F5BF64D050F56453BF0D915A83078D99F1AAC421B14CE25B4DA7B7ECC295E0BB96AE56BCF2C71C5CED1E75C239C2EB877435
                                            Malicious:false
                                            Preview:A..g4...>.-.S..ZB.j.......Q. ... ..5>......U... .SDv$...........t ..`p.~.d.f.M..n....O?..F#..vWu.4.M..'...W....[v..$%........K._.../.]h6.^. T..K..;.(.14.Q.*..X....'C.2....>...*>..../.`\...c..4.o.RW.X2.xF.G...tm..%.S.....-../4...I.V. ..i...v.$an.7X..{4...../.@..ZO.}.......F.1...;..:!......W...".^If0...........p&..xb.h.y.x.Z..w....X/..X,..}Xu.:.S.."...C....Pe..-4...}...3n...."[V... k........N.(..~.=..gdm.8......2n.L.i.8..<..N.j..r.5w..hzX..UL..ax|vRc.u.h|#.....}....l@x.aN...)....q.$.WBOV..VAD..7.N.hs.....\...hw:u...*eh..^eK...d)5_.}.G..&...%.........u.q..a,..$:......E.d).....w.i..{...W...N.j..l..>.6..p...$d....?YV..#.........^.%..c..7..wwv..9......?e.N.m.<..#..[.a..~.4q..lkI..FA..snm{Sk.~.ov4.....t....mUc.wK...4......'.TTD@....j.O..@....}...?.o.,....C...*...[u..j..4)w.. v}s.#.8.4.......`;,]9g..s..h.&.....`./,.Q.4..u3.M.4..].1...Wo....s..Q..3.....].w..L.B......}1V.1aX.5yT..5...s.NS....Q%.6(E/./#......-W.....I.|..Or.6C!G6.X..zV,X.Xt.3.Y3
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.825389559109528
                                            Encrypted:false
                                            SSDEEP:24:tcObKtevl7fLxIkMihx8K29K8k0kr71tNyfB62i:xQelHCkM8l1r7fNC62i
                                            MD5:1D16D2E988E8970FBEEC83D7981C5285
                                            SHA1:907F4351F42FA1DE7DC4E97D708797EBE97FADE3
                                            SHA-256:EB4A69DC654965D4EA364F14DBEA842F6708B2888D37CFC06145F27959C9CE70
                                            SHA-512:5C799757C18E41E902945BB0FCD66A150BE0BDBADE9E23EEFF6D56BD68916C573536B072E85486870C92567ECD39CB68ED261F11517C8B9401419E7A2B5F3618
                                            Malicious:false
                                            Preview:%.$.....w...-..A...s]....3..\.2.5..~w,-w.Y..yx..Lc. ">....S..<D.m.Fp.[.....Y .....=$_....[.`!}.-p.]`.v{*.M3...;....}..<.l..%..6y.zb.t......i8......E.QUq.Q..C_~........=..%.GtC..."."..Z....}G).e<5.....<..A.ul;....efp..H...Q.;..'.q.|;jPt.y6NT;...3,.&.....n...$..G...`T....9..G.1./..lj':t.B..|{..Us.9 0..#._..;A.o.Z|.Y.....R'.......;_....E.s<`.?q.]~.ac%.D%...9....t..&.~..l..U."R.&...9.U.U..v.....i.wu*.K....$..8.s......%..>.TcY....r.je.\..W....H.3..G.9Bd.\T5lTT.....Zh......HgU...Q<.^U...o.=..a~.<......u..3PT..H...ct..0...U-P.....)..[.x.d......$...9{.U.W.4. ..^C.8|>..1...BPF..`S...|S.....sh...]..RP4.....ag..J...m..O.8Y.=...,.T.W..k.....q.g`<.V....8..(.v......=..7.OpR....x.ip.E...@....N.6.._.;Uo.PP6tBV.....To.....N{Z..Y-=UW...{.:...8.G.*......w.iz._Y...N|...n9.WVJ../...(3.z....Mc........Ku...c.|..&.z.fV.a4...?...1z.eZ.0.{..on...ag....sp....$<...;......0z.....%....=*!.6..2=.y....'-+.f.B......,..~...".<..t.s..kg<)..........@.5...@....x.8\ra......R..2..1
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.833874242522172
                                            Encrypted:false
                                            SSDEEP:24:RPQ7g3vUQQ0fhAbNLBWtJncu4iyZ30Xh2vY2Iz2tY6kh5idwAnOvZWsQfB62i:Rf3sq+bJBYJnr4iyZ3xwXz2Rq+wYOO6b
                                            MD5:3BE1167E18C36E02D536BBCBA365BAE8
                                            SHA1:FD5BD9B288A25A7157F681981765D45462327E09
                                            SHA-256:8C8DEF0C5B5F0A99DB2238644306058B061BA6A773081A5EFC755BC293362EA9
                                            SHA-512:63427A0D7019292E4F60349686308475368A0893328F437D54D2D8773413F64899CC47607E544449E7B8FE9AB2480936030789DE5761FA6E000A58455042AF12
                                            Malicious:false
                                            Preview:_..[h.S..0...8..<.f.U...?.O.xn.c...6i..1.a.A\...t......s..Y.RD.M.x=......#.S.2.C."71.,.....<.^.A./....'..]..i_.{.X...b.?...,.FK.9...J.n..TyWn..T...T...K....7...||.0.$.$.)y2H5p_..+"O.n=..3.Y....T..2X........Z@..G....Kh..t!8.re.Y..d.........CV..E|.]......1..:..e.\...7.E.hu.`...$t..2.v.D_...d......~..[.WD.V.t+........-.].3.P.""*.0......"._._.8....1.._..fZ.u.B......@....,.....S.5.`7.....%..9..X".....i......... "H..k8g.?.L..!.X...N6*p..6L.s.@J...m.s~Q....=....C.......8..U.K...(...@{..9...%..efL...Z....+~..g...O.'.Y.M......./..'..P.......'.N9.8|.T6...|.6x.)i{U....._...u.T@AJ%.e.....FO.:E...w....E........A.....>.....R.7.b$.....=..,..E7>....y..........$+].l`*q./.M..8.F.U6)v.z']..m.WA...n.e|A....:....X.......5..F.I...&...2..^/qJ..N.~0.x..3.D....$w|.I.U/.....uK..!,....G..).......G....g........r5.m...j..5../.?A8......]..Z$....M2}....g..j0.@.>lm.}...~.-.n.2S..'0....x.Nc. ...KVWf..A..0{.M..n.\.;88..c8=.I<......._PY..l"..2...i...'.K._..(R\.{...!j
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.851126783527286
                                            Encrypted:false
                                            SSDEEP:24:+YJrUbmEAqFOSe195wxUsUku5+mfHAEp+R2pF0V2f3OHvrXfB62i:+YlY/tHe19vsUkusmZpF0Y+vl62i
                                            MD5:809DB4B4A4E6A80E32DCC5503B1F37C6
                                            SHA1:2C67F67F3BB2B93131DA883E4996AEF867A3F88C
                                            SHA-256:C3B0B681420FECC31F41606CB37AE1EF884A7490281E243FEEF6BF2E19FE644B
                                            SHA-512:EACB71897682E18FD7B5CC21BC75D0C681230589C87377C8A7D4A2CA08501643BB8562B44F52C4AC88A32209BDCE260CCA2B052CF1B056DC0FE5BDA7AA27CF04
                                            Malicious:false
                                            Preview:.j.K[bN.3.2".c..'a=....}.Y......;u...U.<....GT......;........~..f/.Z.lWW....|s......!.O..oc:.C..cp.b....Y%M..?..i....}....E.s.4.gM-$%..*~.B..A...m......N.:..j.LyT.t...In...A.....>.M]...o."e....C.f+F..`9..............N#Y...E.... ..v.i5..:E.o.A_~[.&.%2.m..2{&....a.Q......-}...O.<....._Q......;....'...v..c0.C.hYN....oa......3.D..hh(.\..gh.`...F&Z..#..o..........L!83j.{.q..}..g).p..Z..1.6<RuM..!..f.ix.' .sLq....(..5 ...6..<_..[U.'|.%...U/....%...{..1..ZLQ._.........o82...x.u.........oo.?..t..`T..!...Jf...r"..{.\\@..+y.%.w.B./..8Ix^..6.iu.z.W...,.."..z.$..S0..8.Hm<R..N.....L..]/V..xW..;y.Zn.c....6......I;0/f.z..m..}..`(.q..C..%.5<WcY..+..o.ko."%.wU.....2../4....=..7T..CZ.1b.(...D ....)...i..1..HT[.Z.........`5......s.b.....nT`....h%.V.^.F+3..?........B%.4...Z.[3...%...r.=Bn?...f.~.AX....U..o5....]9B..r..A..,6...;...H.$`.C>.*..G'Z0..d.$.E.......'\$.ef.......S....i.....$..........2^..<..B..0.I... G......-].N3.7{.|.M...6q.P.Ja?f.....<.+4.M{.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.852121340842886
                                            Encrypted:false
                                            SSDEEP:24:XpOn5wxpu+izBr+Qj7gTwTiQ8dJPnHXxCSVqzP3F0lLk5h+c2fB62i:5OaxpudVrZj7+FZkSUcMhVG62i
                                            MD5:3CBA43FC283CA2A3E6D9BDE2579B5F79
                                            SHA1:FFFFC859162C198D13D126DA8F0BB8A54FEA0D42
                                            SHA-256:6BE517C5AC57448322521834322A065FAF7A22568A174A16C5B75C2743A947CC
                                            SHA-512:3209CD43EA6FAB7EFBF1A021B39D54722A8D958B38110B0E8535AA5F987034AE8E16ACEB4328C2940023476BFE88993C375FCCC6D85B301F32449B5576191A19
                                            Malicious:false
                                            Preview:.a....M...[..GP.-a.....jY?.J.....4mw...M.F..?.........ncN.z.8.G._......0Q..]H...T! xT".W...J.[...BQ:jl.RW.E....n{..l.<......9]!...+h...5.0.Z..|.C.@~.f.....O....A.z..1.!Y.....3...........q.-..;.,#6..v.5T]wV...... ........Q.su..v6..>b..]Y.H1S....+..g....A...R..XD.*|.....jG:.].....!ek...V.@..5........rqY.c.'.F.Y......3R..UY..._'(x@9.]..._.U...E^7tm.CQ.F.....z.u.9......d..e..../.)bG..y.&U..fkf/i.I..8.v.m.....E.N........b..4ws9..L.?.....Qw.o.%.....=...j.....?.A(....Q..[QAR=0.A..R!..^.c_..i.dR.6.c#[x..3g...{{.L.;..Gu..%....k&..Oo.....SKz.tG:..u.....c...xo.0.p..R.4>^j..-..9.W@v.6...F.Nm.Bb.w..._....%......-.!=D.m...z....$.2wH..|.+L..ok{'s.X..:.{.o.....\.J........i..4kc ..\.*.....V|.w.'....8:....e.....6.W%....U..ALAE?6.M..U3..F.}Q..? x........V...vI|5...2......%..DF3....!J...RW....0....{.V)X0b.._e.....u...q..F..4.+j..._...e.+..*Wo..Ed..~..mU,.'|.I.J'. .(T...q...-V2.;...(...9..<.. .Vq.&TA.e...Px..k.lh.%B. jH..~../..\.X.7.....C:B.h.O...|lv...N<|.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.852215877769082
                                            Encrypted:false
                                            SSDEEP:24:LtmKdIDoREEcUmDa4XZ+WQFiNit5NqOegqsqlmRsqYByfB62i:Lb56UAZFQWitzegqVlvc62i
                                            MD5:8EC8C5CC380A19083F90C94F2554D89A
                                            SHA1:19CCE08E5081D797C57D2A74C08A6726AC742610
                                            SHA-256:D980211D32F10A5EC9D6635200BF2DB4EE757685DFF654364F886B25B75ABD21
                                            SHA-512:FF33AE557D8F5ABC94356918CABEA699447F16EB3F833360D55BA8225A82F81772113826068154E24E3E2ED2AB60CC0FFC4BC64BA338B091D524128685E2E045
                                            Malicious:false
                                            Preview:E..,....aI.,.X...o...g%UM.v...n#f.....6ez.B..Wn....p*.B...3..G..;...r.?...<:c@.......o....i..N].]...TR*x.....t$i.O..nnJ.q....h[....m..T..~..S/..H+....-9w.....)..Pi~..i*...p...f.....g......0.z.9.1..8..T..y.Z^......|m...#..E.S../......".{.../..ZU.L..8....{].3.G.r...w.US.k...}'j.....*~c.N..X{....l7.P...!..F.. ...r.:.../+kQ.......{....~..OS.R..YL+{.....i,i.N..weO.a....j'...$.......S.p.(....)+..Y.0s.-..!O.Y............tn..I..p.............'%....`.[.......w......(.o.j}9J...>.O.=.....-j3..V..2.?.].UD...Gi.H."....0VI..q(|.F.h^.....C...R.B...F.bX.A7....R.q.H.(#....xv...hZ..7.n>.If...$Q.....M..'.H8....*.}...y.p..)6...8.........\.m./.... +.wC.!n.7..#R.J............ze..Y..b.............;'....v.M.......v......'.k.yg$J...2.I./.......3d%.._..q...5.....Bm.....r.|.89QR.yz.h.?..yZy...f..{o..;..P..9.(....8.!....5LB.i:.....6dA.p...z.E......=..U.vR.\6...7.z.v.. ..`.......=.6-.W.&AO...?.u.9N..p.C.R.cy.Q...Y...Vq.r..B.i)7..oD....imf..I....p...........).SY.>t...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.837839049006343
                                            Encrypted:false
                                            SSDEEP:24:aSVDMdoGW4J5+8cn9weUNVNqoKsE9zYznRZha5wwaZO47U4u1xmCTHfB62i:XhMdoGW4J5S9wexDsEVYzRZha5wXZzwc
                                            MD5:B6FC2D2341A9D2ACFA27D127245DC5E3
                                            SHA1:73D4AD29D04FD14D0EB03110C5F10FCFB92CAE29
                                            SHA-256:A801F1E470D223FE00B4164289D3953F96568C88319144A8B824115FD4DF4825
                                            SHA-512:0C04270D979A2D42781364797EDDA8671EF9760537183A8D5C003AD99A54BA11D9C4A500B37B22F5FB2FAA3749D5D32F03D920DC88AE787C825202FC86AEC002
                                            Malicious:false
                                            Preview:..........lr.f5S.:......M....9.X]sX`..\...s..0>..f.L.....&...U0./...w&UK..R.4.'dN.L^g,.I.@e ;WFXw...*IU_[.\..f.M|...[..W-..,f..M.Od ^..F...V.joP,..>...".........R...!.[^.9B.e.+ ...G!XO;...........V.s....P.Y86.%.s.......2K....$&..z..n.u....3..........mp.q2F.<......H....!.CWdJw..F...r..=&..c.K....'...U4.>...n1JS..^.%.8wV.HPp+.Y.Vn38C@Yi...&KPSJ.I..|.Yv...T..]0.........2.6...a..LI.l.....F..e.%.d..YR}..,..c@.4781.=z...z.o.EO..J....p..........S...H.O.h@MQ......4...l?.$.5zQi..e.).$/7..$.L...;..!k.0Ab&=]<NX.....477.+iR...r......>.J..d...S..;v.D..D&...}...YWw...L,a.b,$..K..\..;........f..|...i..5w......MC.~....|...1.<..`b..@T.t.......Q..s.<.g..NLi..<..e].<.+..(q...u.{.DD*.R....g..........I...Q...X.sJFM......!...{2.).!vNf..u...>48....I..c.....^8.!u.4...0.i._...=nL.o,#.....?d.1..g..u......Q..=`......B$F..{....P.CBy.|....x.kAe.~.C..1.Y...D...i.,...e..O...J...+.2.4S..9{9.....3.|i...+.OEX............4u.qR......T.l.^g.{ ....W.=.=}.......mJ:U^o..A..$S.'N.T.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.8432303312912355
                                            Encrypted:false
                                            SSDEEP:24:HZRWD+YGx8JdB1eIRTXevDhcob4n1rwMmU3eDfB62i:HZRWDpHb1eTvDpb4n1rwMmU3s62i
                                            MD5:116D875455D7CF8E4BCCC24F9E771248
                                            SHA1:41CAB707281B77AA698452F3CC6DC942868BA4AB
                                            SHA-256:2EC33D4DCD4E13D13120246A748CD1CB5701C401436483622942FE52065ED2BA
                                            SHA-512:429FE9444DE84D35ACF3657450BB49B1CD765FB1B69625B1F60477E3F6D921E9B369A9C74A8037237490422FAD5DDE738BB5B1F8482584AF8392FF777766BD28
                                            Malicious:false
                                            Preview:..P.dF.v.w.m....MQkI#W.6....W.#..H 8..J.N`..).('.D.....w)..C......((.+...E..A^.+...$..l.r...:...R.2...c9/7..P..\.|.._Fq6...h.......:.!7!.....=.o..f*..Ru.Z....;..T.....%]#hYi?.m....>Jn.%2..Y./'... ....0.b.....Oi}...E...0...>.$...9_..!.."j#..Q.sH.xfr.o....XFyO1X.3....Y.+..N;2..G.T`..(.+*.[.z....y6..E......'9.2...O..AO.4... ..k.b...)....L.2...f5>#..[..W.v..MIs9...f..P..?j._.|x.....8...4..:.0.p_.y..P&.P$..\..AP..*B..[.vf..x..}r.2.&.,.`...Q..R3..`a.......}...,.{|...h.Y.Bl.9.ki.........r..K.b.o0>5v5<...Z.A.6. k........]"..(Ic....B......D{..ZrK5.i.[}......%D.i....,.~M.)....D,.:\..&..;Q.g....I.Z).!.......K..(o.S.wr.....%...$..;.,.gY.o...S8.G:.M..SV.."[..S.}a..w..`s.6.>.1.~...N..Y3..b{.......f...;.ya.....e.T.V`.6.ny.........}\.....f.1..A,$.....h...W.@..).1@OFC<.9o.d..9.._...T.)...@..*`6.h..<......F!.v...n;...@(S..,...^..9w*...3..8...#...z.....x+W.......j*@.f.t.....k8......m..;....MG.y..<_...S#.R..F.&.1;Y.i..5../..t.....Gs....\..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.8537790024989445
                                            Encrypted:false
                                            SSDEEP:24:51Sft3wPeQ8l4Fe6U7bJqxQnL2jWP/wisSRJ+Du5wLW+qTWcfB62i:51Sft3Qgqy7Ew4Qwcn+ewLi62i
                                            MD5:3BA4E530DE37569C80F23A5E529F7367
                                            SHA1:C192B028CAB4D1ACB07E847150C67A8660398BF8
                                            SHA-256:78F869419A51FC4B29F8FD3945FC26786FFB4EDA73B4151F0516D4AE9F26C4C7
                                            SHA-512:534EF1430E3BC2C71D0989FD86C90849DD5BC7ADFC5D3E15BFF308B67075A53CD54F4AB180B4ABF93CC5081154C9ADEF284A819EE15546EA553DE3996AB21F7A
                                            Malicious:false
                                            Preview:..t..c..q...oQK..(....n....XV.N ...c.l...n.]H}..`#..ZaroW@.%c.k.bHj$.*..`..S0....P...!.:..t.L..6Y@..(....!...^m.UQ.I....N|]o...DD.K`....M..@b L......k`Y!{.+.Eh.X..>..S..M..0."W.........=.i]...z;a.a......m.g.!....0..V..^S..h.....m#..c.......X....{..b..y...tT_..1....|....[N.D,....v.o...y.YJd..o8..^key[P.%..d.oRz#.:..i..C9....J...$.)..o.C..#LM..#...."...Wh.ZI.U....]jE~...R.PY.dhj.kD...0m".'.h.`...s..5.Z....8..z<\......A.w......L..n.6...M.......x[..B..a..<.7.S3...n.wv.t..<.$.[.G.-..i/....... ...W_U..2.d/.hA....c..J..j...:.x..i#dCltH.4..~...U...x..0..p..+.5.C.V..lT..e...T....<...=-........oN..\. eI..=...o....8o...^.PS.lba.fZ...=d..7.x.g...t../.\......m8I......\.o......A..w.)...E.......a_.._..p.. .,.Y ...z.pe.|..?~>.K.@.*..w4.......&...[....%2o.<.'..4..W...`ft..7..4.4.s...c...b!H.....O....dk....h.9..WI|..!.P..H.t..,.F-nc.#.........w..3.l..w........}.a..U...T../..6x.\.......r. z.....9.-.K7..G..l.p....s....n....9..............`...E......1.}.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.815799371928669
                                            Encrypted:false
                                            SSDEEP:24:+jLxmQzUVXDmJkleTqKCPbmi4N7nnQKEx0bFbNhT62fB62i:yLxJIzmMeeK4bmP7nQKExabNh2G62i
                                            MD5:3573925B760A58F7719F6D7208EED0C9
                                            SHA1:CBE5DB44218DD27706086BBA069DDED116F54AC5
                                            SHA-256:22863EC618EDC7D4D7C581E2CCF821E5054A8448B5124F24E45FDC97E96BDA88
                                            SHA-512:324FBEFC1575575A057D7529F3168B7EE2538A91E189CFA0660907FE7DF9F7B059175223B22B7FB29BA14042133A8552D9FABE7D873507FCA7B24EBAC2F3B65C
                                            Malicious:false
                                            Preview:.N.O'....I...{._.I.>...e.L<U......*=5.....-......DV..H...VE.(...[...'=4.;...X..-.=v....)..1.....v...n...9..<..15X..Xfm.M.#.r..%..M....S.Z..'...l5w...2.<..v{...........Q...d=.@G...J!..s..............RY6.GE...t;..X.T@q.KL.$..4......ZPB4w.....<.^.\;....R...f.V.H.:...s.[-Pe.....=+%.....2......MN..W...GS..6...U.(.;*?.:...F...2.=z....;..2......j...`...).....!>U..Hon..y.DHJ9..Hx.3V8e[....,.{O..8....5..P.4.{..>.....S..:L..yk%eT.F..=..B.kB.~fB.L..n.|..0......s.&.".#1 C..m...;.`.rO.g.n.t...J.(...-....'...E...1.1..>.*....Y.....X....AOl...6....%.C.z'.8t.w .>.UUo......!Q....._..y+.d....D..`.. ...1P...m.q..t......s.DZ@)..Za.,P6mL....1.n^..3...9:9..Y.4.s..%.....[..)A..zf;rU..[..8..N.}G.tzS.Q..z.k..2......i.$.=.5*5I..t...$.q.qC.h.t.v....f9.x....EP....."1.k..|.........P..5.s..c...~.O(;.x.h[..E....j.G.......On.W....7<..D.K..9g.3.3.^<.=^.5...W....V']5\..p.........I...:'8lY...9.6..=........9.M.....;1.z;..W=....-t_.<..\..-.P......_8G..l........3..I$.E.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.838986007998514
                                            Encrypted:false
                                            SSDEEP:24:IQGxGWgt3fVeUDoVU6c8QOIJKSmeDeK0Rhe7EK6MDqaVKXufB62i:IPxGWg6+6dQzJbtDeDRhsDqB+62i
                                            MD5:22FDB4FAD9E6D93A8B2CE071A8ED95D7
                                            SHA1:8A7D64D42980FC7B4A728900CC1924A9DD0981DD
                                            SHA-256:8000A0CC48A3ECC9276A6FFAE20B4C5697B28A6529919332117BC5AB60FF69D1
                                            SHA-512:8CBC58657842CB40380CD748D45FF817BF59882E436F09F432BCC72261D265A1CC20349C93062B928CE835CAACB2321A47FA2040AB6159BA52A1E84A3C1F9FC5
                                            Malicious:false
                                            Preview:T.Ni{2q..k...*+b.DNOg#.nC....u.C".e......(.x,._o..l.....D.|y.N.....6o.. ...).d..O...=r...I..N.0........Q.'D.k.PZ..N...D.B.i..bg........mMc\;.....z.{..=.uwR.x.R...,.......e.f..^...@.G....7|zb..^Gf......4.!...?.V|s....P.....Q#.z/..w.. ...:..OW.X.c'|..g...60y.IDI~=.jD....m.Z-.v......3.g!.Lc..`.....U.aq.M.....1m.(:...2.h..L...'s...T..K.6.....j..Q.&F.m.JJ.._..G...9...;......[...7a.......UX......y.YV.SM...&..`...F....M.v.f.....cg.yb.g....EZ.k..ec6o1...'.n%-P.....X+.+....:+...#.sf.x.*.....W....p.3......-..../N......|....{..};z....o"<.GNQ[S.-....X.6....73t.t.!..(.....WdV....{.3.\...4M4$..~.:l/;?...J6..e../...=......F..>s.........W[......w.AC.TQ...:..h...O....\.r.x.....wr.}g..g...._B.c..hg0v)...-.`(?L.....K7.&....#8...0z`x.@8Z.c.......9T..I....97.C...r...[..c.....b...6.4..cxTT...|..n.o.......P.....IO.O.T{BA.gZ.....#M$.m...Pn.C.....l).P.U..Q'.CSS.kY..@.?.....1.mk>../,.FK..^8...1Hz..]....w...=.tE.|.-........\.<.....O..?.Q.....7.<.....v1o)k.
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.857727897529752
                                            Encrypted:false
                                            SSDEEP:24:z1z393tdDFRehESez6N8F7cBm8vqy2XLv5hI6tZx7fB62i:z1z39/DbeJjN8F7kSy2XgWZb62i
                                            MD5:65FBEEF282C1104F0B8E2A33BF7F0C91
                                            SHA1:0043A50E8F5E9613DA088327DC9426C2DAC1C07E
                                            SHA-256:936817389E3EBB57786E228529A74005256FCCB7277429E2CABD4EE8CD038E80
                                            SHA-512:2B9B575F9C1EECA123C6B8842BB046C723C7B22B36BFBE97743BE418F5782EDB3FE17197F2A47D871E34F1CC421E9E7CDB3D91E0D240634E038F85CCB60FC8B5
                                            Malicious:false
                                            Preview:.b...Rw..Q...L........H.v....m.R.gm....K...8VUB...D.da......J.i..e.....1..n.....&...x._....!.O.....*R#...m.z,.)....W...u...E...+M.3.....oC........8.n.P5Az.g`.h;...\F...9.]H.......#1...i.od?A.3Zq....}....j.......=.J..=...VML.P*B...........z.).y...Gz..]...P.......R......x.].oz....F.#.+ZZL...X.up......D.e..f.....'..u.....%..b.X....%.O.....%U6...v.{../....Z...h..TLg.J.$.....]...C.\...8.<.......8.....58.M.#.......T....g]a..I8...&\..!..../`. ....VV..v.>./...P+.....4sh.Q.l.^.{.....k.Ke...V..lp@.=k.. ..d9.h.Y..2|.@v 9..cB..S+.[.2.,...-.[.....g-.@.t461..C7.......h:...._........XC.5t......n.$.m.\h......F.....(..]Bq.R.'.....L...H.U...+.7.......?....;+.X.$.......\....oN`..M6...;@..5....1k.4....NV..z.:.6..._%.....(by.M...Y.|.......m.X`...A.b.S.O.{.^..hOOrc..l..W..I.0.k......).].....m...O.....5..f.,+..?uU...o,.'..?./.lTwxh|..\......o...HhxlBf..t.y..c..Y..6.A......+...)..t.tp......9.x._.n2.~...u..F.R<:..r"g>..qY..+.e.....0..I..k..s....z_Z....,0.....i..2.M..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.846293487049308
                                            Encrypted:false
                                            SSDEEP:24:5QkrJNbjcg1inIsVqvI97YTtUyKVlWxTpgzT8ra3qNNR1J6lrQaIf2EfB62i:5PFxj1snIs8vqYTtUyK/Wxakra3ql1sH
                                            MD5:CC06CDFE06ED7191452D0C5F026A6486
                                            SHA1:18586A738535B9AB5D90672F80126D268C526E79
                                            SHA-256:81C1C7A25AC5221F9BAFF5B2FF3F81B4C441D0645DFB891B0B472C29F4311D5C
                                            SHA-512:45FEEBA19FA09713053685BFA116026A049A75DBEAE9C89BF096E10A1E3E9204F935D29A242FDE357EBFA9C78A514D0974F944E1C5FD1E24BC91157F550704BF
                                            Malicious:false
                                            Preview:.....C..b2....?6....7.L.I.V.Xf..?]L....;l....>....'..C..s.lG./K.]2G..-..........0,MJ....0v...7.y.e....dk..,.#.0..&..$F..<..tn...s5..*.........).[.l..\.)<.....$&t....U.*3Gt^p/.O. ...Z...z6.9.C..Q...1....7$-.z@..F2...D......Zx.oa....!...[......".....D..d2....>4....<.H.E.A.@o.."@R....2.....!....:<.M..~.pA.*I.I+V#."?........</SZ....3r...=.x.l....}n..8.3.-..8...P..,..bo\.m.?.%c..m.:4.j..%..3..oC.2..8.t.;_.*S.....j.3...%I.>;...r.Z.j.]...-8#.~F.....!..yL.A.......u.E..M%.r...ro}mJNS..Sz.....'%....Q..L...1@.}.na'.4..f.i....`$..d.@.#...v.....a.B...}.....#Y...j.?:h.....q.u.7`...ak.8.N..).,0.".....H...eZy..|}L.m.%.=r..e.4;.r..=...#..zV.1..8.n.3L.<E.....q.4...)X.$'...y._.t.A...?*;.n].....+..eF.U.......d.M..^".z...zqsfYVR.Pf......`.lwE.<vE...{..h.8....X...jT..G{..Y..D...w.U.\.u....a..y.;.w.I.q$........k7.... .a...2...\M.7KQ.>$.g..^LV...l..kDw$..E.....kt..-..1...c.D.|..C(`....g_..C)4Fxh.kO..r.p........3.u.<L Mx....(...n..87......]s."........)..:.b
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.823037486694924
                                            Encrypted:false
                                            SSDEEP:24:ZWCdCE/3AoYxf+/5B3Nf/PG8mA+X0pwOYB8eSqJjmc8y9/IcyeRZKfB62i:ZW+CEIPfKRm8m7XvZ8FqJjV8y9/IcyeB
                                            MD5:B30FB035D86113D4E2C5E9B105FC2166
                                            SHA1:0E750CCFA06209BBBC0103746B99BAD542ED6B11
                                            SHA-256:CD0AB3D5BD7253E7978F58B359BCA9849976F0F5066740AD8CE385AF373FFBE4
                                            SHA-512:129088128DEA522E78FBA32BEC3083A438ED293C9406F7AAE28BC48BE87F302C573D8CFC9B71647D019613CB42D6FD1B2934C7CB4C7EC88846D00F142A05D15C
                                            Malicious:false
                                            Preview:..]2"..}h..".v~....rM..I..J....S...g7..."...@.<.(".pzUN"L._..k..t,Dn._...C&.0'.|&kV..H.....0}.../.&...v\2.+3..`j..0.e.g.v.{2.~.j&.1 ...F4j..Up4.....i...)/..G|.>..&z..Rb.v.e.....&S...h....I..At.B.....m../q.A.&.Zx.U....B..s.."J.1..I..:.1.9.....m\;kX..E%$..og..7.~s....v_..X.7U.....R...{....?w..H.).)&.orII/Q.N..e..e+_m..F...O8.!/...a]..]....../o...3.5...aD#.* ..dg..>.k.l.s.K.\ ux.X...!{SqW.F..1.^}....vS.....J.Zh,87)..".~...4..^.2.l.<[....CqE..._.$'t...(%X....0...-.&..{.("..1r.h.u.. ..d..kP.%...`..y.qm.y{..}.....\g..q...1..#.. .Y&...pm.f;.r.9..pv.fb..?!el.........H.+....m._..?.y..N...0.(.L<..scBa".%.%d.O./Z.X|6`x...u)...C..Y<.{.\...%uF{L.F..).Uv....b^....D.N}!(11..,.o...1..Z.0.m.&D....VmB../F.&-g...*1X....0...5.4..d.-;..2q.k.f..?..x...N.5...p.........y_&.........MX S...<.O..2}..h..(o..-t.b......[^.`.'........v....k......3.".P...w.... ....]........S..uA....Z.8...6o'iF,:......\...L:,...-...h...1]..Oz2..8=.B.\..k....x,...Sf!......y<;.]P.E........a...5.F.uc...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1274
                                            Entropy (8bit):7.8398694626299115
                                            Encrypted:false
                                            SSDEEP:24:leEkUPHAu55mjekTo2uq7L4nkhaY1fmoBxCTs/lkoSGy7Wlm1SuaLontfB62i:laKHA2mjxG2YYakuuCT4GobqSncf62i
                                            MD5:F3635EA6F31A0C423F1CF16568D5B192
                                            SHA1:8D77A732A38F5E123AFA2748C5A238BFCB78AB06
                                            SHA-256:E29AC77BAF99AA87BB33F349F5EF104F4522708F36E5C20278CB10F8429DF8AD
                                            SHA-512:73A9C463174978CD61C8E99ED833431CA161F663EC2E5E4BFA11F0512E20D59E7482BFD7616E883B45C60D044B908D5A060F6E1D8EE0FBAF5993A3C5F088FB92
                                            Malicious:false
                                            Preview:....(.c..~z.i2II...YZ............H.f..2..2.U.a.q4M.Q.%.'u...I.......9L......=&Uby.?.4;|'....w8..rD..d......%....G..]AAX.,....?N.L./.._. ...Y.lj\/.....d..._..vw..P....._Er(..".T.....}% ?._.......H.....5..-...\...(#P...m..z..4.....{.oq.A.o..#E............4.b..gh.i&HC...K_............V.`..<.../tU.m.v2E.L.>.2h..[.......&^......8*@q`.>.32l+....|:..{Y..c......&....O..EPL[.:.._C.....|.m..Ud.T./..p:.%.X.+..%.?..;....O.'(l...N..}..3...4...6u...q....m...]..E..x;.\{..}.4..........t.cv..1s2.....":#2..4.?.C,..W=.<.uZ..I..LT"...........Zqx.9a;L...M..8j,.v..o..F.?e..Tr.F.A....9i..e....MpE..u..rZ.....^.;..X..yW]........E.E_!....s....Rh-S.+..c0.>.N.%...."..,...M.+"t...E..v..6...0...7....l....|...]..Z..o+.Iq..a.4..........c.kf...f3.....-+<7..xS..8.nfw:.g?a..=;...D.......be.......Y.....ie...}.z......b..>.....R ....eZm.gO.St.Y.....-...&.{M.....H.........H<..s3.i..;..A.8M!o.8......VP.......x.d.......P./.T....M..\f.|._Yr..........i(...;...T.....u.>...5..u.....X
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.8080960286969
                                            Encrypted:false
                                            SSDEEP:24:VoJlccqzXgq1K4peSa2+7JC3igLrAk/py00/frttfB62i:Wlcz+4Xa1t8rAkS/fp62i
                                            MD5:A44382EBC9CC88FFDFC5735B77536476
                                            SHA1:41651A769A22F9F60BFA3C02E66BB820EB4D4E17
                                            SHA-256:E8F33A23350E5D140F261DA48CB4CA596CD2F1E45518C759609E193D42383388
                                            SHA-512:0A0625F483098D15752D46DC675F32D41B43F806A22138E9DF2FBC97A51B80656EBA40E8BB4DCBD61B15B2A06578AFCFF1DE9A9DF67665D105E82B8179D89C02
                                            Malicious:false
                                            Preview:.s..v.)....b/.r.3.......B".9.S..'......|e.E.J.qL..L.^0...`d.~.w.`.lA..y.......ow.l.{Y.$MO..Y.@..F....A.7..4..N.l..2;......&x..%.d..;...8Y........`"2x..>..{.O......Pf_:V'&.#... ;.V.D.<.j..4..[..h.....pA.,..[P.DWj.....).t......70%^..8.&P......[y..k.m..h.6.u..a+.}..-.......H!.6.A.........h`.I.N.sQ..H.B7...jd.x.a.n.fG..n.......vv.b.~O.!DL..E.Z..L....I.1..+..P.a..) .....^..: ......#ix.2.M.c!.7......L...Up.h....:..f.S...#8...1.M3.E...%$.h/..k.61...n..>...6...,'h5..P.........N.....Z..b.D.Yz...9......,:...e$..c4...I..d.K.../.pbD...mc.h.....28.....o2}...W.5..x......H..$...r].r..".....!d........q.zXA...|......I..8,....'yo../.E.`$.0......]..._`.q....<..p.F...;=.../.@:.U...':.k$..g./0...t..9...'...$-i ..D.........L......H..}.M.[~..(+A.).Bd.....t._4.&>M.0''..&...H!..Q3.......0.(4.Vn....<.jn..J..^a"....t.......7....d(.No1Q.?...n."...2D|.i..q.9D.>...,.^..9Vl..d..#...ph....A1..N.2'....v....F.-..0|.*..I.j..d+.. "wr.-.2....&......Q.K.Q...H..m.Y.%"Q
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.831566229360401
                                            Encrypted:false
                                            SSDEEP:24:qMxaTF7BK4VHAtkRWQZkcZTw/fli+wgcpOxFD9zTbVZHST56k/nsfB62i:jxaTFV9gqjZHZw3qgt9VZHYZ/862i
                                            MD5:1EA636010BFBE6E852827643526D5C60
                                            SHA1:2F061ECC4D06FE15FB3954852CCBDDF6BEFCEC53
                                            SHA-256:1E7E871A0E0F0923CECBB3926E0C1BA36FCBA4E7157F54309E1ECDE6F7090ADE
                                            SHA-512:7AADC0ED65332AB18CBB7F8EF4E3099C58D296F8F5A0EDC12F7138189D1B97C06885D6B2F6313AC5799D8E8A0C44E53C236E1DEF90038B7B65322F8D4119D832
                                            Malicious:false
                                            Preview:.R.(.Hs.z/..k_......1O....v....6A.8.j.....%..y..0.....(...%.K.)...6.....y...QS..|[.MD.".b..I.....S..U;A......!.5.....q..#...;If....A.......6~-Q.Q.._..=..*P,...'do......'...A...,..l.J.J.........$.1.a..oH.............^.....,W1.c=....X. .3.e...O.&.Jv.q:..lJ.....p"P....s.... H.+.o......+..i..,..... ...=.D.9...#......i...NU..w]._I.5.o..J.....N..\4@......:.!......>...>.w.W.....F....\.7...a..P.h(..Ed.S.......Y..g....y..........8?B>.....L...&3.,p...V[.A!=..L.....................A..s....r|.o...._..@b\...B..3.*K.. .....H.......Q)#.[.........k.....p..prt.bh./...4.#.}.{./..J...1...J..~S....).. .;..I..P..6.7.}.U.....F....G.7...g..].n&..H}.Y....s..P..n....s...........!4Q8.....F... :..l...WY.V'3..I...................o..b}]... ...`.....y(...o..=+...U..&.X.s.1}u..Dk...R.......}*.....W.y..1h.Pk.a>..+.....b6...`.?.%.jb&.T...o..-[....i....!T..I.v...,.\.v...........@....*...!....M.N.V....`e...<<.5U.q`.........s....U7l2..rPd.......t....'.K
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.8393002370357125
                                            Encrypted:false
                                            SSDEEP:24:Cp54gZaUetAdSkW8Eywb2ekPbaFP8s5k7DD7fB62i:Cp546yANTJw6ekPjt7DDt62i
                                            MD5:3E91630762D8A941CE248110CBBDF790
                                            SHA1:1F013B118FB398AC4D63596B018D42FEFAF1000D
                                            SHA-256:72C5CDF0782A2220743BF5BCFB4A70F1D4EF2161AE6E155E59232EB27EC6467D
                                            SHA-512:D3A0AF4C2C077EA4C12942A065D0EA57752EE275466BC80F7155B702E271CC7F66950401DC77C0CB0F954661ECD4FF071E904B99E187C559CEE56B4CA28F9FD8
                                            Malicious:false
                                            Preview:......#.\NupM....N...y7@.....`V.&.../.v.".=.i..+.[....B....w..Z...,....w....F.p.7..r..o..Z..O.n...D.'....".X...6...X7..S.R\N.9.O2,5. .%..h.....t5..4r~DL.B\g.+.L3.H;....ze.!..C.A.z.....q...!.Br<gm\H..5.....JC.....W..o......~;..ow...........]....P.......&.W[xiJ....G...f6@.....vQ.,...%.|.<.'.u..!.G....N...b..R.../...b....B.r.0..s..m..\..B.y...I.5....(.Y...7...X ..Y.PN]......+.........^.qEe]. .<."..'.r...v.....Jm.0^.>.s!..a.w.9Y.A.mq..-+.4*{...T*.......B..>..!.$...SG4......r.....{Q.......az..)...c)....d.=.[.5..E...\0....)I.*...+..z....y.O......].1.4.+.1..h.............H......Z.I..5.....`y..:~;..}...Twq."J..<.......".........Y.mP{D.'.'."..!.q...x.....Ag.9T.6.b>..`.~. K.K.ew..-;.*)n...G,.....T..8..=.4...EP2.....u..=..sV...8..l....&.n,.......).|B3.......U.W8..J.....P.H:..\....9._.p.q[I...48.N.........1.KW$....q8....F.$X...v.~...;.a...7.r.nIMj....[.o.M...\BI*[.....`.0.Qb.x8V.k.._...:t....J.$-...j7....vj. ...S.PG<.#z.H....;........y.n.......
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.840166697299349
                                            Encrypted:false
                                            SSDEEP:24:Tw2ZWYcPv7fNKILBtzWw3YOWexH4wZFdhXLHvdM1pJklfB62i:/av5K2fKw3TWeNlR+/u62i
                                            MD5:ACE57AAE72D97F612D3847D852122336
                                            SHA1:44AE972CBAF3DC4BC23691C94391A80DB024C955
                                            SHA-256:23B0461BC43535DC2B9A5751FFE9DC082847BDE99C237064D9944C2B6A011DE3
                                            SHA-512:2BE0E9982E6CEF3D21869DEC3DC22F6FA29C7AE38CF000E80BAD5F41A07FB35DC2EDD6A2282D119307380C3BCDF473A517609CD15A4B7D1041A8CA98C97975C7
                                            Malicious:false
                                            Preview:tN.S..!.P.g:..d;.....N5...Y..t....<..2m% ......O.\....BB.~.D..5D.u.KG+.GA.f..0..-.s.P'.=.]..{1^...~.....X..G.jc.><-...XF..P.Aj.y...^yGV..q/e.U6.@4".tak.....?..l-8B...{.%k..8.h.!.I...G.q"..!.*.B..{..F...hj.2..........k...P1..N.)..'...p.E3"..uM.V..>.R.l0..e%...R*...T..n....(../z&/......I.K....OH.|.E.<W...IP).]F.l..#..5.d.S).*.L..~!_...k.....Y...R.qu.3/$...Z+..u..+.......j&..u.m.8.......2F1...=|.v...7...1......;j....3.j...#8.^....*..@W..y.1b..1.y..9.RP..FD...../ X..H?.Y...}A4.)..H..b.n...h.P..K..6.>c....QOB.6.6yo....mKF.P.d.O/..?......J...B.n..;.&V'..5..../s....hrK!.1.]..........t.u..sz..8..#..{..5......*.{&...k.b. .{.....=M4&..#z.v... ...3......&`....-.j...6*.O....3..MA...g.9h..>.{..'.QR..KY....{2)T..E2.G....hOsp..S...A....rK........4QK...(.Q.*.a`gW.6...w...s.G..6... .4..N..gMe.=Z.J8 ..Z.j.....m.|YP.7@UJ.Pw<..X!h....@.T.r.T.ZJ-..r..-.L..SU3{...m..J..CZOB.U.g.V..>..Nr.|.\.C$E.0N...e\X..T.....D.&d.k.....-...\..M....KxuOT..(..}..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.833765111340429
                                            Encrypted:false
                                            SSDEEP:24:px6gsZpVImiwiZ8kHK0Wt5ql/GwWMUTR3VL7eqfB62i:LsSm8ux/5kWMUTtF7H62i
                                            MD5:365E6563DEB80B0C07858489A8531F70
                                            SHA1:D8C4898F3B1350A176F9FB1367BB025D6D31B740
                                            SHA-256:A18A77E9F575E55034738CB6CADD1A87D897A5CF4003D965E09597EE8640E4F2
                                            SHA-512:98EB58179637C5D194F259F6FC0F0E54A1B390CBD6B5FC02349D286031DE457FB675AE7A912C8DF1B34D32A17A4ADFE884C5B7D2289563B22FBD0A7CA754BD19
                                            Malicious:false
                                            Preview:>..-*...#.......9....Xf7.@B.....0...2..}...(...}\.Z.{....N}[......2*.X}"..i.....P.Y..;..'$..`..W......'....A.n...0<...h..@o..c..k....c.A;..6..S].p....!...%.ZzJ.5. y..\....]Vf.G..a...!..}..{A..Uc.1t......>%. iB...4.?.?......d.}V...-..7..C...^.....g?..(&...!.......8....^{+.YK.....*g..:..f..+...tG.V.}....PpQ......!!.^.5..s.....C.^..1..$*..q..R......-....B.o...&9...l..B....W.V.JB..w...].V>.Z....T}~N...k...~X.1..uW6...8c..G.p'_.Q...H.L........h..N.tWL}g~...uo..5.#...[jUB..(....R..G.>.c.B.........!.:;.B,#.t.u....|9..b).4...u.\...2..u.......6...8........@51..~..g..r..pc..B..M/b.....l..[GZ...xU{.|"./..u:.^^rX....Y.%....P.H.DF..b...L.R4.D....YyfO....`...`^.1..w@1...3}..T.c+B.X...V.]...y....y..H.mKRpqy...yg..5.(...EjV@..%....@..K.0.n.\.......0V...M.J......L.-!'.....B.\......{...4H.Vn0(x<W..Y..{6.r*U..|..>b.....J.]?..a..u.t...~ld. D.,ne...2F87.P.".r]........o.....)......?.t!...x...d..I.}...]..t....l..W,.......4.2......a;..'...u.....b.$.o.0."....Q...].t.j...)i..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.853313741780736
                                            Encrypted:false
                                            SSDEEP:24:c6suSmNiVHC4GVbP7mOkt8us4cPsfa04QxPKtzkdG10HZu7gMe+4fB62i:c6s7lC4qb7mOI7cER4QmcG1Au7ze162i
                                            MD5:BAA4A75A9CC761D2297020AB2EBF4605
                                            SHA1:EBD88E2CDE94088D82A4B37C3EF715553171F33D
                                            SHA-256:7224CF09088179F3F2D6FB54CB4E61E4EE9074738439CE96E60ECA7AC091D7DB
                                            SHA-512:D87F7EE5768FEF2F788EABFDBE8696C1F53C4B5B76EB7277F46FC2A3A17E8E70F342050BBAA97954EDCBF86DC2B95FFCBD69517D3C1C7BFD7ACD337D1526BF64
                                            Malicious:false
                                            Preview:Md.j..i.!...@H,R).lH...<.<......C..B.....-..l....^.P.L.`E....=.q*>...Y...Mc..B.^....K...$\...Lc....A..f.[n.........Xy....g..>aI..8.5G.....u~.....F.dE..5._....B../'.kdf5...o(\..(.."2......]..)....f.........Q".`.u......r..q..O............1scM.cYs.b..~.#...GJ>Z,.zS...9.:......A..N.....=..`.....X.O.].{D7...1.k %...H...yPu..A.L....L...%L...Ox....Y..u.Vo..........Gk..........me..8..R.u......\..^aZ...o..$.DN. |9.......u<.t...UY.......t.B....p..:.....i..@_.#g.m.W.{.b.....s...+..../V5....8.@.UI.c8.....AB.C.7..j.).;.....q,...*...1.....CSdO....H...5.jY~!...+....Y...w.).....?...E.h.|n.u.[....D.x".....i....RK...&.......rp.. ..O.m......@..B`C...z..>.SN.9n3.......j0.d...LD.....+i.W....l..%.....z..CA."q.f.T.v.}.....o...0.r..!J ....=.E....R...P.WfD..W.Z.....`..6..l.+..q..T.....=?!.r....h.\.=../..V*....s...~...l8v<hL...\?j...h.0....T...i..l.?w$.q|.LG%<.;s1.....{.Q...na..w.l{.T..U4..N...@..).......dq..,...h,....T .6n...?m.)a?.t..Bt.EC......h...Y5N.nkkl..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.8446922882543735
                                            Encrypted:false
                                            SSDEEP:24:9tFJxTTR/YK/S8CakJS/4H2etl7qq6nC8w/rXuYEaSM1K4fB62i:vFfpf/7CN0/4jl6n2rnS0Z62i
                                            MD5:0E0CCFE274E0763E76E9F815A623987E
                                            SHA1:2BBE7ED013DD2C770D1198DBD0407B16ACCCE892
                                            SHA-256:5E0C33F22426CF8AE4206C6B70F96C4958E5A758D9A565B28B95CB75BD5F9B9B
                                            SHA-512:CCB2F28137F36B2B53AA353E7BE401CEA5523F38EC3EECE80570C0DBCFB5AB346B3A8A7D8BF1ACB5798B73C1B097B1B4DD6EE4F863B3E82A0810E377DDA9C728
                                            Malicious:false
                                            Preview:..........n+yy.ew.Ut...........c;....uH..bv....^A....?N....[IN..[NshW.f.\OBm@.c...b..j...7.!~.}$.mB.{e.G....|g7;|..}...l.a.Rr....=..p....W...j..Z.1.._Z.......-.'.^...._..P7#.{..e.(...?.....h..VO..D....>..m...h'...<t.*..}.P.ZN....bd..?..B...........l$f~.|w.Sr...........u=....|T..uh....NO..t.8F....L\M..HHqvW.`.D^SbL.l......j...,.({.m+.zO.l{.E....no"*r..d...y.q.Nt.x.{..%.....].T..gN;.g.....e.c..V-..hk.D.?9.......h...!..@....mv.....'..=.... M.?..n-...q..q..oJ.F.:............W.:2...F...3.k-...td...^\...X....i.L2.c..+.{.TI..1...< ...m..Y6...Z........S...F..........*.<,.D.m.F...%...i...=.R....L...].)...h........|..0.....B.X..~R0.d.....s.l..Q*..nu.._.1?.......~...;..[....bp....$..-...m"\.3..m5...b..j8.q\.Y.5............X.((...I..g .t.y...L.n..<.R........J...7.,..6.....I.......]qi...$Q|"...q.H.V.... .[Q-.r.o.......[..O<..1!...b.....+~$.;S...5J~...,.O.>a....NL.L.f..w.<...-.P".;5N..a.%)?.|.u..D.`.z.I..NT..z....o....(....m.......>O....0..^../G.....TRjN].E:.M
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.825944149786015
                                            Encrypted:false
                                            SSDEEP:24:ucwmMxFn/rzhuvOoWynTvTpSrnZBHPhB11JtV0fB62i:ucw3n/XqTbnTlS/H5BVU62i
                                            MD5:0DED3E2CE3E137697069A5EA38EA4A48
                                            SHA1:C77D47F94C7B3D6D9DA5661575E1C6BCCCB487B7
                                            SHA-256:669A53E9BC309DE64BA47FBB4B5DA262576A1DDBBFC56F2F4767E28D76750201
                                            SHA-512:FA34E52123C05934EE3E3EAB77EAD074EA0F250DF5779D541C07BFFD0E630B61ECE8B38E939E09187BF9DC374F4F83A3F24AEBF005BF85949A2425F15F595C3B
                                            Malicious:false
                                            Preview:..."._u.UC_...5.)..c.6.._..4z.4.z...U|....x.........4a.^.!Y.}.=s+..(K..#k...*~.e).c.....N.cAM.%....}c..m...X...uW..H.mn=..GG...'....'.^..M(.ik........9&z.7^.=s.i.#3.;..U.I?....9K$d..>c.<..|.........7I.8.6".7..w._...=.qi..k..a.J..GS}Y...'..@8I...@....6.Ow.NC]...?.)..e.!..E.|>i.#.l..N`....f.........+f.Ao!T.h.,f8..(O..;z...#q.|3.r.....U.jD\.*....j}..b...P...{I..K.xn-..AF`...Z.vZW=D;=...j~......{M.....3<......J.....g.i#....m6.c?VH..LM..{.9:l7.jF.......\.e.,:..y..k...Q.X...9s...6|...{....J}..;....,[...$.N...DrH.x.L2K..`.....q.C...|..O...%+J...M,.F.iC.\.;.M.$.7...;3....IB..R.."....\...$x..:qh....?........;.:..g...I;e\T/@$:...hg......lX....4;.......E.....m.x?....w;&x+^L..JH..i.::~'.pW......._.p.+).....t...E.X...7t...9h...s..n.Yi...%.....nq.}......W..:"I.ep....8^..8...kJo)c......C..3R<...c(....RI@^.Yy....\.7..-p..'..7.+t..[.*41.G...f..?.(.9.s...he;:vK.(.@.^.q.].v6.....^..r37...2<..`.N....O.....q.....tAa.if...*..W..-..%j.}z..H..<...v(.e.6.&#O.9T.x.I
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.832885260950089
                                            Encrypted:false
                                            SSDEEP:24:hnRrBUJrKgUu3+lbnuzToAOKiXRTBIb0s6ugQl1oxxA8p4nQRmq4cfB62i:hlqpb36uzToEQsJgqGx9UEm662i
                                            MD5:2433439014BF5B8BACB68F8E13B14499
                                            SHA1:2AF121EAF5DB2AD57199F1F98A2B647147E956CE
                                            SHA-256:2F5ADE56CF96BC035F24D6FDABBE5D7880238FEE9634BFE01B9AAAF39C17CBA3
                                            SHA-512:6DF5BFA2A49B45F748AC523A69F6CBE3D01A17FE04CC8483D0B2A36A509E79AE2C7B452F7A80A5227C5F5CB8608728979DC10B5F7BC7DBD9DE4EE637A4F396F2
                                            Malicious:false
                                            Preview:....9A..*.N.c.....y..W..?)...$.........z.e....k1"sB.0.a.Q.Q.%.#A..oa.%.cd.o.V*w........2.H....D....{K....._....(....q...71fk...-Eh....u.~.BS>L....+~Dn.z..Z......I.,.^..5.'>.|sl..,M..........G .UR1......h.....-..k...+...b..G..kt.u....Y6.....jH......1Q..*.A.d.......9_..0*....2......d.r....s>)lE./.l.D.@.6.=A...y.4.om.t.L7f........7.X....S....|O.....P....+.....m..d.(Ne.?............>...f...&..I.M..3..f..E........m..P..Jwh.....m...y.!oG$.Ab.~. .l...%Mv0..!....~EY.r.q....N...l...0<..z....W.es..kl gA......y...g..g....-lV.z.....D.0.......b..$y.h....7...... '.x.....x..O...@n..jW.cX.D...gzI8...*..J.k9.Vc./Ln.*...........5...v...)..N.V..-..}..C........x..]..^.l.........i.;~U&.@n.c.8.d...>[p...>....dEB.}.v....Z...d...(/..2..*...V...Py..DJ..v.,Re..4..E....2.X.{."....d.....m..m7..?.1.4.z.e..@..1.>02P%.g.[l...3cb...M..=.....$I%1xFD........k.....O.j..-]..(...0)*"?.#...29.0eS5.6...B.A..2.+.f..R.q$.....{j..P.S.h.f..c.\.3.1"....y.cn},v@%.b..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.83030488181992
                                            Encrypted:false
                                            SSDEEP:24:F8HkcONwmw6kQ8Kkw8SB1WU/4geXEI5M6fB62i:F8HkzWn6bnNB1tPI5M662i
                                            MD5:3D70968D252E1FB95D0B49BE26BCC7D7
                                            SHA1:74F28DD1D9163C0BB804EBF81A937480D5E72244
                                            SHA-256:44ABBABEB352B0BA9863079C199ACBBDD26CBE56033A55701267587AC7B2D62D
                                            SHA-512:C7E38672BAEA6D698F454E6D61B51CA4481C36E960F40F364EA66B875C2CD4CD7C3EAAFBFF9A5135BF2A483D7B18F59FCD901D49AEB452A02D06C3FF7F01CB4C
                                            Malicious:false
                                            Preview:.-..>w.$..).....G.a.(..N...V3..=....G....!.MI({B..A.o......G$..Y...c....e...#...d........%.T...m/q..>......\y.{[M..Sq.+../...[..~....#.......pD.T`.]...w..Nm7/.L..E.`ly.P.ND...o.8r......=......xf.L........P...f./n.]..v"y.....F.o.{.2.'...P......+..>}.2...0.....P.e.+.Y...P1.."....P....<.PK;vO..L.i......N:.._...q....{...#...b......7.[...q1s..2......Jv.hHB..Ar.)....2.J...........e.D[1...RE.VF._........y..:.v.....I|...(z_|.+^XCC.........m.$?2..j...i.u.S.<./...E.XH.....q.J.....\xB...IP.....C.V........3...y>j7....1.5.:._b)%$..W@JlF..........4.j.C.x..{k.......!.............G.F(a..M.n...tm......@..U..Yy8pw*.@..........y._G&...NW.DT.]........q..5.}.....Ma...9fJ`.8D\OA.........`.;-$..b...n.b.[./.&...D.CR.....l.O.....L{[..._\....b6.]d.u`-LkK=.<....R..q...Y...g..)p..vx...."..].`.H..:l..N}W.b..^M.>7.WE^.(Q.-.&=..YK?....UO...57..C^Q. ..*.uX..:.5.^......O.+.j...L....^.T....w...G@.?#.Q..T;....8...fJ..!....t...m....F.+s.g....'T.5.>.D..9~....AU_c/.l$~;{
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.864926115687985
                                            Encrypted:false
                                            SSDEEP:24:9QOgnHy6KWFSyRObl2Tmb9RJNMPjlxpQc+thXuk2fB62i:GOucsSyRO5ErBQc8EkG62i
                                            MD5:35C52D2966F00D618D2EB6DE18C3D3AF
                                            SHA1:2A9DA55864254393610CB6E259A4871906CE0883
                                            SHA-256:8129F1F31563C87B41F71B4FEC10283F71A9C56D0153E9EE0FD6C4C6F75ECEC0
                                            SHA-512:040E629F0FB4D19AD8F83F6C789A957BCB086636FB8223A3A088D2DBF8F7A6037188F7A2407527705DB0E9B4794EDFD97F63D9A7B8354EEF1BA8530C97F38BBF
                                            Malicious:false
                                            Preview:.M..r...M|.....2....A]#.....Q.f..u..n.,.F.%............+.=......'..JD.-.h....2....._.u.......y[..t....7j..c.,....O..m.._ S..k.B... ....~W'.....XB..El....c.=.8J..P....b...FA..l(.Jo.s..%.Rb.d.....@...?.Q..^..e.\1...,\.w.q,..B.h4,P-.....4.c....R..f...Tb....>....RT).....N.}..n..o.1.E.2............&.1.....<..\F.-..w....&.....@.`........gI..t.... c..n......F..w..M.!.T@...o.MlW.. ..|...z....9..f......cw....<......I.+r.)z.../....oE.v&A..N....T...d_..@2..p..b..F...-=.:.s.cM..}.~.].b...E.2.{..'..._6....P|.7.{.....5]..q.y..)....!.gM.k.\...t..msq./.?~B.=..M........{...t.."{.+.?.....G.#.}....n;..v...NN-..L.>.U]...u._wB..5..w...g..../..v......im...>=......N./{.2i...(.....vS.o1[..O...L....mS..X$..e..v..J...6#.<.|.r@..n.r.N.v....b...M.).H..."^.... .X{...0.;.U.^x0.D{:...<+..c.<..~.Xx.N...8.r....^.p.!..."k.T.Q,./.....A.$...1.2..?A.LzH..I|..BF..?..GF..N.F/......#...m./..w.@..t..|(..."5.M."<.....G.4..PJM...l.?.....S...%lu.p...T...QO;fac........y..
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.840798821224363
                                            Encrypted:false
                                            SSDEEP:24:VvSS4CC+OLam4VCnCFwKsCp0vvrLDsn+rQRvm3uSWIAGL9NNtsVzr+fC6fB62i:hTqem+ACFwBCCvzLDs+MCuSWID9fCIbc
                                            MD5:2FEE642BB76CCC77DD96551C20816BBB
                                            SHA1:DCD16C50048AF63D84485168B244F3F0980A191E
                                            SHA-256:EC14B42815E95069E6542744571E18D5FAA9C504D8D460D9C6A7F5A66AFBE4C2
                                            SHA-512:23441806571068B36D61ACADDD5D5580FB103C92406CC2D5D73287EFCBA850F5037C282DF04F56FB1991CD1549F15061AE57D0DD5CE652CB77DFD07B66E4F988
                                            Malicious:false
                                            Preview:7a..%h"..o.8'...I1..g@'v.........]d.....!^G8.ZZ..Z.k..DW.#0\4Cq.\..`:'ML.'..b_..z..Vn..o./.|..T..C..tQ-...Mr_(..d.7.B..j..O..$b.l.....t7T.q...#..)q*.$...c...SQ..rf.5..f;..2........ ..1...W.._R.u.....Y...#t~.U.Uj9...{7....ajgps.]..|...K...A.9.)...>~..1j,..q.=7..W7..dS.|.........^......*ID;.MC..W.r..]U.07Q'O`.[..b!;AZ.'..iX..n..Wa..o.4.`..I...]..tO;...Z{I-#.f.-.G..|..Q.4..i..G..[$....2.Uz+y.I..i.J.R5...G..A...G.\1.B.Y9...U...E_#]..h........(:..k.. v.*.2.&./.AZ......p....D.....d.L.$...{...[HK...T.F..U..N....]...8....'........7......w..6...L.8....F..T...TI.$...H.Jy.....d.....B.....vh..mR...*..a...vHq.yS..sR.n.$..h..]..P6....'.Tq)e.Z..|.@.J5...@..Q...T.L0.B.I$...[...VT1K..b.........3:..j..1~.4.%./.+.YL......|....Z.....u.D.7...h...\.}.J*,D..G3...K4....OM.vUW3...Z....4.EvL{$....J4c.J.5....K..k....8.....H1....'X#!.........np..CV..n.......I..z.o......(..z>1............"....?.;.8).>.<f..(.gM.........^..$.|d&.Q.us...,..Ht5|.HS..%lIE..9PSA..8....#8.vv&...
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1270
                                            Entropy (8bit):7.872341914422633
                                            Encrypted:false
                                            SSDEEP:24:+DOkbqPHmk+CvbwLgwPwCbvZnkAOdq3T6iTOHymIk3GoBLfB62i:aOkbqLcPLvbOdWT6AmIk2ov62i
                                            MD5:A989D8BA7E73251A05137C98813AE1EE
                                            SHA1:E1C31895FC4A10E3C225EEDF490033734A460D10
                                            SHA-256:EA649D76559978516F74A1D25DD0EFF6F41EE4FA789B4D434FB3F3AF3A97F669
                                            SHA-512:3367CA65B873713212A3A4AB6538ABBF15504899DB4CF03BCAA2EDA17459230F2B20A8F5BA3E85865F12D69F94403780E5A5987CDB959B5BF2DC0F74D47201B4
                                            Malicious:false
                                            Preview:.F....tV.;......yj90uH..^.k.?..%.d..K..;..j(.}H.....9.O..=..}...M....A....Z.p....g.d...y.v.......... ...LZ..k....m1.z..x.6w.5E.ce`?...)$....9_...b*m.Q..i.dS...|....l..q.....+.r.j_.O.....O6>..#.K..k..Lk..,..*.l...6......VD.?..i64....f..i3.!..9...Z....a].+......cq98|B..B.c....#.r..]..!..d .uP.......[.....t...\....X....U.}....{.s...b.c.............,BH..t....q:.f..oo:#P...&..a..h.}../.V..G...m.-n...s.4.OP..!......{`$.nt..4..k..............iO4..9.-;.e.g...A..m.{G.....D.8_8..X.......]f....%,.4.".=P..AK.....b...IW`y.A2....y....l..g.6..UC0u..Y*..a..u......C..}6....=....z.dC..P..v....`P....]...TAN.[.wD.8..t"..)G...+..}..i.s..$.L..F...i.<g...s.".[R..(......~e .`...<..c..............wX9..=."'.o.k...S.m.qU.....V./^'..W........Vb.....|....x...gf4.E..........&.,3e...QZ.Q. v..X.N4....K.......vw...x...m<.&....D.s..e!$.2....@..:_..)"..7.(.QE....b..,{....?...r...J.G.G..`...H.CI.........[Ib.^o..cC ..t..C..........[W..O....I..q..~.j..Ms.X..9.}....<.C
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):350
                                            Entropy (8bit):7.27739243501186
                                            Encrypted:false
                                            SSDEEP:6:yUhP2VBKDOabhe11VZFuu0jxY4BWFTh3zIPSGtr7PttkFi6ksI1AN:t2VBgo1D8ju4Bgh3EPlPfkFi62i
                                            MD5:3ED1AEBBDA6F9FDDDF52E76B8F5AB4C9
                                            SHA1:050ABF1ED7BC6515B18DCACC5F908505E84C5A7E
                                            SHA-256:20E42ABCB073362E14EC02163B7CBF22C60CC8DE5E4F12695D9EEE135654E148
                                            SHA-512:A39D84B46F2A7617C014ADF5DE900334AA383BE281956843D60DDBBB70506F9A75E92A809426B4658D128ECB789BD20106A5F7B43A06B95A0EF9D298B1C417B5
                                            Malicious:false
                                            Preview:...7.B.a....r..~ic2.t{..?.o.X..:Q....rC....Mw.^..?<...y..pY...D.&..NKf61X....*.....|.,..............iN...l....||.p&..D.CL......-...=.N...+..7....#.?7.S..\`...,.W.4{.Z"oK....x.qn....N...-.?,](.p.......T....'.i.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):443
                                            Entropy (8bit):7.5244377849798605
                                            Encrypted:false
                                            SSDEEP:12:wG29mT5CBY/lHc4IWhto6qrYdcPfkFi62i:7cMIY/lHcQrQYsfB62i
                                            MD5:6D0DAF6C280549C4E9196C102A73D9B0
                                            SHA1:CD4775A4A167D1063073F78462377DE01CF2C800
                                            SHA-256:39575D9BEC1AC543397D3B19BE754E8CF70584EA26AE4382CE0135B6C7FCD004
                                            SHA-512:B869030156E6B370954BE3A2AB9C78F79E7E590B040E1C599CEDD07EE6FF1A0B852E5FC2130020F63D86736CAE45EA427DDD1EEC34B7BCB3A116B4883C30422C
                                            Malicious:false
                                            Preview:.8..{r....6.0..cs..>..M......U.....[T..."C2.3..~.C.(.8.....L?.vT........tx....H...P.!...!XK....r..~.W._.<>D[Fb.TP.W.EAK...2.I2........|s...U,o.b.1..Dc......dln\..l.......]h..|n/|,%:.../....{...:7.QT...|s.m&U._..L.....VQ.-O..=.N...+..7dr...M.IB...{e.......~..#A......S..L...[.b....R..h......ze.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):355
                                            Entropy (8bit):7.3634035341923365
                                            Encrypted:false
                                            SSDEEP:6:XzOf73zkSOe1cH/Y+AYpsyzTSKyEPFB/tr7PttkFi6ksI1AN:Xzugw1cH/V9psNKyEdBZPfkFi62i
                                            MD5:B73CEFAB866179B612B41A2BDDAD626A
                                            SHA1:3E16DA3360D1B7362BCDEA4AC5DE1183528EC01A
                                            SHA-256:6A1925627073BA311A891D82EA84BEF9E5E4B92BB566E97AE17E2882D7D1DF30
                                            SHA-512:0716E96FDA64A9C59EDB0C781DDFD32DBB68DEB708DDB6AD8E5C058705F4466F9FE7AE579BF2659CECFA15147EC58491D597E3807586D93F9F3D1B854E8A6B4F
                                            Malicious:false
                                            Preview:...........*..gj4V.P....Q'G...f`.....@.....5r..-.......\hQFL1&.9hBRvc....Q..=)$..k.^%....bCaG`P....a...yl....|~.o&..E'h.....7_.6...'.N.K.+..4.....)`.N..h.....*X,.....C....w.S..<\..S.O2.V!~t.u..RJ.j.lLa..=....l.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):347
                                            Entropy (8bit):7.421468644965853
                                            Encrypted:false
                                            SSDEEP:6:aN6yzuSlfoJigeVqlpkgNfKcZ8U/h4uu/hETaJnpB+vtr7PttkFi6ksI1AN:aQDSFiigeVHufR/jummJpBEPfkFi62i
                                            MD5:369476ECF83B0CCD3578BD197653CEDF
                                            SHA1:391C138922F8E6E9E6E905275D1F5DAC1EF5B430
                                            SHA-256:3E8AA807D5C289363C06672BF48E1F54BFA0B45A83D5793B5BBB427E7CBE6122
                                            SHA-512:6C7C39C3E317E38304BEA888B3176C1683A1E2B7B60248DAEEA7B046EE2C0B017EE11BA9C9F5EE0E7AA68B02FCABBDE8C1682C1A71DE4A648860AF8B56EAB13D
                                            Malicious:false
                                            Preview:{.&}U.U ....t...W.M.u.n...T.......t'.9Tr.;.>...........7........l..`.V...26"..k.q.Z......OWP.B...B.........R.z..u{$.c.E.F.EE.-...=.N...+..7.....i.........l@.O..2..J..<.B...?.*.<P.v..t.W..v..c|..V.....f.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):344
                                            Entropy (8bit):7.373382969896646
                                            Encrypted:false
                                            SSDEEP:6:yHvgscoj6s34+Ch2ymI4MCo11PJBQ3drttr7PttkFi6ksI1AN:yHvg/oj6s34+Chhd11bWnPfkFi62i
                                            MD5:3FAD6893245274155141B4AF51603BF7
                                            SHA1:1FA551FFDB943AA0BB53C8400BA2D6594FD2D352
                                            SHA-256:954A5E5FDFB83483A66FF883D810210245730FB41C2E429C6376623B713B7352
                                            SHA-512:A9AFC7AC102992FDFE7E7F64629029FCB42AE49188E42C9DD53B152B2895A20296CD429090972FE84991879BBB29756B7F18050B43D67AD3AA5AE799FA29987D
                                            Malicious:false
                                            Preview:p>....3REL....g1.[..U.6...W.`.L..,.......I;Ir...#..'.X+G.Q..3...//...y....lF..F......P.W5S...I:..n...|k.o&U._..L.....VQ.-O..=.N...+..7..D.......^~.@......MT.\P./.6..q..L....;...f-.z.~../c.9..,<e.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):353
                                            Entropy (8bit):7.348113016345659
                                            Encrypted:false
                                            SSDEEP:6:cVnL3hjl+K9LfAXgJORloeNOAdhErtsNqCxVsyfFtr7PttkFi6ksI1AN:cNdx9L4Xw+q8O1CxVsGPPfkFi62i
                                            MD5:94B2813E75322F743913D7A58E660A49
                                            SHA1:3EBA30D903554B211D601F7DA9B68A615BA09A3A
                                            SHA-256:3417DBEF948D7B0F34581E501B1A81BD68E186F12FB8641852C5E8069F7618F5
                                            SHA-512:BB70AE0500A271C7C56B9FF38480E3C9230438297C0DBFC3B8A1C158ED2A149386533B70EA96922CF2DD6F50E829CA3375A77C87F4A71A909B48738B5BEC4FBB
                                            Malicious:false
                                            Preview:.l..W....u..o...J%.4.;.p!j.4.&...b......+..l.(J.z........b..X.l....DT];.}&..m$..HUG...j.}m...`..p.+.[.......|I.c&..O..L.....=G....=.N...+..7........#..=....!......b........%iX....Dm.......q.dY^_.......?...k.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):349
                                            Entropy (8bit):7.394977058780537
                                            Encrypted:false
                                            SSDEEP:6:OdYKzVVSNKui7LlTrQxHuJVDpWUcbFKiqHWJhISGVUtr7PttkFi6ksI1AN:yYK5VSgLlH4OJVDjZWvISGoPfkFi62i
                                            MD5:4F4BB31281091AF19F9BFA208EE27FC5
                                            SHA1:4942AC578A1865F0BFD61B4C3941F306898196AD
                                            SHA-256:3BF746637D6D4DE85D1985CBB4A33574C1F9C077F917B90ECCF71B9E8090F4E9
                                            SHA-512:2DFA951AC56F1919C23493C5CE917B819E1129909E405C63F7500DD6294FB475B281E907EC4E1153B285991E3A549930BEA18D01A67AA8CB4DF2732D76A5FC34
                                            Malicious:false
                                            Preview:t.x.G@A.<.Kp.QV.g.k...n..o.u.6./....a+.Jn/.....OJ.&.....m..3..@..6{.5..9.f.....Z...rg.`.....-.K....3._.M...|y...uj$.c.E...GQ.;...o.N...(..4..5=... XNU..3....$...3.4..m!......1:S..|..l1Q......./..~..P.fOh.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):350
                                            Entropy (8bit):7.366709934808544
                                            Encrypted:false
                                            SSDEEP:6:YuPvWqFbwVQ40/mesG3KRju074cEEB64r52Cutr7PttkFi6ksI1AN:YgvWNv0/C/j974rh4r52nPfkFi62i
                                            MD5:DEFC3F6833105F868AB7A831F5E93DFC
                                            SHA1:997F2A89C83FE11BB920A456BBF6AE7C9BA455DB
                                            SHA-256:578211E4CF19961502AEBBF31C4F39AD2BC7E890F2AF0B8C5ECB2972CB6001FB
                                            SHA-512:4E8D2178EDEEE37627C987A674B04364F1CBE3A5A710E41EEE41909801BEE53761B2E43ED6CFD02820557A896FAFE348C8E1A6D028D229081C61ED0755155D24
                                            Malicious:false
                                            Preview:U...^tv-.;As..t./*.J4.ff_.....s.....!6.O.p..6ce. ....B.....h..*.....2...n..q..mx...x..g|.P.5.R........w......|t.~.~{$.c..B..D.S.;...o.N...(..4...o..D.QJ#[.G.NS..8gPW..:r4Z...h..%...L.....=.....A..@.P!\t...Mh.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):356
                                            Entropy (8bit):7.363640717395941
                                            Encrypted:false
                                            SSDEEP:6:ZH2RwWJJkhrMpOVb+5exitFC4MfTT8/Ctr7PttkFi6ksI1AN:ZH2WIqa5ektFC4MfKsPfkFi62i
                                            MD5:0E8864D0EBA98DF0D5B2A3F2AE41C0FE
                                            SHA1:75C439D4B60E70E6A65D669B230BC621B9E2F4AD
                                            SHA-256:CB3C9AEED92BA861B843DDBF4C2DB1D4D64D7742576D5971E7390BBAEC6E78FE
                                            SHA-512:A34AFB3E19ED594385FB3731EF4E693B0BE1838DCE967642888C3BCA43C533C57D70C3A21EF9C8A379A5904EE6963605CE2789C7512E0A762A98DBB948DE23CD
                                            Malicious:false
                                            Preview:...w..DPp{b..,4/.JxYm..C....) .M.V...X...].`...x...{A..<...7.;.H..~.U...$.r.5.z...@4*x...@OQ...z.e.J.z.8..Hqy....|v...u{&.|.[.~.E7.....'.N.K.+..4.....)"...b..2.W.....~y.E.A.n.[.`...^.....x.n._...w.D....+.G?..V.l.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):350
                                            Entropy (8bit):7.374986397755441
                                            Encrypted:false
                                            SSDEEP:6:DEyNpgEvh5KvTjqogBeOnqLrQscYhOcuEPluwdIkyEjtr7PttkFi6ksI1AN:DtNpzT+TjTgoIqL8scYhOvtEJ9dPfkF9
                                            MD5:DD24C8C17C30645985E813AB2B50EFBF
                                            SHA1:B92FC4C024E6C45A37E99501C681FCE3FC377F43
                                            SHA-256:95216BC3902773BD6917AB13B0E52B04D96A06608C1B23B54F8D068511D486C6
                                            SHA-512:2E8B0021FA76FD584DDA3ED193B4C4F5FEB76620816B94A1F75AF21F395D6F44F95935172A8C5B8BD3820F76F687ED9ABB4616E9095F2CECF73C7D6BC0C908FA
                                            Malicious:false
                                            Preview:)..R.Kad=.E(....md.......a..r......A9..4....<.[..\.k.x..YM.*...M}`..i.i..E.o......W..5z..&.......`::.=.....|h.~.r|$.a..E~.D.S.;...o.N...(..4......$b..n5b$!....c.._.._D.X.+.v...y.B.....M..yEi._d........;.WAh.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):497
                                            Entropy (8bit):7.607431425988774
                                            Encrypted:false
                                            SSDEEP:12:MGRY4TPOQ1MXhuTMeDnBEcUlx6qaTVPfkFi62i:HRYSjaFJaTdfB62i
                                            MD5:C0C7A251AC403D239D659EEB607397C7
                                            SHA1:3BBDC6B32EF59A714A9E07971201C98D6591DA92
                                            SHA-256:7DA5BB2091926D0FDF2EFCE290CE89ABBE57EA70B46B71F0DD1DBDED67B02598
                                            SHA-512:FD18C88F9EA21592C4A948AFC51FD2C80BBC1E08E5F73E7632D721A948D573FE0BC0C8E95FF5943E5922BA90F8644D4311A61A6B3BF2D45F3B5485C3258ACD0C
                                            Malicious:false
                                            Preview:3.c...F.T)...y..c.c.b..07}......V.9N.?.U#.m........".....K...F<b..NP.....=,..K........}.S1...[.........3K.X.M...#+.0....9S'(...a..T...T.........C...y.eB....X.......RXe ..}.....[....z.....!. >...;....w..j.W9..}5....1E,EvcvP..3....y....|x.x&..].......6\....-.T#.8.+..7......*0N...A.P..q..<x.7.?21...m....j[..5].z.X.......+.."w..'Ny..m.O.......:s.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):511
                                            Entropy (8bit):7.572751645648961
                                            Encrypted:false
                                            SSDEEP:12:AlN/sDiiC0bfFLmvUXuhLr2KGoPfkFi62i:AlN/d5UXKX2v2fB62i
                                            MD5:92C96038FC5132FBD27E4CAD5C4A3420
                                            SHA1:DAF0CCD721372B3E776D50F5975CAE0A567B8DBB
                                            SHA-256:1E87E6576A31F22B8C0B934EA2884CA288DD6769EA90242B3428B5B1F7B4B4F8
                                            SHA-512:B53C93B2C9002B5B3EB87AFBE68D389951CC4AC96FCC0709C4FBBF794373E5C4781AD3A7515E351FDC9B21D17FB1B09491B897BD210AF091090B82398EFF7D5F
                                            Malicious:false
                                            Preview:n7.h...-X...._+0.*e.v..Q.@...2.K...r#..c|R...?..8..T..Z.;O=!*.. ..rYc..5....`<..z..Q..A ...8.(.....w..2F..v..\.#H..].........w.Z.6...C...6.....A(v..?1G..M....&2.,..PD.[i[..u.Q...\....QA.9z.KtiDAD.y..]..BU....S.r..+..?&......C.\.8O.{.....*...|y.o&..#.Mm...7.0gY..(.=#7}c].c...".I..2....A..^.......U.G.ED.D.P.7V.L.v?p......e..~o...A1.bV~c..Y53|.....9....[.v8GB.9...'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1174
                                            Entropy (8bit):7.8342438000163455
                                            Encrypted:false
                                            SSDEEP:24:2V93ttkg9f+yv0+ZYlGjVGIsN9p1p4DhGVtYM4Gt8XgJfB62i:2VCsD0+wGRG/l4DQL1cgb62i
                                            MD5:340E759A9AF032D66E7DF4C0E169DB4A
                                            SHA1:21BB3DD543113F0C59742F4991B0A2E84B7AD889
                                            SHA-256:D0CBC918FD19800FC90512528CC167A8BCB92DFB3338E6DC115840CEFA7CBDE3
                                            SHA-512:7C306EF457352D0DB857C95214C073E33911C93735B04D21A989C1C5436BC16242662BEF61A2651BFBC15913B7F8E88131B129377A7848F9EB88BDFDCB08E694
                                            Malicious:false
                                            Preview:.e../.Y..Z4j..@.a..W...............a.M.H....mh.._..........H......[.j...G...w|\.......v.d7...SAFNM#.....rk.[_... ..C.......Q2..a.D.%.Z..kbB.'.&...^},.}..n<4.Kt....n........I=.....N.....'......V.6.-[..31...3...w..a]....$0./.5.{9i.MY.KB.I.._}.(..a.H....B..L..i..G.....m......q.Tv.^.R.....09.C...........-V..T.....\...,.".Tl......Q.r&..v.N..W"...Y.'...C...c.._...4L....b...O...y.!H...>..Y.&Ho..vDI.........?........~).U..=iy.i....}...&0+....f....!w./..]..!.,.q........D..{.uQu..."mDu.dGy...2.H..4......L9U/..8>.7....a.W1os}..$..b2..8...+%v.}..l.,..oeE.[......3U........!...L.V.(j.T...Lq...........N...W.....Nh.-.Lp.L.....a.@#U"...0-.].....L.....l..V..j..K(......a;....H{E..3./YY...bQ.?..f..^./.~.......A..~.xQq......Y...=w. 0.Ns,.sE...DN.....y..M.6.O.B...R@.....5.s.h...tC...q.C..Jw.)......t.E.{.pd...|s.x&...'h.d..mLd3....8.C...!b.).............).w%... Bv.\..f....z.=;...De.Yv....8..&d..."s.1...S....-...{_s.7...#].......e..H....
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3113
                                            Entropy (8bit):5.07613195015726
                                            Encrypted:false
                                            SSDEEP:96:sW0YHo/AHJmubKS1yx0TydEminWKwsHLq5nPAvYzmlxSU/3vS:sWbwub300PmuQYG5nPuYzmlxSU/3K
                                            MD5:1A3D00C7A093D0D59F609385990AFB16
                                            SHA1:3734772666792527244B908486391D35E7880CFE
                                            SHA-256:99A27363A35F2D0933E66298B3D80F07E30C130E3DECBF4CFE8514726E5A4E9B
                                            SHA-512:68678200E6340FD97E39545DD0B5271E10BBC2CAB9E2BBE31891B16DF07A29733BAFE0A1E50F58116E158B6DF7A266EC80578519C32FB8264A686E3C8205DA71
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):239
                                            Entropy (8bit):7.086772979402143
                                            Encrypted:false
                                            SSDEEP:6:psPmQcYyOdTSoibhStr7PttkFi6ksI1AN:6bp67VcPfkFi62i
                                            MD5:D7A8ED7F6D3A7903D9126151D7114F23
                                            SHA1:250E2572D4533AA6F3528E227ECD8623CB24F145
                                            SHA-256:E5370FA7B0D1C6F49E07C50B8E07DA3DDAEC30B3C0CBB6116620743CD271782C
                                            SHA-512:D0000AA94E81EF70AEF18C8D197A2B24965745D35BA078D3CCCBC7B795078F7F5D09B4D2CC53D168AC2C0BA7A340C916CDDDBFAEB742DEF7A11BE96BE8C6A6FE
                                            Malicious:false
                                            Preview:6Z.?G....|h.x&..#....8....Q.-...=.N...+8.F......?.L.p].......OM...w,.$ph.m..!D.D..../Ee.$^.j..S.h.g.a.'.$.6l".....H.>5w&.!.6L6p.......1.1j$".<....^......A&.d.:.......3...{tLp...$...1$.|rbE..%.U!kMM.^...[.VJD..V..-;l.Hw.....VV`.&H
                                            Process:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):64
                                            Entropy (8bit):3.70220859334435
                                            Encrypted:false
                                            SSDEEP:3:/Dllj5I2Y1Andkdoll/l8FRR:/DKGdkd4l/KRR
                                            MD5:7298B2EBB9173730A2A8CF7B56136EB3
                                            SHA1:95D5D888607F1FE7CA4BA80567D93000D261D8BC
                                            SHA-256:4EEA94F55FC711B3A8AA94A3431198ACB04DD020FAE2D4EFB553219C8E7CAB98
                                            SHA-512:C96746FE5A535C063A1D1B3EAF1CC2E6F290FA3AFE5BDF64B536352423F50083094A42A6C0D39783AEDE85CEB4011E18CD0C3F6B1E2581C188BDB533B53AF81D
                                            Malicious:false
                                            Preview:....9.1.0.6.4.6.....\MAILSLOT\NET\GETDC8861A807............ ....
                                            Process:C:\Windows\SysWOW64\cmd.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):22
                                            Entropy (8bit):4.277613436819114
                                            Encrypted:false
                                            SSDEEP:3:otl/fvn:otRH
                                            MD5:7DB02CACA384B10B0651A0B397FB772F
                                            SHA1:9DDB0E3A616B7A696B5FEE431A0E33F7712FF384
                                            SHA-256:0E5A2ABE3F237172C763FA57478DD9693871A1A34DDA7036DCD3CD1D11E36327
                                            SHA-512:8CC4B4FF5DD1559F8B726583B3D7D707D9FABFA3C32BB410924B173D2819C58B440287FF3F659C40EDA93CEC811C45C1B8FD75CE7CB5367D2E9C5689D23ABB61
                                            Malicious:false
                                            Preview:C:\PROGRA~3\B875.tmp..
                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):7.101781664141255
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.94%
                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:ggjLV4w8Ya.exe
                                            File size:164'249 bytes
                                            MD5:9251dd806a703d4a6b388e504e5020f3
                                            SHA1:a9c78679a7effe14bac6b0fe440af504c50d7d1f
                                            SHA256:83600bb9bb3eba4ca5d64a300bcdb8bc9c988570f5acdb6aecae77f4f75d2e68
                                            SHA512:f67f5f44ef17128b575608c4a8eddd76af172ebee276c752cb7a6e149cc244e0df81166bab52435f3a1db26b42f2d141e1aa338366a81a616792a0a07b110862
                                            SSDEEP:3072:kDDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP33682wa9h+f2s9L6AsW:m5d/zugZqll3a5OB9L6
                                            TLSH:FFF37D21B112D537CA6634F5A729B3B0738A5E2C13A86463FAE4CF4B35B38236F15947
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e.b............................o.............@.................................N.....@...........@....................
                                            Icon Hash:90cececece8e8eb0
                                            Entrypoint:0x41b46f
                                            Entrypoint Section:.itext
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x62A4657F [Sat Jun 11 09:50:55 2022 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:5
                                            OS Version Minor:1
                                            File Version Major:5
                                            File Version Minor:1
                                            Subsystem Version Major:5
                                            Subsystem Version Minor:1
                                            Import Hash:3bc510de773c954bd69d33670cb624d6
                                            Instruction
                                            nop
                                            call 00007FCF98ED2430h
                                            call 00007FCF98EBF63Fh
                                            call 00007FCF98EC2BDAh
                                            call 00007FCF98ED02E9h
                                            push 00000000h
                                            call dword ptr [004275C0h]
                                            call 00007FCF98ED1C4Ah
                                            call 00007FCF98ED1C39h
                                            call 00007FCF98ED1C40h
                                            call 00007FCF98ED1C35h
                                            call 00007FCF98ED1C2Ah
                                            call 00007FCF98ED1C1Fh
                                            call 00007FCF98ED1C14h
                                            call 00007FCF98ED1BFDh
                                            call 00007FCF98ED1BF8h
                                            call 00007FCF98ED1BF9h
                                            call 00007FCF98ED1BEEh
                                            call 00007FCF98ED1BE9h
                                            call 00007FCF98ED1BF0h
                                            call 00007FCF98ED0785h
                                            call 00007FCF98ED0780h
                                            call 00007FCF98ED075Dh
                                            call 00007FCF98ED0770h
                                            call 00007FCF98ED075Fh
                                            call 00007FCF98ED0772h
                                            call 00007FCF98ED0731h
                                            call 00007FCF98ED0726h
                                            call 00007FCF98ED0739h
                                            call 00007FCF98ED072Eh
                                            call 00007FCF98ED0723h
                                            call 00007FCF98ED0736h
                                            call 00007FCF98ED0737h
                                            call 00007FCF98ED0738h
                                            call 00007FCF98ED070Fh
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1c2200x50.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x2a0000x1128.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x1c1100x1c.rdata
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x1c0000x60.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x1983c0x19a0077f1d0aea9e9462b32efcd4d44dfc4c0False0.4443692835365854data6.632719440409723IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .itext0x1b0000x5180x60020ecbfcc87e53c78ea8ce9c0dd66c6bcFalse0.234375data2.7807255627049052IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0x1c0000x43a0x6009ca82a61ff7ef48f91aac3b0abfa7802False0.3372395833333333data3.2050103933604612IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x1d0000xadc00xa00041677eceb4ababcf1063f3940f29ccf8False0.98271484375SysEx File -7.985888297865948IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .pdata0x280000x14900x160084e375653c841c67f8057865eb95b9a6False0.9456676136363636data7.767392554696095IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .reloc0x2a0000x11280x1200d1fc67767f0df03587cc49406db85585False0.8107638888888888GLS_BINARY_LSB_FIRST6.62355195676201IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            DLLImport
                                            gdi32.dllSetPixel, GetPixel, GetTextColor, SelectPalette, SelectObject, GetTextMetricsW, TextOutW, GetTextCharset, CreateSolidBrush, CreateFontW, SetTextColor, CreateDIBitmap
                                            USER32.dllLoadImageW, GetClassNameW, DialogBoxParamW, CreateDialogParamW
                                            KERNEL32.dllGetCommandLineA, GetAtomNameW, LoadLibraryW, GetFileAttributesW
                                            No network behavior found

                                            Click to jump to process

                                            Click to jump to process

                                            Click to dive into process behavior distribution

                                            Click to jump to process

                                            Target ID:0
                                            Start time:21:18:53
                                            Start date:24/05/2024
                                            Path:C:\Users\user\Desktop\ggjLV4w8Ya.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\ggjLV4w8Ya.exe"
                                            Imagebase:0x450000
                                            File size:164'249 bytes
                                            MD5 hash:9251DD806A703D4A6B388E504E5020F3
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1626358209.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                            • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000000.1612140330.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                            • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000000.1612140330.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1630051832.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1614811292.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1626224489.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1630834157.00000000012FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            Target ID:3
                                            Start time:21:19:03
                                            Start date:24/05/2024
                                            Path:C:\ProgramData\B875.tmp
                                            Wow64 process (32bit):true
                                            Commandline:"C:\ProgramData\B875.tmp"
                                            Imagebase:0x7ff7699e0000
                                            File size:14'336 bytes
                                            MD5 hash:294E9F64CB1642DD89229FFF0592856B
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Antivirus matches:
                                            • Detection: 100%, Avira
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 82%, Virustotal, Browse
                                            • Detection: 83%, ReversingLabs
                                            Reputation:moderate
                                            Has exited:true

                                            Target ID:8
                                            Start time:21:19:56
                                            Start date:24/05/2024
                                            Path:C:\Windows\SysWOW64\cmd.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B875.tmp >> NUL
                                            Imagebase:0x800000
                                            File size:236'544 bytes
                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Target ID:9
                                            Start time:21:19:56
                                            Start date:24/05/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff7699e0000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:19.2%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:17.4%
                                              Total number of Nodes:1727
                                              Total number of Limit Nodes:9
                                              execution_graph 11388 4613c0 11390 4613a2 11388->11390 11389 4586a8 RtlAllocateHeap 11389->11390 11390->11389 11392 4613be 11390->11392 11391 4614e2 11392->11391 11393 4586a8 RtlAllocateHeap 11392->11393 11393->11392 11180 458208 11181 45820f 11180->11181 11182 45821e 11180->11182 11183 457968 3 API calls 11182->11183 11184 458226 11183->11184 11185 4583c5 11184->11185 11186 45822e RtlCreateHeap 11184->11186 11186->11185 11187 458249 11186->11187 11188 457968 3 API calls 11187->11188 11189 458265 11188->11189 11189->11185 11190 457c1c 8 API calls 11189->11190 11191 458280 11190->11191 11192 457c1c 8 API calls 11191->11192 11193 458291 11192->11193 11194 457c1c 8 API calls 11193->11194 11195 4582a2 11194->11195 11196 457c1c 8 API calls 11195->11196 11197 4582b3 11196->11197 11198 457c1c 8 API calls 11197->11198 11199 4582c4 11198->11199 11200 457c1c 8 API calls 11199->11200 11201 4582d5 11200->11201 11202 457c1c 8 API calls 11201->11202 11203 4582e6 11202->11203 11204 457c1c 8 API calls 11203->11204 11205 4582f7 11204->11205 11206 457c1c 8 API calls 11205->11206 11207 458308 11206->11207 11208 457c1c 8 API calls 11207->11208 11209 458319 11208->11209 11210 457c1c 8 API calls 11209->11210 11211 45832a 11210->11211 11212 457c1c 8 API calls 11211->11212 11213 45833b 11212->11213 11214 457c1c 8 API calls 11213->11214 11215 45834c 11214->11215 11216 457c1c 8 API calls 11215->11216 11217 45835d 11216->11217 11218 457c1c 8 API calls 11217->11218 11219 45836e 11218->11219 11220 457c1c 8 API calls 11219->11220 11221 45837f 11220->11221 11222 457c1c 8 API calls 11221->11222 11223 458390 11222->11223 11224 457c1c 8 API calls 11223->11224 11225 4583a1 11224->11225 11226 457c1c 8 API calls 11225->11226 11227 4583b2 11226->11227 11228 45d264 NtSetInformationThread 11227->11228 11229 4583b9 11228->11229 11230 4691a8 2 API calls 11229->11230 11231 4583c0 11230->11231 11232 45d290 4 API calls 11231->11232 11232->11185 9288 46b46f 9289 46b475 9288->9289 9296 458214 9289->9296 9293 46b47f 9394 468ec8 9293->9394 9297 458226 9296->9297 9298 457968 3 API calls 9296->9298 9299 4583c5 9297->9299 9300 45822e RtlCreateHeap 9297->9300 9298->9297 9347 45b7b4 9299->9347 9300->9299 9301 458249 9300->9301 9439 457968 9301->9439 9306 457c1c 8 API calls 9307 458291 9306->9307 9308 457c1c 8 API calls 9307->9308 9309 4582a2 9308->9309 9310 457c1c 8 API calls 9309->9310 9311 4582b3 9310->9311 9312 457c1c 8 API calls 9311->9312 9313 4582c4 9312->9313 9314 457c1c 8 API calls 9313->9314 9315 4582d5 9314->9315 9316 457c1c 8 API calls 9315->9316 9317 4582e6 9316->9317 9318 457c1c 8 API calls 9317->9318 9319 4582f7 9318->9319 9320 457c1c 8 API calls 9319->9320 9321 458308 9320->9321 9322 457c1c 8 API calls 9321->9322 9323 458319 9322->9323 9324 457c1c 8 API calls 9323->9324 9325 45832a 9324->9325 9326 457c1c 8 API calls 9325->9326 9327 45833b 9326->9327 9328 457c1c 8 API calls 9327->9328 9329 45834c 9328->9329 9330 457c1c 8 API calls 9329->9330 9331 45835d 9330->9331 9332 457c1c 8 API calls 9331->9332 9333 45836e 9332->9333 9334 457c1c 8 API calls 9333->9334 9335 45837f 9334->9335 9336 457c1c 8 API calls 9335->9336 9337 458390 9336->9337 9338 457c1c 8 API calls 9337->9338 9339 4583a1 9338->9339 9340 457c1c 8 API calls 9339->9340 9341 4583b2 9340->9341 9453 45d264 9341->9453 9343 4583b9 9456 4691a8 9343->9456 9348 45b7b9 9347->9348 9503 458dac 9348->9503 9351 45b7cc 9539 45d2fc CheckTokenMembership 9351->9539 9354 45b7fb 9540 458ba4 9354->9540 9356 45b80a 9357 45b818 9356->9357 9543 45d990 9356->9543 9357->9293 9358 45b7dd 9358->9354 9587 45d31c 9358->9587 9361 45b824 9546 45d528 9361->9546 9370 45b837 9372 45b8c3 9370->9372 9617 45cfcc 9370->9617 9373 45b902 9372->9373 9378 45d494 NtQueryInformationToken 9372->9378 9559 45e218 9373->9559 9374 45b860 9374->9370 9600 45cc94 9374->9600 9387 45b8f0 9378->9387 9386 45b89e 9386->9372 9389 4586d0 RtlFreeHeap 9386->9389 9387->9373 9638 464cb8 9387->9638 9390 45b8ad 9389->9390 9391 4586d0 RtlFreeHeap 9390->9391 9392 45b8b8 9391->9392 9393 4586d0 RtlFreeHeap 9392->9393 9393->9372 9395 468ef2 9394->9395 9396 468f08 29 API calls 9395->9396 9397 468f13 9395->9397 9408 468f22 9395->9408 9703 45b9d0 9397->9703 9401 469094 9772 463b2c 9401->9772 9402 4690a1 9404 4690b6 9402->9404 9405 4690a7 9402->9405 9406 4690c6 9404->9406 9407 4690bc 9404->9407 9409 45b9d0 15 API calls 9405->9409 9412 4690e5 9406->9412 9413 4690cc 9406->9413 9856 468e1c 9407->9856 9408->9401 9408->9402 9410 4690ac 9409->9410 9823 4639c4 9410->9823 9416 4690f5 9412->9416 9417 4690eb 9412->9417 9867 468a70 9413->9867 9418 4690fb 9416->9418 9419 469148 9416->9419 9894 4653dc 9417->9894 9422 46912a 9418->9422 9901 468878 9418->9901 9423 469157 9419->9423 9424 46914e 9419->9424 9422->9396 9915 461f84 9422->9915 9947 45c158 9423->9947 9426 46868c 2 API calls 9424->9426 9426->9396 9431 46918c 9431->9396 9951 463ef8 9431->9951 9432 45c158 2 API calls 9434 46917b 9432->9434 9434->9431 9435 469180 9434->9435 9436 45b9d0 15 API calls 9435->9436 9437 469185 9436->9437 9438 468b04 128 API calls 9437->9438 9438->9396 9440 457994 9439->9440 9441 45797a 9439->9441 9443 457968 3 API calls 9440->9443 9445 4579bc 9440->9445 9442 457968 3 API calls 9441->9442 9442->9440 9443->9445 9444 457a86 9444->9299 9447 457c1c 9444->9447 9445->9444 9467 457900 9445->9467 9482 457aa0 9447->9482 9449 457c47 9449->9306 9450 457968 3 API calls 9451 457c57 RtlAllocateHeap 9450->9451 9452 457c31 9451->9452 9452->9449 9452->9450 9454 45d278 NtSetInformationThread 9453->9454 9454->9343 9457 4691c4 9456->9457 9497 4586a8 9457->9497 9459 4583c0 9462 45d290 9459->9462 9460 4691d4 9460->9459 9500 4586d0 9460->9500 9463 457968 3 API calls 9462->9463 9464 45d2b5 9463->9464 9465 45d2db 9464->9465 9466 45d2be NtProtectVirtualMemory 9464->9466 9465->9299 9466->9465 9468 45792c 9467->9468 9469 45795e 9467->9469 9468->9469 9474 45789c 9468->9474 9469->9445 9471 457940 9471->9469 9472 457954 9471->9472 9477 457850 9472->9477 9476 4578b3 9474->9476 9475 4578e1 LdrLoadDll 9475->9471 9476->9475 9478 457880 LdrGetProcedureAddress 9477->9478 9479 45785f 9477->9479 9480 457892 9478->9480 9481 45786b LdrGetProcedureAddress 9479->9481 9480->9469 9481->9480 9483 457ab3 9482->9483 9484 457acd 9482->9484 9485 457968 3 API calls 9483->9485 9486 457af5 9484->9486 9487 457968 3 API calls 9484->9487 9485->9484 9488 457968 3 API calls 9486->9488 9491 457b1d 9486->9491 9487->9486 9488->9491 9489 457b65 FindFirstFileW 9489->9491 9490 457bd6 9490->9452 9491->9489 9491->9490 9492 457b95 FindClose 9491->9492 9493 457bb3 FindNextFileW 9491->9493 9494 45789c LdrLoadDll 9492->9494 9493->9491 9495 457bc7 FindClose 9493->9495 9496 457bac 9494->9496 9495->9491 9496->9452 9498 4586b0 9497->9498 9499 4586be RtlAllocateHeap 9498->9499 9499->9460 9501 4586d8 9500->9501 9502 4586e6 RtlFreeHeap 9501->9502 9502->9459 9642 458c4c 9503->9642 9505 458dc4 9506 45909b 9505->9506 9507 4586a8 RtlAllocateHeap 9505->9507 9506->9351 9536 459ee8 9506->9536 9511 458de1 9507->9511 9508 459093 9509 4586d0 RtlFreeHeap 9508->9509 9509->9506 9510 4586d0 RtlFreeHeap 9510->9508 9511->9508 9512 4586a8 RtlAllocateHeap 9511->9512 9513 458e64 9511->9513 9535 459085 9511->9535 9512->9513 9514 458e97 9513->9514 9515 4586a8 RtlAllocateHeap 9513->9515 9516 4586a8 RtlAllocateHeap 9514->9516 9517 458eca 9514->9517 9515->9514 9516->9517 9518 458efd 9517->9518 9519 4586a8 RtlAllocateHeap 9517->9519 9521 4586a8 RtlAllocateHeap 9518->9521 9522 458f30 9518->9522 9519->9518 9520 458f96 9526 458fcd 9520->9526 9527 4586a8 RtlAllocateHeap 9520->9527 9521->9522 9523 458f63 9522->9523 9524 4586a8 RtlAllocateHeap 9522->9524 9523->9520 9525 4586a8 RtlAllocateHeap 9523->9525 9524->9523 9525->9520 9528 4586a8 RtlAllocateHeap 9526->9528 9526->9535 9527->9526 9529 459008 9528->9529 9529->9535 9645 458d48 9529->9645 9531 459030 9532 4586a8 RtlAllocateHeap 9531->9532 9533 45904f 9532->9533 9534 4586d0 RtlFreeHeap 9533->9534 9533->9535 9534->9535 9535->9510 9537 459efb NtQueryDefaultUILanguage 9536->9537 9538 459f21 9537->9538 9538->9351 9539->9358 9541 4586a8 RtlAllocateHeap 9540->9541 9542 458bb9 9541->9542 9542->9356 9544 4586a8 RtlAllocateHeap 9543->9544 9545 45d9a1 9544->9545 9545->9361 9547 45d535 9546->9547 9548 45d53c RtlAdjustPrivilege 9547->9548 9549 45b82e 9547->9549 9548->9547 9548->9549 9550 45d494 9549->9550 9551 45d4ab 9550->9551 9552 45d4af NtQueryInformationToken 9551->9552 9553 45b833 9551->9553 9552->9553 9553->9370 9554 45d1a8 9553->9554 9654 45b5fc 9554->9654 9556 45d1c5 9557 45b84d 9556->9557 9665 45b6a4 9556->9665 9557->9370 9599 45d2fc CheckTokenMembership 9557->9599 9560 45e238 9559->9560 9561 45b917 9559->9561 9562 458c4c RtlAllocateHeap 9560->9562 9581 4600a0 9561->9581 9563 45e249 9562->9563 9563->9561 9564 4586a8 RtlAllocateHeap 9563->9564 9569 45e265 9564->9569 9565 45e465 9566 4586d0 RtlFreeHeap 9565->9566 9566->9561 9567 45e456 9568 4586d0 RtlFreeHeap 9567->9568 9568->9565 9569->9565 9569->9567 9570 45e2b9 CreateFileW 9569->9570 9570->9567 9571 45e30d WriteFile 9570->9571 9571->9567 9572 45e328 RegCreateKeyExW 9571->9572 9572->9567 9573 45e351 RegSetValueExW 9572->9573 9575 45e383 RegCreateKeyExW 9573->9575 9576 45e44d NtClose 9573->9576 9575->9576 9578 45e3fe RegSetValueExW 9575->9578 9576->9567 9578->9576 9580 45e432 SHChangeNotify 9578->9580 9580->9576 9582 4600bc 9581->9582 9672 460138 9582->9672 9584 460112 9585 45b91c 9584->9585 9586 4586d0 RtlFreeHeap 9584->9586 9585->9293 9586->9585 9589 45d331 9587->9589 9588 45b7f2 9588->9354 9593 45d8dc 9588->9593 9589->9588 9590 4586a8 RtlAllocateHeap 9589->9590 9591 45d36a 9590->9591 9591->9588 9592 4586d0 RtlFreeHeap 9591->9592 9592->9588 9595 45d8f1 9593->9595 9594 45d986 9594->9354 9595->9594 9676 45b564 9595->9676 9598 4586d0 RtlFreeHeap 9598->9594 9599->9374 9601 45ccdf 9600->9601 9616 45ce94 9601->9616 9680 45ca48 9601->9680 9603 45cced 9604 45ceef 9603->9604 9605 45cddb 9603->9605 9603->9616 9606 458c4c RtlAllocateHeap 9604->9606 9604->9616 9607 458c4c RtlAllocateHeap 9605->9607 9605->9616 9608 45cf1e 9606->9608 9609 45ce0e 9607->9609 9611 4586d0 RtlFreeHeap 9608->9611 9608->9616 9610 4586d0 RtlFreeHeap 9609->9610 9609->9616 9612 45ce30 9610->9612 9611->9616 9613 458c4c RtlAllocateHeap 9612->9613 9612->9616 9614 45ce76 9613->9614 9615 4586d0 RtlFreeHeap 9614->9615 9614->9616 9615->9616 9616->9370 9618 45cfea 9617->9618 9619 4586a8 RtlAllocateHeap 9618->9619 9621 45cff5 9619->9621 9620 45b87c 9620->9372 9631 45d3d8 9620->9631 9621->9620 9622 4586d0 RtlFreeHeap 9621->9622 9624 45d016 9622->9624 9623 4586d0 RtlFreeHeap 9623->9620 9630 45d170 9624->9630 9690 458c7c 9624->9690 9626 45d126 9627 458c7c RtlAllocateHeap 9626->9627 9628 45d14b 9627->9628 9629 458c7c RtlAllocateHeap 9628->9629 9629->9630 9630->9623 9632 45d3ed 9631->9632 9633 4586a8 RtlAllocateHeap 9632->9633 9634 45b895 9632->9634 9636 45d426 9633->9636 9634->9372 9637 45d2fc CheckTokenMembership 9634->9637 9635 4586d0 RtlFreeHeap 9635->9634 9636->9634 9636->9635 9637->9386 9639 464cc8 9638->9639 9641 464d26 9639->9641 9693 464a28 9639->9693 9641->9373 9643 4586a8 RtlAllocateHeap 9642->9643 9644 458c5d 9643->9644 9644->9505 9646 458d6f 9645->9646 9651 458cf0 9646->9651 9648 458d8f 9649 4586d0 RtlFreeHeap 9648->9649 9650 458da3 9649->9650 9650->9531 9652 4586a8 RtlAllocateHeap 9651->9652 9653 458d13 9652->9653 9653->9648 9655 4586a8 RtlAllocateHeap 9654->9655 9659 45b61a 9655->9659 9656 45b61d NtQuerySystemInformation 9657 45b633 9656->9657 9656->9659 9663 4586d0 RtlFreeHeap 9657->9663 9658 45b650 9661 4586d0 RtlFreeHeap 9658->9661 9659->9656 9659->9658 9669 4586f8 9659->9669 9662 45b658 9661->9662 9662->9556 9664 45b696 9663->9664 9664->9556 9668 45b6c9 9665->9668 9666 45b792 NtClose 9667 45b79b 9666->9667 9667->9557 9668->9666 9668->9667 9670 458700 9669->9670 9671 45870e RtlReAllocateHeap 9670->9671 9671->9659 9673 460144 9672->9673 9675 460151 9672->9675 9674 4586a8 RtlAllocateHeap 9673->9674 9673->9675 9674->9675 9675->9584 9677 45b576 9676->9677 9679 45b59e 9676->9679 9678 4586a8 RtlAllocateHeap 9677->9678 9678->9679 9679->9598 9681 4586a8 RtlAllocateHeap 9680->9681 9682 45ca6d 9681->9682 9683 45caa3 9682->9683 9684 4586f8 RtlReAllocateHeap 9682->9684 9689 45ca86 9682->9689 9685 4586d0 RtlFreeHeap 9683->9685 9684->9682 9686 45caab 9685->9686 9686->9603 9687 4586d0 RtlFreeHeap 9688 45cbd0 9687->9688 9688->9603 9689->9687 9691 4586a8 RtlAllocateHeap 9690->9691 9692 458c8e 9691->9692 9692->9626 9694 464a39 9693->9694 9696 464bc7 9694->9696 9697 45d1e0 9694->9697 9696->9641 9698 45d1f2 9697->9698 9699 45d1ef 9697->9699 9698->9699 9700 45d239 NtSetInformationThread 9698->9700 9699->9696 9701 45d24f NtClose 9700->9701 9702 45d24e 9700->9702 9701->9699 9702->9701 9704 45b9e3 9703->9704 9705 45ba7e 9703->9705 9988 459dec 9704->9988 9712 468b04 9705->9712 9708 45ba31 9710 45ba51 CreateMutexW 9708->9710 9709 461f84 14 API calls 9709->9708 9992 458750 9710->9992 9716 468b1b 9712->9716 9713 468be4 CreateThread 9714 468bff 9713->9714 10540 45ad98 RtlAdjustPrivilege 9713->10540 9998 4592d8 GetLogicalDriveStringsW 9714->9998 9720 468b86 9716->9720 9724 468bc9 9716->9724 10142 45ba84 9716->10142 9721 45ba84 3 API calls 9720->9721 9720->9724 9721->9724 9722 468c27 9726 468c30 CreateThread 9722->9726 9727 468c48 9722->9727 9723 468c19 9723->9722 10005 459b14 OpenSCManagerW 9723->10005 9724->9713 9724->9714 9726->9727 10527 459c88 9726->10527 9728 468cc5 9727->9728 10011 45d554 9727->10011 9729 468cef 9728->9729 9730 468cdb NtTerminateThread 9728->9730 9731 468d13 9729->9731 9732 468cf8 CreateThread 9729->9732 9730->9729 9737 468e02 9731->9737 9752 468d33 9731->9752 9732->9731 10535 45b458 9732->10535 10167 463404 9737->10167 9739 468da9 9744 45d494 NtQueryInformationToken 9739->9744 9740 468ca5 9742 468cb8 9740->9742 9747 4600a0 2 API calls 9740->9747 9760 4600a0 2 API calls 9742->9760 9749 468dae 9744->9749 9751 468cb3 9747->9751 9754 468db2 9749->9754 9755 468db9 9749->9755 10065 461758 9751->10065 9752->9739 10087 45f820 9752->10087 9753 4600a0 2 API calls 9761 468c96 9753->9761 10163 45a790 9754->10163 10102 45a060 9755->10102 9757 468e00 9757->9396 9760->9728 10034 462508 9761->10034 9764 468c9b 9767 4600a0 2 API calls 9764->9767 9765 468db7 9765->9757 10136 45b464 9765->10136 9769 468ca0 9767->9769 10041 4626b4 9769->10041 9771 461f84 14 API calls 9771->9757 9773 458798 RtlAllocateHeap 9772->9773 9774 463b44 9773->9774 9775 463b66 9774->9775 9776 463b75 9774->9776 9795 463bdd 9774->9795 10598 461ad0 9775->10598 10624 459298 9776->10624 9780 463bd5 9781 4586d0 RtlFreeHeap 9780->9781 9781->9795 9782 4586a8 RtlAllocateHeap 9815 463bba 9782->9815 9783 463bf2 9784 4586d0 RtlFreeHeap 9783->9784 9784->9795 9785 463c66 9787 4586d0 RtlFreeHeap 9785->9787 9786 45c158 2 API calls 9786->9815 9787->9795 9788 463e3f 9789 4586d0 RtlFreeHeap 9788->9789 9789->9795 9790 463d5e 9791 4586d0 RtlFreeHeap 9790->9791 9791->9795 9792 4586d0 RtlFreeHeap 9792->9815 9793 45c0a0 NtSetInformationThread NtClose 9793->9815 9794 463e52 9798 463e71 9794->9798 9805 463e67 9794->9805 9795->9396 9796 463d71 10636 45c1fc 9796->10636 9797 463d41 9799 4586d0 RtlFreeHeap 9797->9799 9801 4587e8 RtlAllocateHeap 9798->9801 9799->9795 9800 463d95 9803 463df3 9800->9803 9804 463dfd 9800->9804 9806 463eca 9801->9806 9809 4587e8 RtlAllocateHeap 9803->9809 10640 4588d8 9804->10640 9811 4586d0 RtlFreeHeap 9805->9811 9812 4586d0 RtlFreeHeap 9806->9812 9814 463dfb 9809->9814 9811->9795 9816 463ed3 9812->9816 9813 463d88 9817 4586d0 RtlFreeHeap 9813->9817 9818 4586d0 RtlFreeHeap 9814->9818 9815->9780 9815->9782 9815->9783 9815->9785 9815->9786 9815->9788 9815->9790 9815->9792 9815->9793 9815->9794 9815->9795 9815->9796 9815->9797 9815->9798 9815->9800 9819 45c988 NtSetInformationThread NtClose 9815->9819 10630 45c778 9815->10630 9816->9795 9820 46243c 11 API calls 9816->9820 9817->9795 9821 463e0e 9818->9821 9819->9815 9820->9795 9821->9795 10644 46243c 9821->10644 9824 4637f8 2 API calls 9823->9824 9825 4639d2 9824->9825 9826 4639d6 9825->9826 9827 4639f7 9825->9827 9828 4639f2 9826->9828 9830 461f84 14 API calls 9826->9830 9829 45b464 2 API calls 9827->9829 9828->9396 9831 4639fc 9829->9831 9830->9828 9832 463a00 9831->9832 9833 463a0a 9831->9833 9834 468b04 128 API calls 9832->9834 10653 45d2fc CheckTokenMembership 9833->10653 9836 463a05 9834->9836 9836->9396 9837 463b26 9837->9396 9838 463a0f 9838->9837 9839 463a85 9838->9839 9841 45ba84 3 API calls 9838->9841 9842 45ba84 3 API calls 9839->9842 9844 463ace 9839->9844 9841->9839 9842->9844 10654 462900 9844->10654 9849 462968 3 API calls 9850 463b13 9849->9850 10702 462c40 9850->10702 9853 45a060 15 API calls 9854 463b1f 9853->9854 9855 46317c 2 API calls 9854->9855 9855->9837 10741 4636b8 9856->10741 9859 45a060 15 API calls 9860 468e2f 9859->9860 9861 45d494 NtQueryInformationToken 9860->9861 9862 468e48 9861->9862 9863 468ec0 9862->9863 9864 45b464 2 API calls 9862->9864 9863->9396 9865 468ea0 9864->9865 9866 461f84 14 API calls 9865->9866 9866->9863 9868 465424 RtlAllocateHeap 9867->9868 9872 468a82 9868->9872 9869 468af1 9870 468aff 9869->9870 9871 4586d0 RtlFreeHeap 9869->9871 9882 46868c 9870->9882 9871->9870 9872->9869 9873 468ac6 9872->9873 10754 467f60 9872->10754 10772 465970 9873->10772 9879 468ae7 9881 465970 2 API calls 9879->9881 9881->9869 9883 4686a0 9882->9883 9884 46886f 9882->9884 9885 465424 RtlAllocateHeap 9883->9885 9884->9396 9890 4686b0 9885->9890 9886 468756 9887 468861 9886->9887 9888 4586d0 RtlFreeHeap 9886->9888 9887->9884 9889 4586d0 RtlFreeHeap 9887->9889 9888->9887 9889->9884 9890->9886 9891 4586a8 RtlAllocateHeap 9890->9891 9892 468778 9891->9892 9892->9886 11080 468158 9892->11080 9895 465424 RtlAllocateHeap 9894->9895 9899 4653ee 9895->9899 9896 465412 9897 465420 9896->9897 9898 4586d0 RtlFreeHeap 9896->9898 9897->9396 9898->9897 9899->9896 11090 465254 9899->11090 9902 468894 9901->9902 9903 458c4c RtlAllocateHeap 9902->9903 9904 4689a5 9903->9904 9905 458c4c RtlAllocateHeap 9904->9905 9914 4689ae 9904->9914 9906 4689bf 9905->9906 9910 458c4c RtlAllocateHeap 9906->9910 9906->9914 9907 468a4b 9909 468a59 9907->9909 9911 4586d0 RtlFreeHeap 9907->9911 9908 4586d0 RtlFreeHeap 9908->9907 9912 468a67 9909->9912 9913 4586d0 RtlFreeHeap 9909->9913 9910->9914 9911->9909 9912->9422 9913->9912 9914->9907 9914->9908 9916 461fb9 9915->9916 9917 458c4c RtlAllocateHeap 9916->9917 9918 462032 9917->9918 9919 4586a8 RtlAllocateHeap 9918->9919 9920 46203b 9918->9920 9922 462052 9919->9922 9921 462400 9920->9921 9923 4586d0 RtlFreeHeap 9920->9923 9924 46240e 9921->9924 9926 4586d0 RtlFreeHeap 9921->9926 9922->9920 11108 461e08 9922->11108 9923->9921 9927 46241c 9924->9927 9930 4586d0 RtlFreeHeap 9924->9930 9926->9924 9928 46242a 9927->9928 9931 4586d0 RtlFreeHeap 9927->9931 9928->9396 9929 462083 9929->9920 9932 4620a4 GetTempFileNameW CreateFileW 9929->9932 9930->9927 9931->9928 9932->9920 9933 4620e9 WriteFile 9932->9933 9933->9920 9934 462105 CreateProcessW 9933->9934 9934->9920 9936 46216f NtQueryInformationProcess 9934->9936 9936->9920 9937 462193 NtReadVirtualMemory 9936->9937 9937->9920 9938 4621ba 9937->9938 9939 458c4c RtlAllocateHeap 9938->9939 9940 4621c4 9939->9940 9940->9920 9941 462228 NtProtectVirtualMemory 9940->9941 9941->9920 9942 462254 NtWriteVirtualMemory 9941->9942 9942->9920 9943 46226e 9942->9943 9943->9920 9944 4622d1 NtDuplicateObject 9943->9944 9944->9920 9945 4622f9 CreateNamedPipeW 9944->9945 9945->9920 9946 462365 ResumeThread ConnectNamedPipe 9945->9946 9946->9920 9948 45c17b 9947->9948 9949 45c195 9948->9949 9950 45d1e0 2 API calls 9948->9950 9949->9431 9949->9432 9950->9949 9952 458798 RtlAllocateHeap 9951->9952 9960 463f10 9952->9960 9953 45c158 2 API calls 9953->9960 9954 46408c 9955 4586d0 RtlFreeHeap 9954->9955 9972 463f96 9955->9972 9956 463fab 9959 4586d0 RtlFreeHeap 9956->9959 9957 463fbe 9965 45c1fc 2 API calls 9957->9965 9958 45c0a0 NtSetInformationThread NtClose 9958->9960 9959->9972 9960->9953 9960->9954 9960->9956 9960->9957 9960->9958 9961 463f8e 9960->9961 9962 4640be 9960->9962 9963 46409f 9960->9963 9960->9972 9976 463fe2 9960->9976 9982 45c988 NtSetInformationThread NtClose 9960->9982 9986 4586d0 RtlFreeHeap 9960->9986 9966 4586d0 RtlFreeHeap 9961->9966 9964 4587e8 RtlAllocateHeap 9962->9964 9963->9962 9967 4640b4 9963->9967 9968 464117 9964->9968 9969 463fd1 9965->9969 9966->9972 9973 4586d0 RtlFreeHeap 9967->9973 9974 4586d0 RtlFreeHeap 9968->9974 9975 463fd5 9969->9975 9969->9976 9970 464040 9977 4587e8 RtlAllocateHeap 9970->9977 9971 46404a 9978 4588d8 RtlAllocateHeap 9971->9978 9972->9396 9973->9972 9979 464120 9974->9979 9980 4586d0 RtlFreeHeap 9975->9980 9976->9970 9976->9971 9981 464048 9977->9981 9978->9981 9979->9972 9985 46243c 11 API calls 9979->9985 9980->9972 9983 4586d0 RtlFreeHeap 9981->9983 9982->9960 9984 46405b 9983->9984 9984->9972 9987 46243c 11 API calls 9984->9987 9985->9972 9986->9960 9987->9972 9990 459e05 9988->9990 9989 459ebe 9989->9708 9989->9709 9990->9989 9995 458724 9990->9995 9993 4586d0 RtlFreeHeap 9992->9993 9994 45875f 9993->9994 9994->9705 9996 4586a8 RtlAllocateHeap 9995->9996 9997 45873a 9996->9997 9997->9989 9999 459323 9998->9999 10001 4592fb 9998->10001 10003 45969c CoInitialize 9999->10003 10000 459304 GetDriveTypeW 10000->10001 10001->9999 10001->10000 10196 45932c 10001->10196 10004 4596d1 10003->10004 10004->9723 10006 459b42 10005->10006 10010 459b71 10005->10010 10008 4586a8 RtlAllocateHeap 10006->10008 10007 459c25 10007->9722 10008->10010 10009 4586d0 RtlFreeHeap 10009->10007 10010->10007 10010->10009 10012 458724 RtlAllocateHeap 10011->10012 10013 45d55c 10012->10013 10014 45d5a4 10013->10014 10015 45d562 NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess 10013->10015 10017 45ffd0 10014->10017 10016 458750 RtlFreeHeap 10015->10016 10016->10014 10018 45ffdd 10017->10018 10019 460042 10018->10019 10020 460012 CreateThread 10018->10020 10021 45d264 NtSetInformationThread 10018->10021 10019->9728 10019->9740 10023 45c4ac 10019->10023 10020->10018 10263 45fc5c SetThreadPriority 10020->10263 10022 460033 NtClose 10021->10022 10022->10018 10024 45c4d3 GetVolumeNameForVolumeMountPointW 10023->10024 10026 45c516 FindFirstVolumeW 10024->10026 10027 45c767 10026->10027 10030 45c532 10026->10030 10027->9753 10028 45c54b GetVolumePathNamesForVolumeNameW 10028->10030 10029 45c57c GetDriveTypeW 10029->10030 10030->10027 10030->10028 10030->10029 10031 45c61d CreateFileW 10030->10031 10033 45c420 6 API calls 10030->10033 10031->10030 10032 45c643 DeviceIoControl 10031->10032 10032->10030 10033->10030 10035 462562 10034->10035 10037 4625d8 10035->10037 10040 462633 10035->10040 10271 45d2fc CheckTokenMembership 10035->10271 10038 4625dc 10037->10038 10272 4587e8 10037->10272 10038->9764 10040->9764 10042 4626c9 10041->10042 10276 45c2a8 CreateThread 10042->10276 10044 4626db 10045 4626e1 10044->10045 10046 4586a8 RtlAllocateHeap 10044->10046 10047 4628da 10045->10047 10050 4586d0 RtlFreeHeap 10045->10050 10048 4626f3 10046->10048 10049 4628e8 10047->10049 10052 4586d0 RtlFreeHeap 10047->10052 10048->10045 10051 45c2a8 6 API calls 10048->10051 10053 4628f6 10049->10053 10055 4586d0 RtlFreeHeap 10049->10055 10050->10047 10054 462710 10051->10054 10052->10049 10053->9740 10054->10045 10056 4586a8 RtlAllocateHeap 10054->10056 10055->10053 10057 46272b 10056->10057 10057->10045 10058 4586a8 RtlAllocateHeap 10057->10058 10062 462746 10058->10062 10060 4587e8 RtlAllocateHeap 10061 4627a2 CreateThread 10060->10061 10061->10062 10294 460dd4 GetFileAttributesW 10061->10294 10062->10045 10062->10060 10063 4587e8 RtlAllocateHeap 10062->10063 10064 45d1e0 2 API calls 10062->10064 10284 45bfe0 CreateThread 10062->10284 10063->10062 10064->10062 10066 461784 10065->10066 10067 4586a8 RtlAllocateHeap 10066->10067 10068 461791 10067->10068 10081 46179a 10068->10081 10446 4612fc CoInitialize 10068->10446 10071 461aab 10073 461ab9 10071->10073 10075 4586d0 RtlFreeHeap 10071->10075 10072 4586d0 RtlFreeHeap 10072->10071 10076 461ac7 10073->10076 10078 4586d0 RtlFreeHeap 10073->10078 10074 4586a8 RtlAllocateHeap 10077 4617c7 10074->10077 10075->10073 10076->9742 10079 4586a8 RtlAllocateHeap 10077->10079 10077->10081 10078->10076 10083 4617e2 10079->10083 10080 46106c NtSetInformationThread NtClose 10080->10083 10081->10071 10081->10072 10083->10080 10083->10081 10084 4611a8 NtSetInformationThread NtClose 10083->10084 10085 45d1e0 2 API calls 10083->10085 10086 4586d0 RtlFreeHeap 10083->10086 10452 458844 10083->10452 10084->10083 10085->10083 10086->10083 10456 45ecfc 10087->10456 10089 45f862 10090 45f98a 10089->10090 10092 4586d0 RtlFreeHeap 10089->10092 10093 45f998 10090->10093 10094 4586d0 RtlFreeHeap 10090->10094 10091 45f859 10091->10089 10097 458c4c RtlAllocateHeap 10091->10097 10092->10090 10095 45f9a6 10093->10095 10096 4586d0 RtlFreeHeap 10093->10096 10094->10093 10095->9739 10096->10095 10098 45f8af 10097->10098 10098->10089 10099 4586a8 RtlAllocateHeap 10098->10099 10100 45f8e5 10099->10100 10100->10089 10460 45edec 10100->10460 10103 45a0bb 10102->10103 10107 45a0c0 10102->10107 10104 45a739 10103->10104 10105 4586d0 RtlFreeHeap 10103->10105 10106 4586d0 RtlFreeHeap 10104->10106 10108 45a747 10104->10108 10105->10104 10106->10108 10107->10103 10499 462968 10107->10499 10108->9765 10110 45a11d 10110->10103 10111 4586a8 RtlAllocateHeap 10110->10111 10112 45a1ff 10111->10112 10112->10103 10113 45a217 10112->10113 10114 45a231 10112->10114 10115 458c4c RtlAllocateHeap 10113->10115 10116 458c4c RtlAllocateHeap 10114->10116 10117 45a221 10115->10117 10116->10117 10117->10103 10118 45a264 10117->10118 10119 45a278 GetTextExtentPoint32W 10117->10119 10120 4586d0 RtlFreeHeap 10118->10120 10119->10103 10121 45a292 10119->10121 10120->10103 10121->10103 10122 45a32b DrawTextW 10121->10122 10122->10103 10123 45a353 10122->10123 10123->10103 10124 45a48d CreateFileW 10123->10124 10124->10103 10125 45a4b6 WriteFile 10124->10125 10125->10103 10126 45a4d7 WriteFile 10125->10126 10126->10103 10127 45a4f5 WriteFile 10126->10127 10127->10103 10128 45a513 10127->10128 10506 458afc 10128->10506 10130 45a535 10130->10103 10131 45a5b8 RegCreateKeyExW 10130->10131 10131->10103 10132 45a5e9 10131->10132 10133 45a622 RegSetValueExW 10132->10133 10133->10103 10134 45a64f 10133->10134 10135 45a6ae RegSetValueExW 10134->10135 10135->10103 10140 45b48d 10136->10140 10137 45b4bc 10138 45b559 10137->10138 10139 4586d0 RtlFreeHeap 10137->10139 10138->9771 10139->10138 10140->10137 10512 45e6e4 10140->10512 10144 45bab6 10142->10144 10143 45baba 10143->9720 10144->10143 10518 465424 10144->10518 10146 45be6a 10148 45be7e 10146->10148 10150 4586d0 RtlFreeHeap 10146->10150 10147 4586d0 RtlFreeHeap 10147->10146 10149 45be92 10148->10149 10151 4586d0 RtlFreeHeap 10148->10151 10152 45bea6 10149->10152 10153 4586d0 RtlFreeHeap 10149->10153 10150->10148 10151->10149 10152->9720 10153->10152 10154 45bc31 10155 45d494 NtQueryInformationToken 10154->10155 10159 45bc40 10154->10159 10156 45bd02 10155->10156 10157 458c4c RtlAllocateHeap 10156->10157 10156->10159 10158 45bd45 10157->10158 10158->10159 10160 458c4c RtlAllocateHeap 10158->10160 10159->10146 10159->10147 10161 45bd65 10160->10161 10161->10159 10162 458c4c RtlAllocateHeap 10161->10162 10162->10159 10164 45a7a1 10163->10164 10165 45d1e0 2 API calls 10164->10165 10166 45a99c 10164->10166 10165->10166 10166->9765 10168 458c4c RtlAllocateHeap 10167->10168 10169 463437 10168->10169 10181 463440 10169->10181 10521 463388 10169->10521 10170 463578 10172 4586d0 RtlFreeHeap 10170->10172 10174 463586 10170->10174 10171 4586d0 RtlFreeHeap 10171->10170 10172->10174 10173 463594 10184 4637f8 10173->10184 10174->10173 10176 4586d0 RtlFreeHeap 10174->10176 10176->10173 10177 463474 10178 458798 RtlAllocateHeap 10177->10178 10177->10181 10179 46348f 10178->10179 10180 458c4c RtlAllocateHeap 10179->10180 10179->10181 10182 4634f5 10180->10182 10181->10170 10181->10171 10183 4586d0 RtlFreeHeap 10182->10183 10183->10181 10185 4638fc 10184->10185 10187 46392a 10185->10187 10524 463704 10185->10524 10188 4639bb 10187->10188 10189 4586d0 RtlFreeHeap 10187->10189 10190 46317c 10188->10190 10189->10188 10191 463194 10190->10191 10192 458c4c RtlAllocateHeap 10191->10192 10193 4631ce 10192->10193 10194 4631d7 10193->10194 10195 4586d0 RtlFreeHeap 10193->10195 10194->9757 10195->10194 10204 459400 10196->10204 10198 4593f0 10198->10001 10199 459344 10199->10198 10200 459376 FindFirstFileExW 10199->10200 10200->10198 10202 45939e 10200->10202 10201 4593dc FindNextFileW 10201->10198 10201->10202 10202->10201 10210 4594dc 10202->10210 10205 459420 FindFirstFileExW 10204->10205 10207 4594d2 10205->10207 10209 45947e FindClose 10205->10209 10207->10199 10209->10207 10211 4594fe 10210->10211 10212 459692 10211->10212 10213 4586a8 RtlAllocateHeap 10211->10213 10212->10201 10218 459516 10213->10218 10214 45966d 10215 459684 10214->10215 10216 4586d0 RtlFreeHeap 10214->10216 10215->10212 10217 4586d0 RtlFreeHeap 10215->10217 10216->10215 10217->10212 10218->10214 10219 45954e FindFirstFileExW 10218->10219 10219->10214 10225 459576 10219->10225 10220 459655 FindNextFileW 10220->10214 10220->10225 10221 4586a8 RtlAllocateHeap 10221->10225 10222 4595f0 GetFileAttributesW 10222->10225 10224 4586d0 RtlFreeHeap 10224->10225 10225->10220 10225->10221 10225->10222 10225->10224 10226 4594dc 12 API calls 10225->10226 10227 4584cc 10225->10227 10226->10225 10228 4584e2 10227->10228 10228->10228 10247 45beb4 FindFirstFileExW 10228->10247 10231 458509 CreateFileW 10234 458609 10231->10234 10237 458531 10231->10237 10232 458536 NtAllocateVirtualMemory 10233 458567 10232->10233 10232->10237 10233->10234 10242 4585c7 WriteFile 10233->10242 10235 458638 NtFreeVirtualMemory 10234->10235 10236 45865d 10234->10236 10235->10234 10238 458663 NtClose 10236->10238 10239 45866c 10236->10239 10237->10232 10237->10233 10238->10239 10250 4583c8 10239->10250 10242->10233 10244 4585e1 SetFilePointerEx 10242->10244 10243 458685 10245 45869a 10243->10245 10246 4586d0 RtlFreeHeap 10243->10246 10244->10233 10244->10242 10245->10225 10246->10245 10248 4584f9 10247->10248 10249 45bee5 FindClose 10247->10249 10248->10231 10248->10234 10249->10248 10259 458798 10250->10259 10253 4583eb 10255 458481 DeleteFileW 10253->10255 10256 4586d0 RtlFreeHeap 10253->10256 10254 458798 RtlAllocateHeap 10257 4583f7 10254->10257 10255->10243 10256->10255 10257->10253 10258 458442 MoveFileExW 10257->10258 10258->10253 10258->10257 10260 4587ae 10259->10260 10261 4583e2 10260->10261 10262 4586a8 RtlAllocateHeap 10260->10262 10261->10253 10261->10254 10262->10261 10267 45fc73 10263->10267 10264 45fcd5 ReadFile 10264->10267 10265 45fe92 WriteFile 10265->10267 10266 45ff38 NtClose 10266->10267 10267->10264 10267->10265 10267->10266 10268 4586d0 RtlFreeHeap 10267->10268 10269 45fcc6 10267->10269 10270 45fe19 WriteFile 10267->10270 10268->10267 10270->10267 10271->10037 10273 458800 10272->10273 10274 458816 10273->10274 10275 4586a8 RtlAllocateHeap 10273->10275 10274->10040 10275->10274 10277 45c344 10276->10277 10278 45c2e8 10276->10278 10292 45c290 GetLogicalDriveStringsW 10276->10292 10277->10044 10279 45c31a ResumeThread 10278->10279 10280 45d1e0 2 API calls 10278->10280 10282 45c32e GetExitCodeThread 10279->10282 10281 45c2f9 10280->10281 10281->10279 10283 45c2fd 10281->10283 10282->10277 10283->10044 10285 45c013 10284->10285 10286 45c06f 10284->10286 10293 45bfd0 GetDriveTypeW 10284->10293 10287 45c045 ResumeThread 10285->10287 10288 45d1e0 2 API calls 10285->10288 10286->10062 10289 45c059 GetExitCodeThread 10287->10289 10290 45c024 10288->10290 10289->10286 10290->10287 10291 45c028 10290->10291 10291->10062 10295 460e4b SetThreadPriority 10294->10295 10296 460ded 10294->10296 10297 460e5a 10295->10297 10298 460e3d 10296->10298 10300 45beb4 2 API calls 10296->10300 10303 4586a8 RtlAllocateHeap 10297->10303 10299 4586d0 RtlFreeHeap 10298->10299 10301 460e45 10299->10301 10302 460e07 10300->10302 10302->10298 10304 460e17 10302->10304 10321 460e79 10303->10321 10305 45dfbc 11 API calls 10304->10305 10307 460e21 10305->10307 10309 460a38 13 API calls 10307->10309 10311 460e37 10309->10311 10310 4586d0 RtlFreeHeap 10312 460ea9 FindFirstFileExW 10310->10312 10312->10321 10313 4586d0 RtlFreeHeap 10313->10321 10314 46101e 10315 4586d0 RtlFreeHeap 10314->10315 10318 461041 10315->10318 10316 460fe6 FindNextFileW 10317 460ffe FindClose 10316->10317 10316->10321 10317->10321 10319 460c94 RtlAllocateHeap 10319->10321 10321->10310 10321->10313 10321->10314 10321->10316 10321->10319 10322 45dfbc 10321->10322 10341 460c30 10321->10341 10345 460a38 10321->10345 10323 45dfd8 10322->10323 10336 45dfd3 10322->10336 10324 458798 RtlAllocateHeap 10323->10324 10325 45dfe2 10324->10325 10326 45dff0 GetFileAttributesW 10325->10326 10325->10336 10327 45e000 10326->10327 10328 45e045 10327->10328 10329 45e05e 10327->10329 10331 45e0ac 6 API calls 10328->10331 10330 45e075 GetFileAttributesW 10329->10330 10340 45e066 10329->10340 10333 45e082 10330->10333 10334 45e08e CopyFileW 10330->10334 10335 45e04d 10331->10335 10337 4586d0 RtlFreeHeap 10333->10337 10338 4586d0 RtlFreeHeap 10334->10338 10339 4586d0 RtlFreeHeap 10335->10339 10336->10321 10337->10340 10338->10336 10339->10336 10376 45e0ac CreateFileW 10340->10376 10343 460c48 10341->10343 10342 460c5e 10342->10321 10343->10342 10344 4586a8 RtlAllocateHeap 10343->10344 10344->10342 10346 460c21 10345->10346 10347 460a59 10345->10347 10346->10321 10387 460194 10347->10387 10350 460c19 10352 4586d0 RtlFreeHeap 10350->10352 10352->10346 10353 460a71 10353->10350 10354 460a85 10353->10354 10355 460a98 10353->10355 10420 4606cc 10354->10420 10424 4607b0 10355->10424 10358 460ab3 MoveFileExW 10359 460a93 10358->10359 10367 460ac5 10358->10367 10359->10350 10359->10358 10360 460b00 10359->10360 10361 4586d0 RtlFreeHeap 10359->10361 10364 4607b0 RtlAllocateHeap 10359->10364 10359->10367 10362 4586d0 RtlFreeHeap 10360->10362 10361->10359 10362->10367 10363 460b1d CreateFileW 10366 460b46 10363->10366 10373 460b41 10363->10373 10364->10359 10365 4586d0 RtlFreeHeap 10365->10350 10400 4607fc 10366->10400 10367->10363 10367->10373 10370 460b6f CreateIoCompletionPort 10371 460b86 10370->10371 10374 460ba8 10370->10374 10372 4586d0 RtlFreeHeap 10371->10372 10372->10373 10373->10350 10373->10365 10374->10373 10375 4586d0 RtlFreeHeap 10374->10375 10375->10373 10377 45e20d 10376->10377 10378 45e0dd 10376->10378 10377->10336 10379 45e115 WriteFile 10378->10379 10380 45e14c WriteFile 10379->10380 10381 45e13a NtClose 10379->10381 10382 45e185 WriteFile 10380->10382 10383 45e173 10380->10383 10381->10336 10384 45e1bc WriteFile 10382->10384 10385 45e1aa 10382->10385 10383->10336 10384->10378 10386 45e1e3 10384->10386 10385->10336 10386->10336 10388 4601ad SetFileAttributesW CreateFileW 10387->10388 10390 4601f3 10388->10390 10391 4601db 10388->10391 10390->10350 10392 460244 SetFileAttributesW CreateFileW 10390->10392 10391->10388 10391->10390 10428 45fc2c 10391->10428 10393 460284 SetFilePointerEx 10392->10393 10394 4602f0 10392->10394 10393->10394 10395 4602a3 ReadFile 10393->10395 10394->10353 10395->10394 10396 4602c2 10395->10396 10397 460138 RtlAllocateHeap 10396->10397 10398 4602d3 10397->10398 10398->10394 10399 4586d0 RtlFreeHeap 10398->10399 10399->10394 10402 46082c 10400->10402 10401 46085d 10404 4586a8 RtlAllocateHeap 10401->10404 10402->10401 10403 4600a0 2 API calls 10402->10403 10403->10401 10411 460869 10404->10411 10405 460a03 10407 460a11 10405->10407 10408 4586d0 RtlFreeHeap 10405->10408 10406 4586d0 RtlFreeHeap 10406->10405 10409 460a1f 10407->10409 10410 4586d0 RtlFreeHeap 10407->10410 10408->10407 10409->10370 10409->10373 10410->10409 10412 4586a8 RtlAllocateHeap 10411->10412 10419 4609b0 10411->10419 10413 4608c6 10412->10413 10414 4586a8 RtlAllocateHeap 10413->10414 10413->10419 10415 4608f5 10414->10415 10416 4586a8 RtlAllocateHeap 10415->10416 10415->10419 10417 4609a7 10416->10417 10418 4586d0 RtlFreeHeap 10417->10418 10417->10419 10418->10419 10419->10405 10419->10406 10421 4606d9 10420->10421 10422 458798 RtlAllocateHeap 10421->10422 10423 4606e5 10422->10423 10423->10359 10425 4607be 10424->10425 10426 458798 RtlAllocateHeap 10425->10426 10427 4607cd 10426->10427 10427->10359 10430 45fc37 10428->10430 10429 45fc44 10429->10391 10430->10429 10432 45fac8 10430->10432 10435 45faff 10432->10435 10433 45fc21 10433->10429 10434 45fbd4 10434->10433 10436 4586d0 RtlFreeHeap 10434->10436 10435->10434 10437 4586a8 RtlAllocateHeap 10435->10437 10436->10433 10438 45fb58 10437->10438 10438->10434 10439 45fb81 10438->10439 10440 4586f8 RtlReAllocateHeap 10438->10440 10439->10434 10442 45fa44 10439->10442 10440->10438 10443 45fa9e 10442->10443 10444 45faa2 NtTerminateProcess 10443->10444 10445 45fab6 10443->10445 10444->10445 10445->10439 10447 4614e2 10446->10447 10448 461339 10446->10448 10447->10074 10447->10081 10449 4586a8 RtlAllocateHeap 10448->10449 10450 4613be 10448->10450 10449->10448 10450->10447 10451 4586a8 RtlAllocateHeap 10450->10451 10451->10450 10453 45885d 10452->10453 10454 4586a8 RtlAllocateHeap 10453->10454 10455 45887d 10454->10455 10455->10083 10458 45ed18 10456->10458 10457 45ed9d 10457->10091 10458->10457 10459 4586a8 RtlAllocateHeap 10458->10459 10459->10457 10461 45ee3f 10460->10461 10462 45ee44 10460->10462 10464 45f27e 10461->10464 10466 4586d0 RtlFreeHeap 10461->10466 10462->10461 10463 4586a8 RtlAllocateHeap 10462->10463 10473 45ee85 10463->10473 10465 45f28c 10464->10465 10467 4586d0 RtlFreeHeap 10464->10467 10468 45f29a 10465->10468 10469 4586d0 RtlFreeHeap 10465->10469 10466->10464 10467->10465 10470 45f2a8 10468->10470 10471 4586d0 RtlFreeHeap 10468->10471 10469->10468 10472 45f2b6 10470->10472 10475 4586d0 RtlFreeHeap 10470->10475 10471->10470 10476 45f2c4 10472->10476 10478 4586d0 RtlFreeHeap 10472->10478 10473->10461 10487 45f49c 10473->10487 10475->10472 10476->10089 10477 45eeae 10477->10461 10491 45f2d0 10477->10491 10478->10476 10480 45eec1 10480->10461 10495 45f458 10480->10495 10483 458c4c RtlAllocateHeap 10484 45eeec 10483->10484 10484->10461 10485 4586a8 RtlAllocateHeap 10484->10485 10486 4586d0 RtlFreeHeap 10484->10486 10485->10484 10486->10484 10488 45f4c7 10487->10488 10489 4586a8 RtlAllocateHeap 10488->10489 10490 45f5c4 10489->10490 10490->10477 10492 45f360 10491->10492 10493 4586a8 RtlAllocateHeap 10492->10493 10494 45f39e 10493->10494 10494->10480 10496 45f477 10495->10496 10497 458c4c RtlAllocateHeap 10496->10497 10498 45eed4 10497->10498 10498->10461 10498->10483 10500 4629af 10499->10500 10501 462abe RegCreateKeyExW 10500->10501 10505 4629fc 10500->10505 10502 462aeb RegQueryValueExW 10501->10502 10501->10505 10503 462b1a 10502->10503 10504 462b66 RegDeleteKeyExW 10503->10504 10503->10505 10504->10505 10505->10110 10507 458b36 NtQueryInformationToken 10506->10507 10508 458b1f 10506->10508 10510 458b31 10507->10510 10508->10507 10508->10510 10509 458b88 10509->10130 10510->10509 10511 4586d0 RtlFreeHeap 10510->10511 10511->10509 10513 45e705 10512->10513 10514 4586a8 RtlAllocateHeap 10513->10514 10516 45e715 10514->10516 10515 45e737 10515->10137 10516->10515 10517 4586d0 RtlFreeHeap 10516->10517 10517->10515 10519 4586a8 RtlAllocateHeap 10518->10519 10520 46543b 10519->10520 10520->10154 10522 4586a8 RtlAllocateHeap 10521->10522 10523 46339e 10522->10523 10523->10177 10525 4586a8 RtlAllocateHeap 10524->10525 10526 46371e 10525->10526 10526->10187 10532 459c90 10527->10532 10528 4586a8 RtlAllocateHeap 10528->10532 10529 459ca2 NtQuerySystemInformation 10529->10532 10530 4586f8 RtlReAllocateHeap 10530->10532 10531 4586d0 RtlFreeHeap 10531->10532 10532->10528 10532->10529 10532->10530 10532->10531 10533 4586d0 RtlFreeHeap 10532->10533 10534 459d70 Sleep 10533->10534 10534->10532 10555 45aff8 10535->10555 10541 45b5fc 4 API calls 10540->10541 10542 45add0 10541->10542 10543 45b6a4 NtClose 10542->10543 10546 45ae40 10542->10546 10544 45adde 10543->10544 10544->10546 10547 45ade7 NtSetInformationThread 10544->10547 10545 45ae65 10546->10545 10595 45acfc 10546->10595 10547->10546 10549 45adfb 10547->10549 10584 45abd8 10549->10584 10552 45b6a4 NtClose 10553 45ae1e 10552->10553 10553->10546 10589 45aa10 10553->10589 10556 45b0d9 10555->10556 10557 45b29d RegCreateKeyExW 10556->10557 10558 45b2d1 RegEnumKeyW 10557->10558 10559 45b2f7 RegCreateKeyExW 10557->10559 10558->10559 10562 45b2fc RegCreateKeyExW 10558->10562 10565 45b412 10559->10565 10568 45b3ec RegEnumKeyW 10559->10568 10562->10558 10564 45b32a RegSetValueExW 10562->10564 10564->10558 10567 45b34c RegSetValueExW 10564->10567 10572 45aeec 10565->10572 10566 45b414 OpenEventLogW 10566->10568 10569 45b42c ClearEventLogW 10566->10569 10567->10558 10570 45b36a OpenEventLogW 10567->10570 10568->10565 10568->10566 10569->10568 10570->10558 10571 45b382 ClearEventLogW 10570->10571 10571->10558 10579 45ae6c RtlAdjustPrivilege 10572->10579 10574 45afc4 10575 45afe5 10574->10575 10576 45afdc CloseServiceHandle 10574->10576 10576->10575 10577 45af05 10577->10574 10578 45fa44 NtTerminateProcess 10577->10578 10578->10574 10580 45b5fc 4 API calls 10579->10580 10581 45aea4 10580->10581 10582 45aeb2 10581->10582 10583 45b6a4 NtClose 10581->10583 10582->10577 10583->10582 10585 45b5fc 4 API calls 10584->10585 10586 45ac03 10585->10586 10587 45ac10 OpenSCManagerW 10586->10587 10588 45ac29 10586->10588 10587->10588 10588->10546 10588->10552 10590 45aa41 10589->10590 10591 45aa7d 10590->10591 10593 4586a8 RtlAllocateHeap 10590->10593 10592 45abcc 10591->10592 10594 4586d0 RtlFreeHeap 10591->10594 10592->10546 10593->10591 10594->10592 10596 45b5fc 4 API calls 10595->10596 10597 45ad15 10596->10597 10597->10545 10649 46106c 10598->10649 10601 46106c 2 API calls 10602 461b50 10601->10602 10604 461b78 10602->10604 10607 46106c 2 API calls 10602->10607 10603 461de3 10606 461df1 10603->10606 10609 4586d0 RtlFreeHeap 10603->10609 10608 4586a8 RtlAllocateHeap 10604->10608 10619 461ba1 10604->10619 10605 4586d0 RtlFreeHeap 10605->10603 10610 461dff 10606->10610 10611 4586d0 RtlFreeHeap 10606->10611 10607->10604 10612 461b98 10608->10612 10609->10606 10610->9396 10611->10610 10613 4586a8 RtlAllocateHeap 10612->10613 10612->10619 10614 461bb3 10613->10614 10615 45ffd0 9 API calls 10614->10615 10614->10619 10623 461bc6 10615->10623 10616 458844 RtlAllocateHeap 10616->10623 10617 461d5d 10618 4586d0 RtlFreeHeap 10617->10618 10617->10619 10618->10619 10619->10603 10619->10605 10620 4611a8 NtSetInformationThread NtClose 10620->10623 10621 45d1e0 2 API calls 10621->10623 10622 4586d0 RtlFreeHeap 10622->10623 10623->10616 10623->10617 10623->10620 10623->10621 10623->10622 10625 4592a3 10624->10625 10626 458798 RtlAllocateHeap 10625->10626 10628 4592b1 10626->10628 10627 4592d4 10627->9815 10628->10627 10629 4586d0 RtlFreeHeap 10628->10629 10629->10627 10631 45c7a3 10630->10631 10632 45c2a8 6 API calls 10631->10632 10633 45c7ba 10632->10633 10634 4586a8 RtlAllocateHeap 10633->10634 10635 45c7e9 10633->10635 10634->10635 10635->9815 10637 45c21f 10636->10637 10638 45d1e0 2 API calls 10637->10638 10639 45c239 10637->10639 10638->10639 10639->9800 10639->9813 10641 4588f1 10640->10641 10642 4586a8 RtlAllocateHeap 10641->10642 10643 458907 10641->10643 10642->10643 10643->9814 10645 45ffd0 9 API calls 10644->10645 10646 462447 10645->10646 10647 45d1e0 2 API calls 10646->10647 10648 462498 10646->10648 10647->10648 10648->9795 10650 4610c6 10649->10650 10651 45d1e0 2 API calls 10650->10651 10652 4610e0 10650->10652 10651->10652 10652->10601 10652->10604 10653->9838 10655 46295d 10654->10655 10656 462918 10654->10656 10655->9837 10660 462ed0 10655->10660 10657 45e6e4 2 API calls 10656->10657 10658 46291d 10657->10658 10658->10655 10659 4586d0 RtlFreeHeap 10658->10659 10659->10655 10712 462d10 10660->10712 10662 462f11 10663 458c4c RtlAllocateHeap 10662->10663 10688 462f15 10662->10688 10671 462f24 10663->10671 10664 4630b0 10666 4630be 10664->10666 10667 4586d0 RtlFreeHeap 10664->10667 10665 4586d0 RtlFreeHeap 10665->10664 10668 4630cc 10666->10668 10669 4586d0 RtlFreeHeap 10666->10669 10667->10666 10670 4630da 10668->10670 10672 4586d0 RtlFreeHeap 10668->10672 10669->10668 10670->9837 10689 463230 10670->10689 10671->10688 10734 4630e1 10671->10734 10672->10670 10675 458c4c RtlAllocateHeap 10676 462f6b 10675->10676 10677 4630e1 RtlFreeHeap 10676->10677 10676->10688 10678 462fa4 10677->10678 10679 458c4c RtlAllocateHeap 10678->10679 10680 462fae 10679->10680 10681 4630e1 RtlFreeHeap 10680->10681 10680->10688 10682 462ff1 10681->10682 10683 458c4c RtlAllocateHeap 10682->10683 10684 462ffb 10683->10684 10685 4630e1 RtlFreeHeap 10684->10685 10684->10688 10686 46303b 10685->10686 10687 458c4c RtlAllocateHeap 10686->10687 10687->10688 10688->10664 10688->10665 10690 458c4c RtlAllocateHeap 10689->10690 10691 463261 10690->10691 10695 463388 RtlAllocateHeap 10691->10695 10699 46326a 10691->10699 10692 463360 10694 4586d0 RtlFreeHeap 10692->10694 10696 46336e 10692->10696 10693 4586d0 RtlFreeHeap 10693->10692 10694->10696 10697 46329e 10695->10697 10696->9837 10696->9849 10698 458c4c RtlAllocateHeap 10697->10698 10697->10699 10700 4632d9 10698->10700 10699->10692 10699->10693 10701 4586d0 RtlFreeHeap 10700->10701 10701->10699 10703 462c60 10702->10703 10704 458c4c RtlAllocateHeap 10703->10704 10711 462c65 10703->10711 10709 462c71 10704->10709 10705 462ce9 10707 462cf7 10705->10707 10708 4586d0 RtlFreeHeap 10705->10708 10706 4586d0 RtlFreeHeap 10706->10705 10707->9853 10708->10707 10710 458c4c RtlAllocateHeap 10709->10710 10709->10711 10710->10711 10711->10705 10711->10706 10713 462d3f 10712->10713 10718 462d52 10712->10718 10714 458c4c RtlAllocateHeap 10713->10714 10713->10718 10715 462d5d 10714->10715 10716 458c4c RtlAllocateHeap 10715->10716 10715->10718 10719 462d75 10716->10719 10717 462ddf 10717->10662 10718->10717 10738 462b9c 10718->10738 10719->10718 10722 462d84 10719->10722 10721 462e06 10723 458798 RtlAllocateHeap 10721->10723 10724 458c4c RtlAllocateHeap 10722->10724 10725 462e15 10723->10725 10726 462d8d 10724->10726 10725->10717 10727 458798 RtlAllocateHeap 10725->10727 10726->10662 10728 462e47 10727->10728 10728->10717 10729 462e8d 10728->10729 10731 4586d0 RtlFreeHeap 10728->10731 10730 462e9b 10729->10730 10732 4586d0 RtlFreeHeap 10729->10732 10730->10717 10733 4586d0 RtlFreeHeap 10730->10733 10731->10729 10732->10730 10733->10717 10735 462f61 10734->10735 10736 4630e7 10734->10736 10735->10675 10737 4586d0 RtlFreeHeap 10736->10737 10737->10735 10739 4586a8 RtlAllocateHeap 10738->10739 10740 462bb2 10739->10740 10740->10721 10742 4636bf 10741->10742 10745 463620 10742->10745 10744 4636d7 10744->9859 10746 4586a8 RtlAllocateHeap 10745->10746 10747 463637 10746->10747 10748 46366d 10747->10748 10749 4586f8 RtlReAllocateHeap 10747->10749 10751 463650 10747->10751 10750 4586d0 RtlFreeHeap 10748->10750 10749->10747 10750->10751 10751->10744 10752 4586d0 RtlFreeHeap 10751->10752 10753 4636b0 10752->10753 10753->10744 10758 467f86 10754->10758 10755 4680c0 10755->9873 10756 467f9e 10756->10755 10757 4586d0 RtlFreeHeap 10756->10757 10757->10755 10758->10756 10806 467bf4 10758->10806 10773 465a74 10772->10773 10776 465aa5 10773->10776 11067 465868 10773->11067 10775 465b36 10775->9869 10778 465fd8 10775->10778 10776->10775 10777 4586d0 RtlFreeHeap 10776->10777 10777->10775 10779 465ffe 10778->10779 10797 466002 10779->10797 11070 4645c8 10779->11070 10782 466154 10783 466162 10782->10783 10786 4586d0 RtlFreeHeap 10782->10786 10787 466170 10783->10787 10789 4586d0 RtlFreeHeap 10783->10789 10784 4586a8 RtlAllocateHeap 10788 466023 10784->10788 10785 4586d0 RtlFreeHeap 10785->10782 10786->10783 10787->9879 10798 466178 10787->10798 10790 45b464 2 API calls 10788->10790 10788->10797 10789->10787 10791 466036 10790->10791 10792 4612fc 2 API calls 10791->10792 10793 46604f 10792->10793 10794 4586a8 RtlAllocateHeap 10793->10794 10793->10797 10795 46606d 10794->10795 10796 4586a8 RtlAllocateHeap 10795->10796 10795->10797 10796->10797 10797->10782 10797->10785 10799 466189 10798->10799 10800 46638a 10799->10800 10801 45b464 2 API calls 10799->10801 10800->9879 10802 466197 10801->10802 10802->10800 10803 458c4c RtlAllocateHeap 10802->10803 10804 4661b1 10803->10804 10804->10800 10805 4586d0 RtlFreeHeap 10804->10805 10805->10800 11038 467b78 10806->11038 10808 467c3c 10809 467f20 10808->10809 10810 4586d0 RtlFreeHeap 10808->10810 10811 467f2e 10809->10811 10812 4586d0 RtlFreeHeap 10809->10812 10810->10809 10813 467f3c 10811->10813 10815 4586d0 RtlFreeHeap 10811->10815 10812->10811 10816 467f4a 10813->10816 10817 4586d0 RtlFreeHeap 10813->10817 10815->10813 10818 467f58 10816->10818 10820 4586d0 RtlFreeHeap 10816->10820 10817->10816 10818->10756 10829 4677f8 10818->10829 10819 4586a8 RtlAllocateHeap 10821 467c78 10819->10821 10820->10818 10821->10808 10822 4586a8 RtlAllocateHeap 10821->10822 10823 467d19 10822->10823 10823->10808 10824 4586a8 RtlAllocateHeap 10823->10824 10825 467d69 10824->10825 10825->10808 10826 4586a8 RtlAllocateHeap 10825->10826 10827 467e14 10826->10827 10827->10808 10828 4586d0 RtlFreeHeap 10827->10828 10828->10808 10830 46785f 10829->10830 10831 458c4c RtlAllocateHeap 10830->10831 10832 467874 10830->10832 10837 4678eb 10831->10837 10833 467b5f 10832->10833 10834 4586d0 RtlFreeHeap 10832->10834 10835 467b6d 10833->10835 10836 4586d0 RtlFreeHeap 10833->10836 10834->10833 10835->10756 10839 466730 10835->10839 10836->10835 10837->10832 10838 458c4c RtlAllocateHeap 10837->10838 10838->10832 10840 4586a8 RtlAllocateHeap 10839->10840 10844 466763 10840->10844 10841 4668eb 10843 4668f9 10841->10843 10846 4586d0 RtlFreeHeap 10841->10846 10842 4586d0 RtlFreeHeap 10842->10841 10847 466907 10843->10847 10848 4586d0 RtlFreeHeap 10843->10848 10845 4586a8 RtlAllocateHeap 10844->10845 10851 46676c 10844->10851 10849 466796 10845->10849 10846->10843 10847->10756 10852 467554 10847->10852 10848->10847 10850 4586a8 RtlAllocateHeap 10849->10850 10849->10851 10850->10851 10851->10841 10851->10842 10853 4586a8 RtlAllocateHeap 10852->10853 10855 4675ad 10853->10855 10854 46777a 10857 467788 10854->10857 10859 4586d0 RtlFreeHeap 10854->10859 10889 4675b6 10855->10889 11044 46644c 10855->11044 10856 4586d0 RtlFreeHeap 10856->10854 10860 467796 10857->10860 10862 4586d0 RtlFreeHeap 10857->10862 10859->10857 10861 4677a4 10860->10861 10863 4586d0 RtlFreeHeap 10860->10863 10864 4677b2 10861->10864 10865 4586d0 RtlFreeHeap 10861->10865 10862->10860 10863->10861 10866 4677c0 10864->10866 10867 4586d0 RtlFreeHeap 10864->10867 10865->10864 10868 4677ce 10866->10868 10869 4586d0 RtlFreeHeap 10866->10869 10867->10866 10870 4677dc 10868->10870 10872 4586d0 RtlFreeHeap 10868->10872 10869->10868 10870->10756 10891 467284 10870->10891 10871 4675de 10871->10889 11047 466500 10871->11047 10872->10870 10874 46760a 10875 4586d0 RtlFreeHeap 10874->10875 10874->10889 10876 46762c 10875->10876 10877 466500 RtlAllocateHeap 10876->10877 10878 467645 10877->10878 10878->10889 11050 466578 10878->11050 10880 46768d 10880->10889 11053 4666d8 10880->11053 10883 4586a8 RtlAllocateHeap 10884 4676c2 10883->10884 10885 458c4c RtlAllocateHeap 10884->10885 10884->10889 10886 4676da 10885->10886 10887 4586a8 RtlAllocateHeap 10886->10887 10886->10889 10888 467703 10887->10888 10888->10889 10890 4586d0 RtlFreeHeap 10888->10890 10889->10854 10889->10856 10890->10888 10892 4586a8 RtlAllocateHeap 10891->10892 10893 4672cc 10892->10893 10894 4586a8 RtlAllocateHeap 10893->10894 10915 4672d5 10893->10915 10905 4672e4 10894->10905 10895 4674f2 10897 467500 10895->10897 10898 4586d0 RtlFreeHeap 10895->10898 10896 4586d0 RtlFreeHeap 10896->10895 10899 46750e 10897->10899 10900 4586d0 RtlFreeHeap 10897->10900 10898->10897 10901 46751c 10899->10901 10902 4586d0 RtlFreeHeap 10899->10902 10900->10899 10903 46752a 10901->10903 10904 4586d0 RtlFreeHeap 10901->10904 10902->10901 10903->10756 10916 466920 10903->10916 10904->10903 10906 4586a8 RtlAllocateHeap 10905->10906 10905->10915 10907 467413 10906->10907 10908 458c4c RtlAllocateHeap 10907->10908 10907->10915 10909 46742b 10908->10909 10910 4586d0 RtlFreeHeap 10909->10910 10909->10915 10911 467474 10910->10911 10912 4586a8 RtlAllocateHeap 10911->10912 10913 46748d 10912->10913 10914 458c4c RtlAllocateHeap 10913->10914 10913->10915 10914->10915 10915->10895 10915->10896 10917 4586a8 RtlAllocateHeap 10916->10917 10921 466968 10917->10921 10918 466b35 10920 466b43 10918->10920 10923 4586d0 RtlFreeHeap 10918->10923 10919 4586d0 RtlFreeHeap 10919->10918 10924 466b51 10920->10924 10925 4586d0 RtlFreeHeap 10920->10925 10922 46644c RtlAllocateHeap 10921->10922 10953 466971 10921->10953 10935 466999 10922->10935 10923->10920 10926 466b5f 10924->10926 10927 4586d0 RtlFreeHeap 10924->10927 10925->10924 10928 466b6d 10926->10928 10929 4586d0 RtlFreeHeap 10926->10929 10927->10926 10930 466b7b 10928->10930 10931 4586d0 RtlFreeHeap 10928->10931 10929->10928 10932 466b89 10930->10932 10933 4586d0 RtlFreeHeap 10930->10933 10931->10930 10934 466b97 10932->10934 10936 4586d0 RtlFreeHeap 10932->10936 10933->10932 10934->10756 10955 466bb0 10934->10955 10935->10953 11058 4663f0 10935->11058 10936->10934 10938 4669c5 10939 4586d0 RtlFreeHeap 10938->10939 10938->10953 10940 4669e7 10939->10940 10941 4663f0 RtlAllocateHeap 10940->10941 10942 466a00 10941->10942 10943 466578 RtlAllocateHeap 10942->10943 10942->10953 10944 466a48 10943->10944 10945 4666d8 RtlAllocateHeap 10944->10945 10944->10953 10946 466a5d 10945->10946 10947 4586a8 RtlAllocateHeap 10946->10947 10946->10953 10948 466a7d 10947->10948 10949 458c4c RtlAllocateHeap 10948->10949 10948->10953 10950 466a95 10949->10950 10951 4586a8 RtlAllocateHeap 10950->10951 10950->10953 10952 466abe 10951->10952 10952->10953 10954 4586d0 RtlFreeHeap 10952->10954 10953->10918 10953->10919 10954->10952 10956 4586a8 RtlAllocateHeap 10955->10956 10965 466c13 10956->10965 10957 4671eb 10959 4671f9 10957->10959 10960 4586d0 RtlFreeHeap 10957->10960 10958 4586d0 RtlFreeHeap 10958->10957 10961 467207 10959->10961 10962 4586d0 RtlFreeHeap 10959->10962 10960->10959 10963 467215 10961->10963 10966 4586d0 RtlFreeHeap 10961->10966 10962->10961 10964 467223 10963->10964 10967 4586d0 RtlFreeHeap 10963->10967 10968 467231 10964->10968 10969 4586d0 RtlFreeHeap 10964->10969 10978 4586a8 RtlAllocateHeap 10965->10978 11032 466c1c 10965->11032 10966->10963 10967->10964 10970 46723f 10968->10970 10971 4586d0 RtlFreeHeap 10968->10971 10969->10968 10972 46724d 10970->10972 10973 4586d0 RtlFreeHeap 10970->10973 10971->10970 10974 46725b 10972->10974 10976 4586d0 RtlFreeHeap 10972->10976 10973->10972 10975 467269 10974->10975 10977 4586d0 RtlFreeHeap 10974->10977 10975->10756 10976->10974 10977->10975 10979 466ccf 10978->10979 10980 46644c RtlAllocateHeap 10979->10980 10979->11032 10981 466d00 10980->10981 10981->11032 11061 466394 10981->11061 10983 466d2c 10984 4586d0 RtlFreeHeap 10983->10984 10983->11032 10985 466d4e 10984->10985 10986 466394 RtlAllocateHeap 10985->10986 10987 466d67 10986->10987 10988 466578 RtlAllocateHeap 10987->10988 10987->11032 10989 466daf 10988->10989 10990 4666d8 RtlAllocateHeap 10989->10990 10989->11032 10991 466dc4 10990->10991 10992 4586a8 RtlAllocateHeap 10991->10992 10991->11032 10993 466e0d 10992->10993 10994 458c4c RtlAllocateHeap 10993->10994 10993->11032 10995 466e25 10994->10995 10996 4586a8 RtlAllocateHeap 10995->10996 10995->11032 10997 466e51 10996->10997 10998 4586d0 RtlFreeHeap 10997->10998 10997->11032 10999 466ef7 10998->10999 11000 466f05 10999->11000 11001 4586d0 RtlFreeHeap 10999->11001 11002 466f1a 11000->11002 11003 4586d0 RtlFreeHeap 11000->11003 11001->11000 11004 466f2f 11002->11004 11006 4586d0 RtlFreeHeap 11002->11006 11003->11002 11005 466f44 11004->11005 11007 4586d0 RtlFreeHeap 11004->11007 11008 466f59 11005->11008 11009 4586d0 RtlFreeHeap 11005->11009 11006->11004 11007->11005 11010 466f6e 11008->11010 11011 4586d0 RtlFreeHeap 11008->11011 11009->11008 11012 466f83 11010->11012 11014 4586d0 RtlFreeHeap 11010->11014 11011->11010 11013 466f98 11012->11013 11015 4586d0 RtlFreeHeap 11012->11015 11016 4586a8 RtlAllocateHeap 11013->11016 11014->11012 11015->11013 11017 466fbf 11016->11017 11018 46644c RtlAllocateHeap 11017->11018 11017->11032 11019 466ff0 11018->11019 11019->11032 11064 466490 11019->11064 11021 46701c 11022 4586d0 RtlFreeHeap 11021->11022 11021->11032 11023 467049 11022->11023 11024 466490 RtlAllocateHeap 11023->11024 11025 467057 11024->11025 11026 466578 RtlAllocateHeap 11025->11026 11025->11032 11027 46709f 11026->11027 11028 4666d8 RtlAllocateHeap 11027->11028 11027->11032 11029 4670b4 11028->11029 11030 4586a8 RtlAllocateHeap 11029->11030 11029->11032 11031 46712b 11030->11031 11031->11032 11033 458c4c RtlAllocateHeap 11031->11033 11032->10957 11032->10958 11034 467143 11033->11034 11034->11032 11035 4586a8 RtlAllocateHeap 11034->11035 11036 46716c 11035->11036 11036->11032 11037 4586d0 RtlFreeHeap 11036->11037 11037->11032 11039 467b98 11038->11039 11040 467bd8 11039->11040 11041 458798 RtlAllocateHeap 11039->11041 11040->10808 11040->10819 11042 467bc1 11041->11042 11042->11040 11043 458798 RtlAllocateHeap 11042->11043 11043->11040 11045 4586a8 RtlAllocateHeap 11044->11045 11046 466455 11045->11046 11046->10871 11048 4586a8 RtlAllocateHeap 11047->11048 11049 46650c 11048->11049 11049->10874 11051 4586a8 RtlAllocateHeap 11050->11051 11052 466588 11051->11052 11052->10880 11054 4586a8 RtlAllocateHeap 11053->11054 11056 4666f7 11054->11056 11055 4586a8 RtlAllocateHeap 11055->11056 11056->11055 11057 466724 11056->11057 11057->10883 11057->10889 11059 4586a8 RtlAllocateHeap 11058->11059 11060 4663fc 11059->11060 11060->10938 11062 4586a8 RtlAllocateHeap 11061->11062 11063 4663a0 11062->11063 11063->10983 11065 4586a8 RtlAllocateHeap 11064->11065 11066 46649c 11065->11066 11066->11021 11068 4586a8 RtlAllocateHeap 11067->11068 11069 465882 11068->11069 11069->10776 11073 4645f1 11070->11073 11071 4645f5 11071->10784 11073->11071 11074 464424 11073->11074 11075 46444b 11074->11075 11076 45b5fc 4 API calls 11075->11076 11077 46445b 11076->11077 11078 45b5fc 4 API calls 11077->11078 11079 46446f 11077->11079 11078->11079 11079->11071 11081 468186 11080->11081 11086 458c4c RtlAllocateHeap 11081->11086 11089 4681e4 11081->11089 11082 468674 11084 468682 11082->11084 11085 4586d0 RtlFreeHeap 11082->11085 11083 4586d0 RtlFreeHeap 11083->11082 11084->9886 11085->11084 11087 4682bc 11086->11087 11088 4586a8 RtlAllocateHeap 11087->11088 11087->11089 11088->11089 11089->11082 11089->11083 11091 465277 11090->11091 11092 4645c8 4 API calls 11091->11092 11107 46527b 11091->11107 11094 465292 11092->11094 11093 4653b9 11096 4653c7 11093->11096 11098 4586d0 RtlFreeHeap 11093->11098 11097 4586a8 RtlAllocateHeap 11094->11097 11095 4586d0 RtlFreeHeap 11095->11093 11099 4653d5 11096->11099 11101 4586d0 RtlFreeHeap 11096->11101 11100 46529c 11097->11100 11098->11096 11099->9896 11102 4612fc 2 API calls 11100->11102 11100->11107 11101->11099 11103 4652b4 11102->11103 11104 4586a8 RtlAllocateHeap 11103->11104 11103->11107 11105 4652d2 11104->11105 11106 4586a8 RtlAllocateHeap 11105->11106 11105->11107 11106->11107 11107->11093 11107->11095 11109 461e20 11108->11109 11110 4586a8 RtlAllocateHeap 11109->11110 11111 461e41 11110->11111 11111->9929 11414 45d4e8 11415 45d535 11414->11415 11416 45d53c RtlAdjustPrivilege 11415->11416 11417 45d53a 11415->11417 11416->11415 11416->11417 11728 4619ab 11741 461822 11728->11741 11729 458844 RtlAllocateHeap 11729->11741 11730 46106c NtSetInformationThread NtClose 11730->11741 11731 4611a8 NtSetInformationThread NtClose 11731->11741 11732 461aab 11735 461ab9 11732->11735 11736 4586d0 RtlFreeHeap 11732->11736 11733 461a41 11733->11732 11734 4586d0 RtlFreeHeap 11733->11734 11734->11732 11737 461ac7 11735->11737 11738 4586d0 RtlFreeHeap 11735->11738 11736->11735 11738->11737 11739 4586d0 RtlFreeHeap 11739->11741 11740 45d1e0 2 API calls 11740->11741 11741->11729 11741->11730 11741->11731 11741->11733 11741->11739 11741->11740 11463 4581fe 11464 458208 11463->11464 11465 45820f 11464->11465 11466 457968 3 API calls 11464->11466 11467 458226 11466->11467 11468 4583c5 11467->11468 11469 45822e RtlCreateHeap 11467->11469 11469->11468 11470 458249 11469->11470 11471 457968 3 API calls 11470->11471 11472 458265 11471->11472 11472->11468 11473 457c1c 8 API calls 11472->11473 11474 458280 11473->11474 11475 457c1c 8 API calls 11474->11475 11476 458291 11475->11476 11477 457c1c 8 API calls 11476->11477 11478 4582a2 11477->11478 11479 457c1c 8 API calls 11478->11479 11480 4582b3 11479->11480 11481 457c1c 8 API calls 11480->11481 11482 4582c4 11481->11482 11483 457c1c 8 API calls 11482->11483 11484 4582d5 11483->11484 11485 457c1c 8 API calls 11484->11485 11486 4582e6 11485->11486 11487 457c1c 8 API calls 11486->11487 11488 4582f7 11487->11488 11489 457c1c 8 API calls 11488->11489 11490 458308 11489->11490 11491 457c1c 8 API calls 11490->11491 11492 458319 11491->11492 11493 457c1c 8 API calls 11492->11493 11494 45832a 11493->11494 11495 457c1c 8 API calls 11494->11495 11496 45833b 11495->11496 11497 457c1c 8 API calls 11496->11497 11498 45834c 11497->11498 11499 457c1c 8 API calls 11498->11499 11500 45835d 11499->11500 11501 457c1c 8 API calls 11500->11501 11502 45836e 11501->11502 11503 457c1c 8 API calls 11502->11503 11504 45837f 11503->11504 11505 457c1c 8 API calls 11504->11505 11506 458390 11505->11506 11507 457c1c 8 API calls 11506->11507 11508 4583a1 11507->11508 11509 457c1c 8 API calls 11508->11509 11510 4583b2 11509->11510 11511 45d264 NtSetInformationThread 11510->11511 11512 4583b9 11511->11512 11513 4691a8 2 API calls 11512->11513 11514 4583c0 11513->11514 11515 45d290 4 API calls 11514->11515 11515->11468

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 9 461f84-462039 call 451630 call 458c4c 18 462040-462059 call 4586a8 9->18 19 46203b 9->19 27 462060-462073 call 46a6c4 18->27 28 46205b 18->28 20 4623b9-4623c0 19->20 23 4623c2 20->23 24 4623ce-4623d5 20->24 23->24 25 4623d7 24->25 26 4623e3-4623e7 24->26 25->26 29 4623f2-4623f6 26->29 30 4623e9 26->30 35 462075 27->35 36 46207a-46208a call 461e08 27->36 28->20 33 462400-462404 29->33 34 4623f8-4623fb call 4586d0 29->34 30->29 38 462406-462409 call 4586d0 33->38 39 46240e-462412 33->39 34->33 35->20 49 462091-4620e2 GetTempFileNameW CreateFileW 36->49 50 46208c 36->50 38->39 42 462414-462417 call 4586d0 39->42 43 46241c-462420 39->43 42->43 44 462422-462425 call 4586d0 43->44 45 46242a-462430 43->45 44->45 52 4620e4 49->52 53 4620e9-4620fe WriteFile 49->53 50->20 52->20 54 462105-46211e 53->54 55 462100 53->55 57 462120-462125 54->57 55->20 58 462127-462168 CreateProcessW 57->58 59 462129-46212b 57->59 61 46216f-46218c NtQueryInformationProcess 58->61 62 46216a 58->62 59->57 63 462193-4621b3 NtReadVirtualMemory 61->63 64 46218e 61->64 62->20 65 4621b5 63->65 66 4621ba-4621cb call 458c4c 63->66 64->20 65->20 69 4621d2-46224d call 46b2f4 call 46b348 call 46b41c NtProtectVirtualMemory 66->69 70 4621cd 66->70 77 462254-462267 NtWriteVirtualMemory 69->77 78 46224f 69->78 70->20 79 46226e-4622ca 77->79 80 462269 77->80 78->20 82 4622d1-4622f2 NtDuplicateObject 79->82 83 4622cc 79->83 80->20 84 4622f4 82->84 85 4622f9-462361 CreateNamedPipeW 82->85 83->20 84->20 86 462365-46237e ResumeThread ConnectNamedPipe 85->86 87 462363 85->87 88 462380-46238b 86->88 89 46238f-4623ac 86->89 87->20 88->89 90 46238d 88->90 92 4623b0 89->92 93 4623ae 89->93 90->20 92->20 93->20
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: D
                                              • API String ID: 0-2746444292
                                              • Opcode ID: a29254e820f3e0265fa137374cdb75f111daa71244f67a86afd0016e50a694a9
                                              • Instruction ID: 8902949a5e71e459b238f9e51a85127235af2ec2f08c72cf754e7bbc877802ba
                                              • Opcode Fuzzy Hash: a29254e820f3e0265fa137374cdb75f111daa71244f67a86afd0016e50a694a9
                                              • Instruction Fuzzy Hash: 6EE15271904218FFDF109FA0DD49BEE7B78FB04305F1080A6E608B6191E7B95A89CF5A

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 231 45aff8-45b2cb call 451228 * 5 RegCreateKeyExW 242 45b2d1 231->242 243 45b3ad-45b3b1 231->243 246 45b2d8-45b2f5 RegEnumKeyW 242->246 244 45b3b3 243->244 245 45b3bc-45b3ea RegCreateKeyExW 243->245 244->245 249 45b445-45b449 245->249 250 45b3ec 245->250 247 45b2f7 246->247 248 45b2fc-45b328 RegCreateKeyExW 246->248 247->243 252 45b3a5-45b3a8 248->252 253 45b32a-45b34a RegSetValueExW 248->253 254 45b454-45b457 249->254 255 45b44b 249->255 251 45b3f3-45b410 RegEnumKeyW 250->251 256 45b414-45b42a OpenEventLogW 251->256 257 45b412 251->257 252->246 258 45b396-45b39a 253->258 259 45b34c-45b368 RegSetValueExW 253->259 255->254 260 45b440-45b443 256->260 261 45b42c-45b437 ClearEventLogW 256->261 257->249 258->252 263 45b39c 258->263 259->258 262 45b36a-45b380 OpenEventLogW 259->262 260->251 261->260 262->258 264 45b382-45b38d ClearEventLogW 262->264 263->252 264->258
                                              APIs
                                              • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000,?,00000007,?,00000004,?,00000019,?), ref: 0045B2C3
                                              • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 0045B2EA
                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 0045B320
                                              • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000004,00000000,00000004), ref: 0045B342
                                              • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000001,?,00000064), ref: 0045B360
                                              • OpenEventLogW.ADVAPI32(00000000,?), ref: 0045B373
                                              • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 0045B387
                                              • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 0045B3E2
                                              • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 0045B405
                                              • OpenEventLogW.ADVAPI32(00000000,?), ref: 0045B41D
                                              • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 0045B431
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Event$Create$ClearEnumOpenValue
                                              • String ID:
                                              • API String ID: 1260815474-0
                                              • Opcode ID: 4f1ae7fdd26b8a99451ed68b353ae89a2c033aeea7a20826553c25979a0dd183
                                              • Instruction ID: 50584b213a3d40a8b307c4beb0fb68f0704d8e90676905ea2b8a034e045b7236
                                              • Opcode Fuzzy Hash: 4f1ae7fdd26b8a99451ed68b353ae89a2c033aeea7a20826553c25979a0dd183
                                              • Instruction Fuzzy Hash: 64C115B0400304EFDB10EF58D945B997F74EB22714F5281D9E6196F2B2C7B68AA8CF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 265 45c4ac-45c52c GetVolumeNameForVolumeMountPointW FindFirstVolumeW 269 45c770-45c775 265->269 270 45c532-45c538 265->270 271 45c73f-45c761 270->271 272 45c53e-45c545 270->272 271->270 279 45c767 271->279 272->271 273 45c54b-45c562 GetVolumePathNamesForVolumeNameW 272->273 273->271 275 45c568-45c56c 273->275 275->271 276 45c572-45c576 275->276 276->271 278 45c57c-45c586 GetDriveTypeW 276->278 280 45c591-45c599 call 451548 278->280 281 45c588-45c58b 278->281 279->269 284 45c617-45c63d call 4516d4 CreateFileW 280->284 285 45c59b-45c5e3 280->285 281->271 281->280 289 45c736 284->289 290 45c643-45c669 DeviceIoControl 284->290 295 45c5e5-45c5fe call 45c420 285->295 296 45c603-45c607 285->296 289->271 290->289 291 45c66f-45c676 290->291 293 45c6dc-45c6e3 291->293 294 45c678-45c684 291->294 293->289 297 45c6e5-45c6ec 293->297 298 45c686-45c68d 294->298 299 45c6a3-45c6a9 294->299 295->296 300 45c612 296->300 301 45c609 296->301 297->289 302 45c6ee-45c6f5 297->302 298->299 303 45c68f-45c696 298->303 305 45c6c8-45c6d5 call 4516a4 call 45c420 299->305 306 45c6ab-45c6b2 299->306 300->271 301->300 302->289 307 45c6f7-45c711 call 4516a4 302->307 303->299 308 45c698-45c69f 303->308 317 45c6da 305->317 306->305 310 45c6b4-45c6bb 306->310 321 45c713-45c71a 307->321 322 45c72a-45c731 call 45c420 307->322 308->299 313 45c6a1 308->313 310->305 314 45c6bd-45c6c4 310->314 313->317 314->305 318 45c6c6 314->318 317->289 318->317 323 45c71c-45c723 call 45c420 321->323 324 45c728 321->324 322->289 323->324 324->289
                                              APIs
                                              • GetVolumeNameForVolumeMountPointW.KERNELBASE(?,?,00000104), ref: 0045C4F6
                                              • FindFirstVolumeW.KERNELBASE(?,00000104), ref: 0045C51F
                                              • GetVolumePathNamesForVolumeNameW.KERNELBASE(?,?,00000040,00000000), ref: 0045C55A
                                              • GetDriveTypeW.KERNELBASE(?), ref: 0045C57D
                                              • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?), ref: 0045C630
                                              • DeviceIoControl.KERNELBASE(000000FF,00070048,00000000,00000000,?,00000090,00000001,00000000), ref: 0045C661
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Volume$Name$ControlCreateDeviceDriveFileFindFirstMountNamesPathPointType
                                              • String ID: '
                                              • API String ID: 754975672-1997036262
                                              • Opcode ID: 95fc3ee4741b27f01ae8c848575d7c4cb2e6732601a4cbdaef564ff73a7bc4b0
                                              • Instruction ID: 033dc28315ee128f5ebb44acc3044b5e46029e4be6f760a12efdfdc461b6d33a
                                              • Opcode Fuzzy Hash: 95fc3ee4741b27f01ae8c848575d7c4cb2e6732601a4cbdaef564ff73a7bc4b0
                                              • Instruction Fuzzy Hash: AF718230801315FFDB309B10DC89F9B7BB8AF05716F5080A6E949A61A2D7785A89CF9D

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 327 45e218-45e232 328 45e238-45e24d call 458c4c 327->328 329 45e46b-45e474 327->329 328->329 332 45e253-45e269 call 4586a8 328->332 335 45e465-45e466 call 4586d0 332->335 336 45e26f-45e280 call 46a6c4 332->336 335->329 340 45e286-45e307 call 4516a4 CreateFileW 336->340 341 45e45f-45e460 call 4586d0 336->341 340->341 347 45e30d-45e322 WriteFile 340->347 341->335 348 45e456 347->348 349 45e328-45e34b RegCreateKeyExW 347->349 348->341 349->348 350 45e351-45e37d RegSetValueExW 349->350 352 45e383-45e3fc RegCreateKeyExW 350->352 353 45e44d-45e450 NtClose 350->353 352->353 356 45e3fe-45e430 RegSetValueExW 352->356 353->348 356->353 358 45e432-45e446 SHChangeNotify 356->358 358->353
                                              APIs
                                                • Part of subcall function 004586A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004691D4,?,00000000,00000000), ref: 004586C4
                                              • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0045E2FA
                                              • WriteFile.KERNELBASE(000000FF,00000000,000000FF,?,00000000), ref: 0045E31A
                                              • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 0045E343
                                              • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 0045E375
                                              • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 0045E3F4
                                              • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 0045E428
                                              • SHChangeNotify.SHELL32(08000000,00001000,00000000,00000000), ref: 0045E440
                                              • NtClose.NTDLL(?), ref: 0045E450
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Create$FileValue$AllocateChangeCloseHeapNotifyWrite
                                              • String ID:
                                              • API String ID: 1108940941-0
                                              • Opcode ID: 096d9070e470e5960787eb91eb780a210847a05afc3bd2e598eda65360a05ba9
                                              • Instruction ID: 205b524857ff87f4910f0a39b4a2114482eb3d4576d7386f0f3cc51a879f8cdd
                                              • Opcode Fuzzy Hash: 096d9070e470e5960787eb91eb780a210847a05afc3bd2e598eda65360a05ba9
                                              • Instruction Fuzzy Hash: 4E519370A04209BBEB20CFA1DC49F9E7B7DFB00705F504165F608E61D1D7B5AA98CBA9

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 359 4584cc-4584df 360 4584e2-4584e7 359->360 360->360 361 4584e9-4584fd call 45beb4 360->361 364 4584ff-458503 361->364 365 458509-45852b CreateFileW 361->365 364->365 366 45862e-458630 364->366 365->366 367 458531-458533 365->367 369 458633-458636 366->369 368 458536-45855f NtAllocateVirtualMemory 367->368 370 458567 368->370 371 458561-45856c 368->371 372 458657-45865b 369->372 373 458638-458651 NtFreeVirtualMemory 369->373 376 458597-45859c 370->376 380 45857f-458582 371->380 381 45856e-45857d 371->381 372->369 374 45865d-458661 372->374 373->372 378 458663-458666 NtClose 374->378 379 45866c-458683 call 4583c8 DeleteFileW 374->379 377 45859f-4585aa 376->377 382 4585ac-4585b6 377->382 383 4585b8 377->383 378->379 391 458685 379->391 392 45868c-458690 379->392 385 458591-458595 380->385 386 458584-45858c call 45848c 380->386 381->385 387 4585bd-4585c4 382->387 383->387 385->368 385->376 386->385 390 4585c7-4585dd WriteFile 387->390 393 4585e1-4585fe SetFilePointerEx 390->393 394 4585df 390->394 391->392 395 458692-458695 call 4586d0 392->395 396 45869a-4586a3 392->396 393->390 397 458600-458607 393->397 394->397 395->396 399 458609 397->399 400 45860b-458629 397->400 399->366 400->377
                                              APIs
                                              • CreateFileW.KERNELBASE(00459646,40000000,00000003,00000000,00000003,80000000,00000000,00459646,?,?,00000000,?), ref: 0045851E
                                              • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004,?,00000000,?), ref: 00458557
                                              • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000,?,00000000,?), ref: 004585D5
                                              • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001,?,00000000,?), ref: 004585F1
                                              • NtFreeVirtualMemory.NTDLL(000000FF,?,00010000,00008000,?,00000000,?), ref: 00458651
                                              • NtClose.NTDLL(000000FF,?,00000000,?), ref: 00458666
                                              • DeleteFileW.KERNELBASE(?,000000FF,?,?,00000000,?), ref: 0045867B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$MemoryVirtual$AllocateCloseCreateDeleteFreePointerWrite
                                              • String ID:
                                              • API String ID: 3569053182-0
                                              • Opcode ID: dc542222251a3191e6671489c0c2ab2667e9f6e10de043ffd001cc3798626806
                                              • Instruction ID: 521b7ac34cb38477d5d5c973ede5e2b9763129b623ff17330e187e02d782a741
                                              • Opcode Fuzzy Hash: dc542222251a3191e6671489c0c2ab2667e9f6e10de043ffd001cc3798626806
                                              • Instruction Fuzzy Hash: 6E514F7190020DBFDF11CFA4CC45BEEBBB5EB04316F20012AF915B6191EB795A89CB59

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 402 45e0ac-45e0d7 CreateFileW 403 45e20d-45e213 402->403 404 45e0dd-45e0f6 402->404 405 45e0fc-45e10e call 451790 404->405 408 45e115-45e138 WriteFile 405->408 409 45e14c-45e171 WriteFile 408->409 410 45e13a-45e149 NtClose 408->410 411 45e185-45e1a8 WriteFile 409->411 412 45e173-45e182 409->412 413 45e1bc-45e1e1 WriteFile 411->413 414 45e1aa-45e1b9 411->414 416 45e1f5-45e202 413->416 417 45e1e3-45e1f2 413->417 416->408 419 45e208 416->419 419->405
                                              APIs
                                              • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,00000000), ref: 0045E0CA
                                              • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,00478000,?,?,?,00000000), ref: 0045E12B
                                              • NtClose.NTDLL(000000FF,?,?,00000000), ref: 0045E13D
                                              • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,?,?,00000000), ref: 0045E164
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$Write$CloseCreate
                                              • String ID:
                                              • API String ID: 237505210-0
                                              • Opcode ID: 94a4560ec43a66b9117150530f6a11fda3469d393e6e4c056c0523d4feedb784
                                              • Instruction ID: b4c77f07734ee1c1c1ad66259171b18954835d56d4b77fbc998b0dea513fe7c1
                                              • Opcode Fuzzy Hash: 94a4560ec43a66b9117150530f6a11fda3469d393e6e4c056c0523d4feedb784
                                              • Instruction Fuzzy Hash: 87414C71A0420CEFDB10DB94ED05BEEFBBAEB44312F5041A6EA08A2192D7714F58DB95

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 421 45fc5c-45fc6d SetThreadPriority 422 45fc73-45fc92 421->422 424 45fc94-45fc9c 422->424 425 45fcc2-45fcc4 422->425 424->425 428 45fc9e 424->428 426 45fcc6-45fcc9 425->426 427 45fcca-45fccf 425->427 430 45fcd5-45fd07 ReadFile 427->430 431 45fd84-45fd87 427->431 429 45fca5-45fcba 428->429 442 45fcbc-45fcc0 429->442 443 45fcbe 429->443 432 45fd09-45fd14 430->432 433 45fd7a 430->433 434 45fd8d-45fdd6 call 4520b0 431->434 435 45fe89-45fe8c 431->435 432->433 440 45fd16-45fd1e 432->440 439 45ff68-45ff87 433->439 475 45fdef-45fdf7 434->475 476 45fdd8-45fded 434->476 437 45fe92-45fed1 WriteFile 435->437 438 45ff19-45ff1c 435->438 444 45ff15 437->444 445 45fed3-45fede 437->445 438->439 441 45ff1e-45ff22 438->441 455 45ff89-45ffbd 439->455 456 45ff8b-45ff93 439->456 446 45fd20-45fd3a 440->446 447 45fd3c-45fd63 440->447 449 45ff24-45ff2a 441->449 450 45ff38-45ff56 NtClose call 451074 call 4586d0 441->450 442->422 443->429 444->439 445->444 452 45fee0-45fefe 445->452 446->433 477 45fd65-45fd70 447->477 478 45fd76 447->478 458 45ff2c 449->458 459 45ff2e-45ff36 449->459 480 45ff5b-45ffc8 450->480 487 45ff11 452->487 488 45ff00-45ff0b 452->488 473 45ffc3 455->473 474 45ffbf-45ffc2 455->474 464 45ff95 456->464 465 45ffb9 456->465 458->450 459->449 469 45ff9c-45ffb1 464->469 465->439 490 45ffb5 469->490 491 45ffb3-45ffb7 469->491 473->427 482 45fe06-45fe12 475->482 483 45fdf9-45fdfb 475->483 481 45fe19-45fe35 WriteFile 476->481 485 45fd74 477->485 486 45fd72 477->486 478->433 480->422 492 45fe37-45fe42 481->492 493 45fe7f 481->493 482->481 483->482 489 45fdfd-45fe04 483->489 485->447 486->433 487->444 494 45ff0d 488->494 495 45ff0f 488->495 489->481 490->469 491->439 492->493 498 45fe44-45fe68 492->498 493->439 494->444 495->452 502 45fe7b 498->502 503 45fe6a-45fe75 498->503 502->493 504 45fe77 503->504 505 45fe79 503->505 504->493 505->498
                                              APIs
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 0045FC6D
                                              • ReadFile.KERNELBASE(?,?,?,?,?), ref: 0045FCFF
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FilePriorityReadThread
                                              • String ID:
                                              • API String ID: 3643687941-0
                                              • Opcode ID: 2fdb53108546b1060eefd878572d6efe7cb9cb04a567c18e4073627c35db593c
                                              • Instruction ID: 0a5026f83c2c8cfc0d83ba4330d48c1c0e517b7acdde691f5af3da9b37e2aa69
                                              • Opcode Fuzzy Hash: 2fdb53108546b1060eefd878572d6efe7cb9cb04a567c18e4073627c35db593c
                                              • Instruction Fuzzy Hash: 1EA17E72504604EBDF118F50CD84BA637BCEB05306F604277ED0A895A6D7789A8DCB5B

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 506 460dd4-460deb GetFileAttributesW 507 460ded-460df9 call 45da14 506->507 508 460e4b-460e5d SetThreadPriority call 451548 506->508 513 460e3d-460e48 call 4586d0 507->513 514 460dfb-460e09 call 45beb4 507->514 515 460e5f-460e66 508->515 516 460e68 508->516 514->513 523 460e0b-460e0f 514->523 519 460e6f-460e82 call 4586a8 515->519 516->519 527 460e89-460ec9 call 45dfbc call 460c30 call 4586d0 FindFirstFileExW 519->527 525 460e17-460e3a call 45dfbc call 459100 call 460a38 523->525 526 460e11-460e15 523->526 526->513 526->525 540 461007-46101c call 4586d0 527->540 541 460ecf-460edd 527->541 545 461020-461034 540->545 546 46101e-46103c call 4586d0 540->546 547 460ee2-460eeb 541->547 545->527 555 461041-461044 546->555 549 460ef5 547->549 550 460eed-460ef3 547->550 553 460fe6-460ff8 FindNextFileW 549->553 550->549 552 460efa-460f04 550->552 556 460f06-460f0a 552->556 557 460f0c 552->557 553->547 554 460ffe-461001 FindClose 553->554 554->540 556->557 558 460f11-460f18 556->558 557->553 559 460f25-460f29 558->559 560 460f1a-460f1e 558->560 561 460f53-460f5b call 460ce8 559->561 562 460f2b-460f33 call 460d80 559->562 560->559 563 460f20 560->563 570 460f62-460f69 561->570 571 460f5d 561->571 568 460f35-460f4c call 460c94 562->568 569 460f4e 562->569 563->553 568->569 569->553 573 460f76-460f80 call 45da14 570->573 574 460f6b-460f72 570->574 571->553 579 460f84-460fa2 call 460c94 call 459100 call 460a38 573->579 580 460f82 573->580 574->573 577 460f74 574->577 577->553 586 460fa7-460fae 579->586 580->553 586->553 587 460fb0-460fb2 586->587 588 460fb4-460fd9 587->588 589 460fdb 587->589 588->553 589->553
                                              APIs
                                              • GetFileAttributesW.KERNELBASE(?), ref: 00460DE0
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 00460E4F
                                              • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000,?,?,?,00477180,003D0900), ref: 00460EBC
                                              • FindNextFileW.KERNELBASE(000000FF,?), ref: 00460FF0
                                              • FindClose.KERNELBASE(000000FF), ref: 00461001
                                                • Part of subcall function 0045BEB4: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 0045BED6
                                                • Part of subcall function 0045BEB4: FindClose.KERNELBASE(000000FF), ref: 0045BEFC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$File$CloseFirst$AttributesNextPriorityThread
                                              • String ID:
                                              • API String ID: 3755735135-0
                                              • Opcode ID: 9adebd2b6925e0a04047d92d1777600b87aad2bd73771cf3dea4fd9c52192814
                                              • Instruction ID: 0ffa39797ef0641b7eca9926620bbe9c052dfa4aee2822f6665576fff8f2036c
                                              • Opcode Fuzzy Hash: 9adebd2b6925e0a04047d92d1777600b87aad2bd73771cf3dea4fd9c52192814
                                              • Instruction Fuzzy Hash: 47619B30908219ABDF25AFA0CC05BAFBB75EF00345F10016BF904652A2E7B94D95DB4A

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 591 4594dc-459503 593 459692-459697 591->593 594 459509-45951d call 4586a8 591->594 597 459676-45967a 594->597 598 459523-459570 call 4516a4 FindFirstFileExW 594->598 599 459684-459688 597->599 600 45967c-45967f call 4586d0 597->600 598->597 608 459576-45957f 598->608 599->593 602 45968a-45968d call 4586d0 599->602 600->599 602->593 609 459655-459667 FindNextFileW 608->609 610 459585-45958b 608->610 609->608 612 45966d 609->612 610->609 611 459591-4595bf call 4586a8 610->611 611->609 617 4595c5-459601 GetFileAttributesW 611->617 612->597 621 459603-45960e 617->621 622 45963e-459641 call 4584cc 617->622 627 459610 621->627 628 459612-45961d 621->628 624 459646-45964e call 4586d0 622->624 624->609 630 45962d-45963c call 4586d0 627->630 631 45961f-45962b call 4594dc 628->631 632 459629 628->632 630->609 631->621 632->630
                                              APIs
                                                • Part of subcall function 004586A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004691D4,?,00000000,00000000), ref: 004586C4
                                              • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00459563
                                              • GetFileAttributesW.KERNELBASE(00000000), ref: 004595F6
                                              • FindNextFileW.KERNELBASE(000000FF,?), ref: 0045965F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$Find$AllocateAttributesFirstHeapNext
                                              • String ID: *
                                              • API String ID: 2400493143-163128923
                                              • Opcode ID: e26c3411118cb24ce6edc2b2e9eca61e221233a12043317b2abd2450d3ddd937
                                              • Instruction ID: 0ae28fffff39ce03f158ecfcd00c172f7ccc84055629148669cb4388e46659b4
                                              • Opcode Fuzzy Hash: e26c3411118cb24ce6edc2b2e9eca61e221233a12043317b2abd2450d3ddd937
                                              • Instruction Fuzzy Hash: 4B413C70804118EBDF115FA0DC09BAEBB79FF0030AF444576E819A11A2DB795E6CDB9A

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 638 468b04-468b1d 640 468b23-468b2a 638->640 641 468bdb-468be2 638->641 642 468b55-468b5c 640->642 643 468b2c-468b52 call 45894c 640->643 644 468be4-468bfd CreateThread 641->644 645 468c0f-468c20 call 4592d8 call 45969c 641->645 648 468b5e-468b65 642->648 649 468b98-468b9f 642->649 643->642 644->645 646 468bff-468c08 644->646 662 468c27-468c2e 645->662 663 468c22 call 459b14 645->663 646->645 648->649 650 468b67-468b91 call 45ba84 648->650 649->641 652 468ba1-468ba8 649->652 650->649 652->641 657 468baa-468bd4 call 45ba84 652->657 657->641 668 468c30-468c45 CreateThread 662->668 669 468c48-468c4f 662->669 663->662 668->669 672 468c51-468c58 669->672 673 468c5a-468c81 call 45d554 call 45ffd0 669->673 672->673 674 468cd2-468cd9 672->674 689 468cc5-468cc9 673->689 690 468c83-468c8a 673->690 676 468cef-468cf6 674->676 677 468cdb-468ce6 NtTerminateThread 674->677 678 468d23-468d2d 676->678 679 468cf8-468d11 CreateThread 676->679 677->676 687 468e02-468e10 call 463404 call 4637f8 call 46317c 678->687 688 468d33-468d3a 678->688 679->678 681 468d13-468d1c 679->681 681->678 722 468e15-468e19 687->722 691 468d67-468d6e 688->691 692 468d3c-468d55 688->692 689->674 696 468ca5-468cac 690->696 697 468c8c-468ca0 call 45c4ac call 4600a0 call 462508 call 4600a0 call 4626b4 690->697 694 468d70-468d74 691->694 695 468da9-468db0 call 45d494 691->695 692->691 711 468d57-468d60 692->711 699 468d76-468d81 694->699 700 468d8a-468da4 call 45894c call 45f820 694->700 719 468db2-468db7 call 45a790 695->719 720 468db9-468dbb call 45a060 695->720 701 468cae-468cb3 call 4600a0 call 461758 696->701 702 468cb8-468cc0 call 460058 call 4600a0 696->702 697->696 699->700 700->695 701->702 702->689 711->691 730 468dc0-468dc7 719->730 720->730 733 468ddb-468dfb call 45b464 call 461f84 730->733 734 468dc9-468dd0 730->734 740 468e00 733->740 734->733 737 468dd2-468dd9 734->737 737->733 737->740 740->722
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,0045AD98,00000000,00000000,00000000), ref: 00468BF3
                                              • CreateThread.KERNELBASE(00000000,00000000,00459C88,00000000,00000000,00000000), ref: 00468C3F
                                              • NtTerminateThread.NTDLL(?,00000000), ref: 00468CE0
                                              • CreateThread.KERNELBASE(00000000,00000000,0045B458,00000000,00000000,00000000), ref: 00468D07
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$Create$Terminate
                                              • String ID:
                                              • API String ID: 1922322686-0
                                              • Opcode ID: 0ff2651acdebec6dbd890d82fcef3d5df829fb023843718f10d13c40ce0f1929
                                              • Instruction ID: 47f5995e044f539e15cc226d914a8638c2d90afbe09e3999c37174a14c199fc6
                                              • Opcode Fuzzy Hash: 0ff2651acdebec6dbd890d82fcef3d5df829fb023843718f10d13c40ce0f1929
                                              • Instruction Fuzzy Hash: 5A819A706483457EEB216BB19C49B6A3F649B04706F94027EF649602F2EF7C49C4C76E

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 745 457aa0-457ab1 746 457ab3-457acd call 457968 745->746 747 457ad2-457ad9 745->747 746->747 749 457adb-457af5 call 457968 747->749 750 457afa-457b01 747->750 749->750 751 457b03-457b1d call 457968 750->751 752 457b22-457b29 call 45163c 750->752 751->752 759 457b2e-457b32 752->759 760 457b34-457b5e call 451228 759->760 761 457b59-457b5c 759->761 765 457b65-457b80 FindFirstFileW 760->765 761->759 766 457bd0-457bd4 765->766 767 457b82-457b93 call 4511ac 765->767 768 457bd6-457c18 766->768 769 457bd8-457be2 766->769 775 457b95-457ba7 FindClose call 45789c 767->775 776 457bb3-457bc5 FindNextFileW 767->776 772 457be4-457be9 769->772 773 457c07-457c0a 769->773 777 457c02-457c05 772->777 778 457beb-457c00 call 451228 772->778 773->765 782 457bac-457bb0 775->782 776->767 780 457bc7-457bca FindClose 776->780 777->772 778->773 780->766
                                              APIs
                                              • FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00457B73
                                              • FindClose.KERNELBASE(000000FF,?,00000000), ref: 00457B98
                                              • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00457BBD
                                              • FindClose.KERNELBASE(000000FF), ref: 00457BCA
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$CloseFile$FirstNext
                                              • String ID:
                                              • API String ID: 1164774033-0
                                              • Opcode ID: ee7e978b5a30d3f7794f3f5b7ee80c147b3cefab33428d69e15b9139f95558d0
                                              • Instruction ID: bc74b417f5dde1befe86a7214af813395b032cfaebfd784624fb6aca879dc846
                                              • Opcode Fuzzy Hash: ee7e978b5a30d3f7794f3f5b7ee80c147b3cefab33428d69e15b9139f95558d0
                                              • Instruction Fuzzy Hash: C84194B0808204EBCB119F64FC89B5E7B74EB01306F4085F7EC09A6263D77859D9DB59
                                              APIs
                                              • NtSetInformationProcess.NTDLL(000000FF,00000021,00000000,00000004,00000004,00000000,00468C75), ref: 0045D571
                                              • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002), ref: 0045D583
                                              • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004), ref: 0045D598
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationProcess
                                              • String ID:
                                              • API String ID: 1801817001-0
                                              • Opcode ID: 9a609a0278fc4ad0543198dd2358aee24b11265f373a3348c5187b3a6ecf2bb4
                                              • Instruction ID: 564e10fe6b6f79aaa4ff22cbbd63c80f8f89a9402317c5cf19971fb4318995d2
                                              • Opcode Fuzzy Hash: 9a609a0278fc4ad0543198dd2358aee24b11265f373a3348c5187b3a6ecf2bb4
                                              • Instruction Fuzzy Hash: 2BF082B0144214ABEB21AB94CCC9F113B98AB05725F500361B735DD0E2DBB484448716
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,CF75D174), ref: 0045D2D1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-3916222277
                                              • Opcode ID: fcd5e86fd71bf1a4048c8c3c90c7ca40d2da8c33d192929ca0cdf1c30c630330
                                              • Instruction ID: 5e30dc59bc5083b4cc694dba0b19e8d7f99e5a9e3befc42e20002df8c5e89a04
                                              • Opcode Fuzzy Hash: fcd5e86fd71bf1a4048c8c3c90c7ca40d2da8c33d192929ca0cdf1c30c630330
                                              • Instruction Fuzzy Hash: 8CF090B0904208FBDB10CBA4DC88BDEB77CEB04725F5042A5B914E62C1D6349B44C758
                                              APIs
                                                • Part of subcall function 004586A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004691D4,?,00000000,00000000), ref: 004586C4
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00459CAE
                                              • Sleep.KERNELBASE(000007D0,?), ref: 00459D75
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeapInformationQuerySleepSystem
                                              • String ID:
                                              • API String ID: 3184523392-0
                                              • Opcode ID: 5145168ed05e23ea20252bd33c05f6194d2c4b38380c030d12cb48d9531d9bab
                                              • Instruction ID: 113110ff979dd636e691a85c05056aca2d345761e87250afd93920991d03e03f
                                              • Opcode Fuzzy Hash: 5145168ed05e23ea20252bd33c05f6194d2c4b38380c030d12cb48d9531d9bab
                                              • Instruction Fuzzy Hash: 54215170800108EFDF119F90CD44BDEBBB8EF04309F50809AE915B6152DB7A9E49DF99
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 0045ADBA
                                                • Part of subcall function 0045B5FC: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 0045B629
                                                • Part of subcall function 0045B6A4: NtClose.NTDLL(00000000), ref: 0045B795
                                              • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,86FC5592), ref: 0045ADF1
                                                • Part of subcall function 0045ABD8: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,2AD8ADAB), ref: 0045AC16
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                                              • String ID:
                                              • API String ID: 1903255304-0
                                              • Opcode ID: 1f412c5095a2a9eb8ffdf8b6d08a90a920e93c2a7c35d5df636b2c854c633d6d
                                              • Instruction ID: 460ab1c960da66c42ea463253e3b58bdb4ec11c0f99d92bfbd22615c0f60b7c4
                                              • Opcode Fuzzy Hash: 1f412c5095a2a9eb8ffdf8b6d08a90a920e93c2a7c35d5df636b2c854c633d6d
                                              • Instruction Fuzzy Hash: 18218A70640309BBEF209BA4CC4FB9F7E7C9F00706F104255BD05A61D2D7798998CB5A
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 0045ADBA
                                                • Part of subcall function 0045B5FC: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 0045B629
                                                • Part of subcall function 0045B6A4: NtClose.NTDLL(00000000), ref: 0045B795
                                              • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,86FC5592), ref: 0045ADF1
                                                • Part of subcall function 0045ABD8: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,2AD8ADAB), ref: 0045AC16
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                                              • String ID:
                                              • API String ID: 1903255304-0
                                              • Opcode ID: 65491daf7750a3e04d8b7413f53f4093610bac824b856aa463be77861fc44f12
                                              • Instruction ID: b781e0d382ab1c4359748d627ff5ab2f8af6ece92c1c37e5fc023da588b711b3
                                              • Opcode Fuzzy Hash: 65491daf7750a3e04d8b7413f53f4093610bac824b856aa463be77861fc44f12
                                              • Instruction Fuzzy Hash: 3C218A70640309BBEF209BA4CC4FB9F7E7C9F00706F104255BD05A61D2D7798998CB5A
                                              APIs
                                                • Part of subcall function 00459400: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 0045946F
                                                • Part of subcall function 00459400: FindClose.KERNELBASE(000000FF), ref: 004594CC
                                              • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 0045938F
                                              • FindNextFileW.KERNELBASE(000000FF,?), ref: 004593E6
                                                • Part of subcall function 004594DC: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00459563
                                                • Part of subcall function 004594DC: GetFileAttributesW.KERNELBASE(00000000), ref: 004595F6
                                                • Part of subcall function 004594DC: FindNextFileW.KERNELBASE(000000FF,?), ref: 0045965F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FileFind$First$Next$AttributesClose
                                              • String ID:
                                              • API String ID: 95010735-0
                                              • Opcode ID: bffe21e7ce2755275d8f3dcbea30b49107be88e2d0a048ee641bd60aecb9af76
                                              • Instruction ID: bc440973d1405ee0e0182db0cad6d22535566fe2e33c6effed96cdde641998b2
                                              • Opcode Fuzzy Hash: bffe21e7ce2755275d8f3dcbea30b49107be88e2d0a048ee641bd60aecb9af76
                                              • Instruction Fuzzy Hash: 6F214F7194020CEBDB20EFA0DD49FDA777CAB04305F4004A2AA0CD2191E7349F58CB69
                                              APIs
                                              • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 0045946F
                                              • FindClose.KERNELBASE(000000FF), ref: 004594CC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$CloseFileFirst
                                              • String ID:
                                              • API String ID: 2295610775-0
                                              • Opcode ID: 2d29f5c3ae99ea3415ecd39f9698901a50715c566d9e96b24cc7af6be745ac5f
                                              • Instruction ID: 64d37f457c51442985dd54f6fa643bcade8fc4b433122669cf88c7380edde951
                                              • Opcode Fuzzy Hash: 2d29f5c3ae99ea3415ecd39f9698901a50715c566d9e96b24cc7af6be745ac5f
                                              • Instruction Fuzzy Hash: 10210BB0904208FFDB109FA0DD0CB9DBBB9FB04305F5081A1E90CA62A1D7759A99DF99
                                              APIs
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00459CAE
                                              • Sleep.KERNELBASE(000007D0,?), ref: 00459D75
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQuerySleepSystem
                                              • String ID:
                                              • API String ID: 3518162127-0
                                              • Opcode ID: 3a02da87ea57924d7d7131393f8661b2ae73d2bb0587148a2b0a7fffb50f6cc2
                                              • Instruction ID: 2a0c96d0fed4efe7621c3e3ca3ec758c209b8c17ef31acbe3bd99f0bdc167659
                                              • Opcode Fuzzy Hash: 3a02da87ea57924d7d7131393f8661b2ae73d2bb0587148a2b0a7fffb50f6cc2
                                              • Instruction Fuzzy Hash: 7C21BD71900209EFDF11DF90CD44B9E7BB8FF04309F60809AE905AA152D77A9A49DF55
                                              APIs
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00459CAE
                                              • Sleep.KERNELBASE(000007D0,?), ref: 00459D75
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQuerySleepSystem
                                              • String ID:
                                              • API String ID: 3518162127-0
                                              • Opcode ID: c24734762fe8d549b0b11fedee7403725c794450323c60c6143ae4e4777e4888
                                              • Instruction ID: 2a0c96d0fed4efe7621c3e3ca3ec758c209b8c17ef31acbe3bd99f0bdc167659
                                              • Opcode Fuzzy Hash: c24734762fe8d549b0b11fedee7403725c794450323c60c6143ae4e4777e4888
                                              • Instruction Fuzzy Hash: 7C21BD71900209EFDF11DF90CD44B9E7BB8FF04309F60809AE905AA152D77A9A49DF55
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,0045FC5C,00000000,00000000,00000000,?,00000000), ref: 00460021
                                                • Part of subcall function 0045D264: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,004583B9,00000000,00477864,00458208,00000000,00000000,00477850,004581F0,00000000,00000000,00477844), ref: 0045D285
                                              • NtClose.NTDLL(00000000,00000000,?,00000000), ref: 00460034
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$CloseCreateInformation
                                              • String ID:
                                              • API String ID: 3895992022-0
                                              • Opcode ID: 5fbf369e67166f763f0e55d8bbe26f8b47054e76b3e72c1307b28123e93e4ff3
                                              • Instruction ID: e5efa0e6889be5227096d05197047e07faa3ff0aca9d631f7579f1f30bf5a985
                                              • Opcode Fuzzy Hash: 5fbf369e67166f763f0e55d8bbe26f8b47054e76b3e72c1307b28123e93e4ff3
                                              • Instruction Fuzzy Hash: B101FE30748315BBE3317BA4AC89B8A3658DB04715F700271F909A22D2EBB89D45C59E
                                              APIs
                                              • NtSetInformationThread.NTDLL(000000FE,00000005,00000008,00000004), ref: 0045D244
                                              • NtClose.NTDLL(00000008), ref: 0045D252
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CloseInformationThread
                                              • String ID:
                                              • API String ID: 3167811113-0
                                              • Opcode ID: aa09b38982df6a2f45a8459394dfd88041f6bfb43973d0459c0d7992e6137689
                                              • Instruction ID: 4b0fbcd6fda391f474584b8b2e87616d9482bb2641f424e11b3c88dd6ca3ded9
                                              • Opcode Fuzzy Hash: aa09b38982df6a2f45a8459394dfd88041f6bfb43973d0459c0d7992e6137689
                                              • Instruction Fuzzy Hash: FF012170504208AFE720CF50CC49FABBBACFF00305F5081A5E9189A1A2D7B5CA08DB95
                                              APIs
                                              • GetLogicalDriveStringsW.KERNELBASE(00000104,?,?,00000000), ref: 004592EF
                                              • GetDriveTypeW.KERNELBASE(?,?,00000000), ref: 00459305
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Drive$LogicalStringsType
                                              • String ID:
                                              • API String ID: 1630765265-0
                                              • Opcode ID: 9b09e50e2c1a9a39a633a45f3223ba3b9d8de48e01f58db8d9a63061f1faa570
                                              • Instruction ID: e06bece0cd361e0516a5aecc29c62fa8ec82a77a5ee213e4af2316f904e34dcc
                                              • Opcode Fuzzy Hash: 9b09e50e2c1a9a39a633a45f3223ba3b9d8de48e01f58db8d9a63061f1faa570
                                              • Instruction Fuzzy Hash: F6E02B3250071AE7CF2067D45CC9DEBB32CDB08302F400162EE48D2292DB549D8D86D9
                                              APIs
                                              • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 0045BED6
                                              • FindClose.KERNELBASE(000000FF), ref: 0045BEFC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$CloseFileFirst
                                              • String ID:
                                              • API String ID: 2295610775-0
                                              • Opcode ID: af4b5c9c1ad28fb63792fbde4df425e422d777990dcd28dce7a3656d5aaee49a
                                              • Instruction ID: 5474a3cd8d601fd408bb18cba08c3cd62eed90227a3b04be146482a5517e1d4f
                                              • Opcode Fuzzy Hash: af4b5c9c1ad28fb63792fbde4df425e422d777990dcd28dce7a3656d5aaee49a
                                              • Instruction Fuzzy Hash: 31F0B774901208FFDB60DFA4CC49B9CBBB4EB44311F2082A5A918AB2A0D7716A95DF44
                                              APIs
                                              • NtQueryDefaultUILanguage.NTDLL(?), ref: 00459F02
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: DefaultLanguageQuery
                                              • String ID:
                                              • API String ID: 1532992581-0
                                              • Opcode ID: 5217512fd5a8bc888d69a5312817abcc2c39b9ac3631af8ad3e0d9ca4410bd92
                                              • Instruction ID: d4a6e0a779cadc38baed10c26bed7b3ce65f0b70da69294f1a6a72ac815c759c
                                              • Opcode Fuzzy Hash: 5217512fd5a8bc888d69a5312817abcc2c39b9ac3631af8ad3e0d9ca4410bd92
                                              • Instruction Fuzzy Hash: 2D31E813BAA5068AFFB5E85095416F7A208F310B63EED1227CD4A833C3459D1C9E975F
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: 90254bf16fad4af451fe1613c45b1b48d6050c308cd1e178380f37a9918de6e4
                                              • Instruction ID: 71b0ba3fb276f146c7d9884167e505046ad89d6382ac95aa2aea226f94bada8e
                                              • Opcode Fuzzy Hash: 90254bf16fad4af451fe1613c45b1b48d6050c308cd1e178380f37a9918de6e4
                                              • Instruction Fuzzy Hash: 7B319B7080020CEFEB11CF94D858BDEBFB8FF04309F508159E815AA291D7BA9A49DF95
                                              APIs
                                                • Part of subcall function 004586A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004691D4,?,00000000,00000000), ref: 004586C4
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 0045B629
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeapInformationQuerySystem
                                              • String ID:
                                              • API String ID: 3114120137-0
                                              • Opcode ID: 8e6ee606e7ec7d6c981cf5e3a95387db64c90f320f52960c8f2ec17dfa842d31
                                              • Instruction ID: 6fa369e02f7f4aec22442f665fe4a114b8c4d7cdabaf75d84b339d93465c0818
                                              • Opcode Fuzzy Hash: 8e6ee606e7ec7d6c981cf5e3a95387db64c90f320f52960c8f2ec17dfa842d31
                                              • Instruction Fuzzy Hash: 2B115E71D00108FBCF119F85D881A9EBB74EF14316F604197ED10B6252DB3A5A54DB8A
                                              APIs
                                              • NtQueryInformationToken.NTDLL(00000000,00000001,?,00000028,?,00000000), ref: 00458B43
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQueryToken
                                              • String ID:
                                              • API String ID: 4239771691-0
                                              • Opcode ID: 7cb13adef2763494303e71249d1072f34ef99305b16e351f5e463105fc78f758
                                              • Instruction ID: 6cc73ee2480ca2ccc1fdbf067a6bc3b39962cf7d8e5cbec6c904d9fad9b3f08f
                                              • Opcode Fuzzy Hash: 7cb13adef2763494303e71249d1072f34ef99305b16e351f5e463105fc78f758
                                              • Instruction Fuzzy Hash: 02114CB0904209EBDF108F90DC88BAEBB78BB00306F50416AF915B22A1DF755A98DB59
                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 004578ED
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: 3d5af2034d2219b8601d07cd8d63bc4231dbef01884e4b4c4e210a6a5c59bc0e
                                              • Instruction ID: 248b8fd9538792bd3e9d3625c41d7d89636454f512abf34ce8c36dc071e66dcb
                                              • Opcode Fuzzy Hash: 3d5af2034d2219b8601d07cd8d63bc4231dbef01884e4b4c4e210a6a5c59bc0e
                                              • Instruction Fuzzy Hash: 26F0193690410DBADF10EAA5E848FDEB7BCAB04355F0040A6AD08A7141E634AA0C9BA5
                                              APIs
                                              • NtQueryInformationToken.NTDLL(?,00000001,?,0000002C,?), ref: 0045D4BE
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQueryToken
                                              • String ID:
                                              • API String ID: 4239771691-0
                                              • Opcode ID: 5f56c888be9ad1d1bd581ad4721ff8e4620c97d14bbce535bce3a7e7e7c7e084
                                              • Instruction ID: f8f16c0a334e599e3d8483d2e593740f2d264ed273aeec9b7d8ee92b9be66a7e
                                              • Opcode Fuzzy Hash: 5f56c888be9ad1d1bd581ad4721ff8e4620c97d14bbce535bce3a7e7e7c7e084
                                              • Instruction Fuzzy Hash: 73F09031A04208BFEB20DB94DC85EAABB7DFB01311F5002B2F904D22A1E375AE488A15
                                              APIs
                                              • NtTerminateProcess.NTDLL(0045AFC4,00000000), ref: 0045FAA7
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ProcessTerminate
                                              • String ID:
                                              • API String ID: 560597551-0
                                              • Opcode ID: 83113b8af85616d3cab8de1064b138469f204c129f6cbe06a6741da1f5950255
                                              • Instruction ID: 9f69b5603863957d33bf0a5fb06a29939348880c6f6e30fb4c0e4d98252be082
                                              • Opcode Fuzzy Hash: 83113b8af85616d3cab8de1064b138469f204c129f6cbe06a6741da1f5950255
                                              • Instruction Fuzzy Hash: 9101AC71901208EFDB00CF90C958BDEBFB8FB04318F548199E904AB291D7B6964ADF95
                                              APIs
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 0045B629
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQuerySystem
                                              • String ID:
                                              • API String ID: 3562636166-0
                                              • Opcode ID: 165469d7f91ef1a9ffca3c0d1e4c2cd1048fb363c5aa80875e643253b85b4e83
                                              • Instruction ID: 13dc390504f68848b3f8621af62306c578f6ca50c5cb75044f1a5b015bef9ec7
                                              • Opcode Fuzzy Hash: 165469d7f91ef1a9ffca3c0d1e4c2cd1048fb363c5aa80875e643253b85b4e83
                                              • Instruction Fuzzy Hash: 62F03035900108EBCF109F84D881FADBBB4EF04302F604097ED00A7252D7769D54DB8B
                                              APIs
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 0045B629
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQuerySystem
                                              • String ID:
                                              • API String ID: 3562636166-0
                                              • Opcode ID: 2178de0ebf41033b48104211f5acc96252b3fd06b340787ae39917b0667102c1
                                              • Instruction ID: 13dc390504f68848b3f8621af62306c578f6ca50c5cb75044f1a5b015bef9ec7
                                              • Opcode Fuzzy Hash: 2178de0ebf41033b48104211f5acc96252b3fd06b340787ae39917b0667102c1
                                              • Instruction Fuzzy Hash: 62F03035900108EBCF109F84D881FADBBB4EF04302F604097ED00A7252D7769D54DB8B
                                              APIs
                                              • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,004583B9,00000000,00477864,00458208,00000000,00000000,00477850,004581F0,00000000,00000000,00477844), ref: 0045D285
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationThread
                                              • String ID:
                                              • API String ID: 4046476035-0
                                              • Opcode ID: 4ad16a7bccd1418f620c1fb73ec639ba7d8e990f33f91fcea4d009b4323b0ce3
                                              • Instruction ID: 9c1ff0fa5ccd1ee392782e3b9cb8f3e0b01acac2a695d2489ed89b145c5430ae
                                              • Opcode Fuzzy Hash: 4ad16a7bccd1418f620c1fb73ec639ba7d8e990f33f91fcea4d009b4323b0ce3
                                              • Instruction Fuzzy Hash: 00D0A77299820CEFEB209B54DC05FB7375CD725342F504225B90BC5091D6B4E495D698

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Create$Text$DialogParam$ColorLoadSelect$BrushCommandLibraryLineNameObjectPixelSolid$AtomAttributesBitmapCharsetClassExitFileFontHeapImageMetricsPaletteProcess
                                              • String ID:
                                              • API String ID: 1334329500-0
                                              • Opcode ID: 38e65e88b4480f279186a8238c5c1df2c167d590b8c29ea851e43042191f5e1b
                                              • Instruction ID: ad66fed8814e21a6bd899804582638713155b144649ec8fa833418141e245d70
                                              • Opcode Fuzzy Hash: 38e65e88b4480f279186a8238c5c1df2c167d590b8c29ea851e43042191f5e1b
                                              • Instruction Fuzzy Hash: 82F02B50454952D88A1037F7460B25D260C4EAE31DB10556FBC54666C37EBE1CE789BF

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 94 45a060-45a0b9 95 45a0c0-45a0cf 94->95 96 45a0bb 94->96 101 45a0d6-45a0e6 95->101 102 45a0d1 95->102 97 45a6e9-45a6ed 96->97 99 45a6ef 97->99 100 45a6f8-45a6fc 97->100 99->100 103 45a70d-45a711 100->103 104 45a6fe-45a702 100->104 111 45a0ed-45a0fd 101->111 112 45a0e8 101->112 102->97 105 45a713 103->105 106 45a71c-45a720 103->106 104->103 107 45a704 104->107 105->106 108 45a722 106->108 109 45a72b-45a72f 106->109 107->103 108->109 113 45a731-45a734 call 4586d0 109->113 114 45a739-45a73d 109->114 122 45a104-45a11f call 462968 111->122 123 45a0ff 111->123 112->97 113->114 116 45a747-45a74b 114->116 117 45a73f-45a742 call 4586d0 114->117 120 45a756-45a75a 116->120 121 45a74d 116->121 117->116 124 45a765-45a769 120->124 125 45a75c 120->125 121->120 132 45a121-45a146 122->132 133 45a149-45a1d9 call 451228 122->133 123->97 126 45a774-45a778 124->126 127 45a76b 124->127 125->124 129 45a785-45a78b 126->129 130 45a77a-45a77d 126->130 127->126 130->129 132->133 140 45a1e0-45a1ee 133->140 141 45a1db 133->141 143 45a1f5-45a206 call 4586a8 140->143 144 45a1f0 140->144 141->97 147 45a20d-45a215 call 451548 143->147 148 45a208 143->148 144->97 151 45a217-45a228 call 458c4c 147->151 152 45a231-45a242 call 458c4c 147->152 148->97 157 45a22f 151->157 158 45a22a 151->158 159 45a244 152->159 160 45a249-45a262 152->160 157->160 158->97 159->97 162 45a264-45a273 call 4586d0 160->162 163 45a278-45a28b GetTextExtentPoint32W 160->163 162->97 165 45a292-45a2a8 163->165 166 45a28d 163->166 169 45a2af-45a2bd 165->169 170 45a2aa 165->170 166->97 172 45a2c4-45a317 call 451548 169->172 173 45a2bf 169->173 170->97 179 45a319-45a326 172->179 180 45a328 172->180 173->97 181 45a32b-45a34c DrawTextW 179->181 180->181 182 45a353-45a3fb 181->182 183 45a34e 181->183 187 45a402-45a42f 182->187 188 45a3fd 182->188 183->97 191 45a436-45a4af call 4516a4 call 451228 CreateFileW 187->191 192 45a431 187->192 188->97 200 45a4b6-45a4d0 WriteFile 191->200 201 45a4b1 191->201 192->97 202 45a4d7-45a4ee WriteFile 200->202 203 45a4d2 200->203 201->97 204 45a4f5-45a50c WriteFile 202->204 205 45a4f0 202->205 203->97 206 45a513-45a537 call 458afc 204->206 207 45a50e 204->207 205->97 211 45a53e-45a5e2 call 4516a4 call 451228 RegCreateKeyExW 206->211 212 45a539 206->212 207->97 218 45a5e4 211->218 219 45a5e9-45a648 call 451228 RegSetValueExW 211->219 212->97 218->97 223 45a64f-45a6d0 call 451228 RegSetValueExW 219->223 224 45a64a 219->224 228 45a6d4-45a6d8 223->228 229 45a6d2 223->229 224->97 228->97 230 45a6da-45a6e1 228->230 229->97 230->97
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: ($BM
                                              • API String ID: 0-2980357723
                                              • Opcode ID: 16ecc2a7d8f5f19cd18cac73de88cde77c01ad0e5be4e5775cf4f233d667936b
                                              • Instruction ID: 3eb4c7d3c4250d99296171ddcbde3a0080287bd96c6b1efea38a19b768112581
                                              • Opcode Fuzzy Hash: 16ecc2a7d8f5f19cd18cac73de88cde77c01ad0e5be4e5775cf4f233d667936b
                                              • Instruction Fuzzy Hash: C2229070900208EFDF109F94DC49BEEBB74FF04306F50416AE515BA2A1D77989A8CF6A

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 784 460244-460282 SetFileAttributesW CreateFileW 785 460284-4602a1 SetFilePointerEx 784->785 786 4602f9-460300 784->786 787 4602a3-4602c0 ReadFile 785->787 788 4602f0 785->788 787->788 789 4602c2-4602d7 call 460138 787->789 788->786 789->788 792 4602d9-4602e1 789->792 793 4602e3 792->793 794 4602ea-4602eb call 4586d0 792->794 793->794 794->788
                                              APIs
                                              • SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 0046025D
                                              • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00460275
                                              • SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 00460299
                                              • ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 004602B8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$AttributesCreatePointerRead
                                              • String ID:
                                              • API String ID: 4170910816-0
                                              • Opcode ID: 9543aff8f5af56895d48a6a096dfd9f74cc296613bfde822adab9917e850e2e7
                                              • Instruction ID: c0876db25e8766dc56fad915f061fd3853bf40fd5d7e3f278b4f3acc745dae0e
                                              • Opcode Fuzzy Hash: 9543aff8f5af56895d48a6a096dfd9f74cc296613bfde822adab9917e850e2e7
                                              • Instruction Fuzzy Hash: C0113070680209BBEB209FA4DC49F9E7B79EB04740F5081A5B604B61D0EB74AE558B19

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 796 462968-4629f6 call 451228 * 2 802 462abe-462ae5 RegCreateKeyExW 796->802 803 4629fc-462a61 796->803 804 462b93-462b99 802->804 805 462aeb-462b18 RegQueryValueExW 802->805 820 462a63-462a7f 803->820 821 462ab9 803->821 807 462b4c-462b64 call 458cb8 805->807 808 462b1a-462b43 805->808 816 462b66-462b7f RegDeleteKeyExW 807->816 817 462b81-462b88 807->817 808->807 812 462b45 808->812 812->807 816->804 817->804 823 462ab0 820->823 824 462a81-462aa7 820->824 821->804 823->821 824->823 826 462aa9 824->826 826->823
                                              APIs
                                              • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,00020119,00000000,?,00000000), ref: 00462ADD
                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,00000004,00000004,00000004), ref: 00462B10
                                              • RegDeleteKeyExW.KERNELBASE(80000002,?,00000100,00000000,000000FF,00000000), ref: 00462B79
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateDeleteQueryValue
                                              • String ID:
                                              • API String ID: 1796729037-0
                                              • Opcode ID: 2326cd8c3dbab2c39c401e6b7fe6aee205aaf50317dd54f06502df2ab9a695fc
                                              • Instruction ID: 8929e47e271c451e2813f3bc6e390cf14747b59bd3e3cfd8bc5d71c58233fae7
                                              • Opcode Fuzzy Hash: 2326cd8c3dbab2c39c401e6b7fe6aee205aaf50317dd54f06502df2ab9a695fc
                                              • Instruction Fuzzy Hash: 61513DB0900209AFEB11DF94CD45FEEBBB8FB04714F4041A5F618E61A1D7B49A54CF65
                                              APIs
                                                • Part of subcall function 00460194: SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 004601B5
                                                • Part of subcall function 00460194: CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 004601CD
                                                • Part of subcall function 00460244: SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 0046025D
                                                • Part of subcall function 00460244: CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00460275
                                                • Part of subcall function 00460244: SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 00460299
                                                • Part of subcall function 00460244: ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 004602B8
                                              • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00460ABB
                                              • CreateIoCompletionPort.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 00460B7C
                                              • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,48000000,00000000,00000000,?,00000000,?), ref: 00460B32
                                                • Part of subcall function 004586D0: RtlFreeHeap.NTDLL(?,00000000,00000000,?,00469264,00000000), ref: 004586EC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$Create$Attributes$CompletionFreeHeapMovePointerPortRead
                                              • String ID:
                                              • API String ID: 97630321-0
                                              • Opcode ID: 9b97702b53c16184af2dfd75c4beba97b1da08c250cb192f764af27c5eba4298
                                              • Instruction ID: 871da6b69f0c404afcab1cefa34d0b74e3f439cdf18887affd4fdb2c39014d6b
                                              • Opcode Fuzzy Hash: 9b97702b53c16184af2dfd75c4beba97b1da08c250cb192f764af27c5eba4298
                                              • Instruction Fuzzy Hash: 5D516830904208FFDF216FA1DD09B8E7F79EB00749F508066B519641A1EB7A9A94DF4E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b34b0f2cb7f76c8bfb9a7c3ed06004fcb24febaabe80bc733c97fbc97295342a
                                              • Instruction ID: 85efa9ed972977cf5abc206e53b464e79314286fe5a8c3e757d4af5708d01a40
                                              • Opcode Fuzzy Hash: b34b0f2cb7f76c8bfb9a7c3ed06004fcb24febaabe80bc733c97fbc97295342a
                                              • Instruction Fuzzy Hash: CA214F30804218FFCF25AF61DD4578D7BB1AF15716F604166E805651B2C7BA0FA8FB4A
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,0045C290,?,00000004,00000000), ref: 0045C2D9
                                              • ResumeThread.KERNELBASE(00000000), ref: 0045C31D
                                              • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 0045C335
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$CodeCreateExitResume
                                              • String ID:
                                              • API String ID: 4070214711-0
                                              • Opcode ID: f309bab2ddd208e5814814d394cfadae67f167f3663e35fd50d3307b4ede0d94
                                              • Instruction ID: 34aa55c7aaf2c7f5f0fc1e2854227ac1bb24a36f03e848121b892a5bbe12fbf0
                                              • Opcode Fuzzy Hash: f309bab2ddd208e5814814d394cfadae67f167f3663e35fd50d3307b4ede0d94
                                              • Instruction Fuzzy Hash: CF11D231904208FFDB10DF94DD49B9DBFB4EB04312F2081A6FD19A62A1D7715B94EB48
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,0045BFD0,?,00000004,00000000), ref: 0045C004
                                              • ResumeThread.KERNELBASE(00000000), ref: 0045C048
                                              • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 0045C060
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$CodeCreateExitResume
                                              • String ID:
                                              • API String ID: 4070214711-0
                                              • Opcode ID: aa3b753a4e5af279b6c987b353e1daf60daa04b129bd8a551e6ba60d7d737f74
                                              • Instruction ID: adcc13c0c186340362be42678b1e79f85a8cd28ccd4dbf2f92974a0c2fd0c34c
                                              • Opcode Fuzzy Hash: aa3b753a4e5af279b6c987b353e1daf60daa04b129bd8a551e6ba60d7d737f74
                                              • Instruction Fuzzy Hash: 93113931904208FFDF219F94DD4AB8DBF70EB04712F2041A1F908A22E0D7755B98EB48
                                              APIs
                                              • CoInitialize.OLE32(00000000), ref: 004596C3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Initialize
                                              • String ID: @
                                              • API String ID: 2538663250-2766056989
                                              • Opcode ID: ed6a4e7b4fbfac3fba1581daf696a8ed62195939417383d4a33f9a215064929e
                                              • Instruction ID: 783e3286ab9431fbe068daab6a44fd1e7c4b5c649c590c4b2b07eedc26dbd437
                                              • Opcode Fuzzy Hash: ed6a4e7b4fbfac3fba1581daf696a8ed62195939417383d4a33f9a215064929e
                                              • Instruction Fuzzy Hash: 36D146B0900209EFDB00DF94C889F9EBB78FF15701F118196E518AB2A2D775DA59CFA4
                                              APIs
                                              • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 004601B5
                                              • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 004601CD
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$AttributesCreate
                                              • String ID:
                                              • API String ID: 415043291-0
                                              • Opcode ID: 26088d43cd4038a966b8aa3897a2eab5c5a0561e812e4288b1638ca06e4a7d8b
                                              • Instruction ID: 68105effddafb8c62d8af7a979fcf9510b9a9afb4903c2bf099633fc08158a5b
                                              • Opcode Fuzzy Hash: 26088d43cd4038a966b8aa3897a2eab5c5a0561e812e4288b1638ca06e4a7d8b
                                              • Instruction Fuzzy Hash: EB119130944208FAEB204B90DC4DBAF7B74EF01725F2082A7FA15641D0E7791E86DA1F
                                              APIs
                                              • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00460ABB
                                              • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,48000000,00000000,00000000,?,00000000,?), ref: 00460B32
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$CreateMove
                                              • String ID:
                                              • API String ID: 3198096935-0
                                              • Opcode ID: 294bf3a9782554613a98691ef0cf46c42c744b9b0762d51e1d7c855d4cc4c9e2
                                              • Instruction ID: 8701617f3a6372ba2222cdc04b2ac3e6f75607f52ddbffaae46fa6beb321a698
                                              • Opcode Fuzzy Hash: 294bf3a9782554613a98691ef0cf46c42c744b9b0762d51e1d7c855d4cc4c9e2
                                              • Instruction Fuzzy Hash: 8DF04F30A04208FADB319B94DC05B9EB730EB10755F2082A7E615741E0E7791691EB4F
                                              APIs
                                              • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 004601B5
                                              • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 004601CD
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$AttributesCreate
                                              • String ID:
                                              • API String ID: 415043291-0
                                              • Opcode ID: 8a07ed9408788f982e8770127d8e05aaff12a4f59a025365f5b36a5171f7a288
                                              • Instruction ID: 281b30b527e0339ccdcc51fd18fdf30ed3b55463026ac0e783f862b83ae4cd69
                                              • Opcode Fuzzy Hash: 8a07ed9408788f982e8770127d8e05aaff12a4f59a025365f5b36a5171f7a288
                                              • Instruction Fuzzy Hash: D9E04830584605FAEB311F60DC15B9A3960BF05750F204633FB56A85E0E7B959829A0F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateThread
                                              • String ID:
                                              • API String ID: 2422867632-0
                                              • Opcode ID: dcc63a8206908ee45c8761cdb204f845a95a97272955ee9b7206fab8bc6ac825
                                              • Instruction ID: cea4596565ec90a9376ff29461249987b69eeb9ca2281f0486a88851bee390d9
                                              • Opcode Fuzzy Hash: dcc63a8206908ee45c8761cdb204f845a95a97272955ee9b7206fab8bc6ac825
                                              • Instruction Fuzzy Hash: 70618270D0460AFFDF10AF91DD45BAFBB74FB04305F60022AE901722A1EBB95A45DB5A
                                              APIs
                                              • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,BF092720,?,?,0046B47A), ref: 0045823D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateHeap
                                              • String ID:
                                              • API String ID: 10892065-0
                                              • Opcode ID: 091b4bf22b05155e7d00af9096df3d5d08d9b9f227f86e38481fb24f4cf1de8f
                                              • Instruction ID: dd3d0bccc2ed523f44ac244c2350dc6dbce5a13cb00c892584d61c992dd634e7
                                              • Opcode Fuzzy Hash: 091b4bf22b05155e7d00af9096df3d5d08d9b9f227f86e38481fb24f4cf1de8f
                                              • Instruction Fuzzy Hash: 5D31631028A75139403632A76D0FFCB1D188EA2F9BB61487FBE48751CB8C9C548EC1BE
                                              APIs
                                              • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,BF092720,?,?,0046B47A), ref: 0045823D
                                                • Part of subcall function 0045D264: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,004583B9,00000000,00477864,00458208,00000000,00000000,00477850,004581F0,00000000,00000000,00477844), ref: 0045D285
                                                • Part of subcall function 0045D290: NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,CF75D174), ref: 0045D2D1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateHeapInformationMemoryProtectThreadVirtual
                                              • String ID:
                                              • API String ID: 2986011945-0
                                              • Opcode ID: f205f03d15377f861fe9877dc3c610a522cb96e71c3dd12b45d6fbed8c6ea7de
                                              • Instruction ID: a3be3b25c645cbed9e80888e06f426cfdf36b2aaf77732bdd0c4e7410d209aed
                                              • Opcode Fuzzy Hash: f205f03d15377f861fe9877dc3c610a522cb96e71c3dd12b45d6fbed8c6ea7de
                                              • Instruction Fuzzy Hash: 4931431028A75139443632A76E0FF8B1D288EA2FAB765487F7E08751CB9C9C544EC1BE
                                              APIs
                                                • Part of subcall function 00457AA0: FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00457B73
                                                • Part of subcall function 00457AA0: FindClose.KERNELBASE(000000FF,?,00000000), ref: 00457B98
                                              • RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,00458280,00477408,00457D64,00000000,00000000,29667813), ref: 00457C60
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$AllocateCloseFileFirstHeap
                                              • String ID:
                                              • API String ID: 1673784098-0
                                              • Opcode ID: 9cc57c90699d7468f98b3ea184075543cf4284fb8ee7587352e1fa1fd5e0345c
                                              • Instruction ID: 7395940e9cd8b5568fa9b45c3b5a6ef7759c0ac66b143e95ac12757357f9a38e
                                              • Opcode Fuzzy Hash: 9cc57c90699d7468f98b3ea184075543cf4284fb8ee7587352e1fa1fd5e0345c
                                              • Instruction Fuzzy Hash: AC31C9316483469FDB108F249880756F6A1BF14352F18C7BAE9098F393E675C489C7DB
                                              APIs
                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000004), ref: 00459B2F
                                                • Part of subcall function 004586A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004691D4,?,00000000,00000000), ref: 004586C4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeapManagerOpen
                                              • String ID:
                                              • API String ID: 963794170-0
                                              • Opcode ID: 3f90c9f60a44ccff2b5571f6016f479f3222cb3a27c3c659813067f12e6ea333
                                              • Instruction ID: 04751ca9279427f253b80dd2712c358bb60cf7bc05bb90004148477a9d4d7a25
                                              • Opcode Fuzzy Hash: 3f90c9f60a44ccff2b5571f6016f479f3222cb3a27c3c659813067f12e6ea333
                                              • Instruction Fuzzy Hash: 0A313531940208FBEF12AF94DD0AFEEBBB9BB04702F504066F600B51E1D7B51A94DB58
                                              APIs
                                                • Part of subcall function 0045AE6C: RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 0045AE8E
                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 0045AFDF
                                                • Part of subcall function 0045FA44: NtTerminateProcess.NTDLL(0045AFC4,00000000), ref: 0045FAA7
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AdjustCloseHandlePrivilegeProcessServiceTerminate
                                              • String ID:
                                              • API String ID: 3176663195-0
                                              • Opcode ID: 533c5275f1e5e19fc1403841ca427a55815257e7c036d5b551325b485bedebaf
                                              • Instruction ID: 737689e581ad6ed057f3d9118caccfa6d6a5b47b7982beddff7cf81921194d9a
                                              • Opcode Fuzzy Hash: 533c5275f1e5e19fc1403841ca427a55815257e7c036d5b551325b485bedebaf
                                              • Instruction Fuzzy Hash: 623169B0944208FFDB10AF94DC0DB9DBFB8FF04306F4041A5FA08A61A1D7B58AA8DB55
                                              APIs
                                                • Part of subcall function 0045B5FC: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 0045B629
                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,2AD8ADAB), ref: 0045AC16
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationManagerOpenQuerySystem
                                              • String ID:
                                              • API String ID: 1910025873-0
                                              • Opcode ID: b9932bdd22857815d5ff6ffe7af9b305dc1c7b24c1d45c219250c2e2f48b3d1b
                                              • Instruction ID: 0e8b8ddc83edc70dedfc5d9b165f7fe66ee68bcdf2bdfb2c393d3c06bee00437
                                              • Opcode Fuzzy Hash: b9932bdd22857815d5ff6ffe7af9b305dc1c7b24c1d45c219250c2e2f48b3d1b
                                              • Instruction Fuzzy Hash: 023130B0844208FFDF11CF94CA08B9EBBB4EB04305F5145A9E905AB2A1D7788A58DF5A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cc20e527aed009c2a82fdbf6663aaee925a0a02caddf87c2acce7d056d98ec3e
                                              • Instruction ID: e4811bd7e4413c0c165a805c4930bdfe26937f1c398bee91abe73bb8a32a00e9
                                              • Opcode Fuzzy Hash: cc20e527aed009c2a82fdbf6663aaee925a0a02caddf87c2acce7d056d98ec3e
                                              • Instruction Fuzzy Hash: 08215130940208EFDB109F94DC45B9EBB70FF16306F5080AAED04762A2EF350A98EB49
                                              APIs
                                              • CoInitialize.OLE32(00000000,?,?,?,?,00000000), ref: 0046132B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Initialize
                                              • String ID:
                                              • API String ID: 2538663250-0
                                              • Opcode ID: 18014e11f5ba626ddf31d30097d9cb21ee4e2408571607a73b8870df2d8f1226
                                              • Instruction ID: 697d7dfcda895bd2ccd197ac5de640886cef3f3cac72d5c5f2fd653310ffe13d
                                              • Opcode Fuzzy Hash: 18014e11f5ba626ddf31d30097d9cb21ee4e2408571607a73b8870df2d8f1226
                                              • Instruction Fuzzy Hash: 5CC18BB0900208AFDB10DFA4D849F9EBBB8FF01301F1480A6E515AB272D775DA55CF99
                                              APIs
                                              • CreateMutexW.KERNELBASE(0000000C,00000001,00000000), ref: 0045BA6B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateMutex
                                              • String ID:
                                              • API String ID: 1964310414-0
                                              • Opcode ID: bf1c97125d9a45a61a2be90e933aaf4f74aa24cecc7a86d61a6e9f1c99c60328
                                              • Instruction ID: 9fd0f2be8432cddbca5f4e918cf6ec7cf7db80d24c6be58b2a1eea839140168b
                                              • Opcode Fuzzy Hash: bf1c97125d9a45a61a2be90e933aaf4f74aa24cecc7a86d61a6e9f1c99c60328
                                              • Instruction Fuzzy Hash: F3111270948208EFEB119BA0DC097697B75E704306FD00266F948952E2E7755988DB5D
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 0045AE8E
                                                • Part of subcall function 0045B5FC: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 0045B629
                                                • Part of subcall function 0045B6A4: NtClose.NTDLL(00000000), ref: 0045B795
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AdjustCloseInformationPrivilegeQuerySystem
                                              • String ID:
                                              • API String ID: 327775174-0
                                              • Opcode ID: 4331ef2bf9078a908744ac0c69cf6770dcba9bf9075c3c1df7dcb8439081859c
                                              • Instruction ID: 661efca582c591c9c26de2a39a10f11ce9d5e19bfb6392be4adaedad5f632b1d
                                              • Opcode Fuzzy Hash: 4331ef2bf9078a908744ac0c69cf6770dcba9bf9075c3c1df7dcb8439081859c
                                              • Instruction Fuzzy Hash: D7016C7095030CFBEF20DB94CC4EBDEBB789B00715F104195B904A62D2E7B44A58D755
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(00000000,00000001,00000000,?), ref: 0045D547
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AdjustPrivilege
                                              • String ID:
                                              • API String ID: 3260937286-0
                                              • Opcode ID: a2c7193903ceda0c773c634eb6c38a0f62c373f32efe80c0191793f025061a25
                                              • Instruction ID: 160e6ae630f0bf6e0f2c6a858087556b2c8cfcea515b53dd8869e24a218bcd3a
                                              • Opcode Fuzzy Hash: a2c7193903ceda0c773c634eb6c38a0f62c373f32efe80c0191793f025061a25
                                              • Instruction Fuzzy Hash: D1D0C22190821976CA3016186C01BA6325D8B81326F100262AD07D6182FA56AA09029B
                                              APIs
                                              • RtlReAllocateHeap.NTDLL(?,00000008,?,00000400,?,0045B649,?,00000400), ref: 00458717
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 9d41832089b3254643de7d2e0dfd4a5eca04e46575e844e99d3d89931224e4c2
                                              • Instruction ID: 08e175843fa9c34bda7fabd22a2a983f9aa0f60d28adda9e258a1eddf587e8d5
                                              • Opcode Fuzzy Hash: 9d41832089b3254643de7d2e0dfd4a5eca04e46575e844e99d3d89931224e4c2
                                              • Instruction Fuzzy Hash: 67D0C735144604EFC751AF949C05FC63B29BB14711F418455FA444B172CB75D5A4DB94
                                              APIs
                                              • RtlFreeHeap.NTDLL(?,00000000,00000000,?,00469264,00000000), ref: 004586EC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: 8c3e24547e99b4cc2d39d323f84b526e05f74d9b37c4cd66d3f6cda461f6ef9c
                                              • Instruction ID: 82b3adfd4f97d69ea0cce21a39ed86993ef0cf0e7fa0866acd1f03e197ecbd47
                                              • Opcode Fuzzy Hash: 8c3e24547e99b4cc2d39d323f84b526e05f74d9b37c4cd66d3f6cda461f6ef9c
                                              • Instruction Fuzzy Hash: 5DD01235144304AFC710AF58AC05FDB7B289B20701F858425BB085B1B3CB79D894EA9C
                                              APIs
                                              • RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004691D4,?,00000000,00000000), ref: 004586C4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 3313a1af4110ec49cd3727590347719a2dae4788524447c5ceb7b1451d581353
                                              • Instruction ID: 1d4357547180a4ced0716160be2d4d5fc1aa09ba367b8249c8600c891b2f195e
                                              • Opcode Fuzzy Hash: 3313a1af4110ec49cd3727590347719a2dae4788524447c5ceb7b1451d581353
                                              • Instruction Fuzzy Hash: 58D02230040304AFC300AF58A805FC63B2CBB10706F804425BB484B1B3CF39D890DB98
                                              APIs
                                              • CheckTokenMembership.KERNELBASE(00000000,0045D2EC,?), ref: 0045D30D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CheckMembershipToken
                                              • String ID:
                                              • API String ID: 1351025785-0
                                              • Opcode ID: 96aa807f54804453fcd353e183849fa62edc4d0828628f8881fcb65844cc3c92
                                              • Instruction ID: 590620e8c9ba269feaf50c6184503d399238ed3f1e5e734e5c6c9e300be67da9
                                              • Opcode Fuzzy Hash: 96aa807f54804453fcd353e183849fa62edc4d0828628f8881fcb65844cc3c92
                                              • Instruction Fuzzy Hash: A7C0123494420CA7C610DAD4AC46B69B36CD704621F5003D1BD1CD22C1E6615F1455D9
                                              APIs
                                              • GetLogicalDriveStringsW.KERNELBASE(?,?), ref: 0045C29B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: DriveLogicalStrings
                                              • String ID:
                                              • API String ID: 2022863570-0
                                              • Opcode ID: 3296f354bfdc8800932a14eac1477bcb2d73608c7430651e2bcc76e257e218cc
                                              • Instruction ID: f4e410bd69cd6f8866bd414e569d4d03af59868ddae18b17d31ece75923baaf7
                                              • Opcode Fuzzy Hash: 3296f354bfdc8800932a14eac1477bcb2d73608c7430651e2bcc76e257e218cc
                                              • Instruction Fuzzy Hash: 63C09236004208EFCB019FC8EC08C85BFEAEB18700740C061F6084B532CB32E860EFA9
                                              APIs
                                              • GetDriveTypeW.KERNELBASE(?), ref: 0045BFD6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: DriveType
                                              • String ID:
                                              • API String ID: 338552980-0
                                              • Opcode ID: 5f8214d1cab96de16edf5e0ea88603a133fd5cdfd5a0f62fa5c92016ec475f82
                                              • Instruction ID: 85130f2238c42bd6d16ad96bac924b1cdba77b90c1bf2d1762c04be71913e0e6
                                              • Opcode Fuzzy Hash: 5f8214d1cab96de16edf5e0ea88603a133fd5cdfd5a0f62fa5c92016ec475f82
                                              • Instruction Fuzzy Hash: F4B0123100810CB7C7005B41EC04C457F1CE7106907404031F50C80520973254619698
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7bd3b502aa025a143df8f946cd9ce7fbb7420fb4550f99ccc4abf7550eb43b08
                                              • Instruction ID: 6a23415a369ee61e4f8cf64198e1c8caa1e97737ace4acc5dcf62ffbfacbd2b1
                                              • Opcode Fuzzy Hash: 7bd3b502aa025a143df8f946cd9ce7fbb7420fb4550f99ccc4abf7550eb43b08
                                              • Instruction Fuzzy Hash: 44E14176A11E078BD718CF18E8E0735B3A2FB99341F498539CA4987B66C375F960CB84
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 54487e00f0bf78107dcbe1c6800373d0229f5c313278b0d66e64a2483771f4a8
                                              • Instruction ID: 50bd8f991007b0e22115e4d2ab27f6b12a540cfa15a28858cf8b36aec0f4d4d7
                                              • Opcode Fuzzy Hash: 54487e00f0bf78107dcbe1c6800373d0229f5c313278b0d66e64a2483771f4a8
                                              • Instruction Fuzzy Hash: A6D13076E21A4A8BC714CF98ECE0BBAB372FB88305F098538CB1597752C634E950CB54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dd21764ff4bb1524acf1455533993e384d80da851307338f5c34217e24f0eb04
                                              • Instruction ID: 8a4af105fd0c3d86c7c558e15f7af951a52e7cb30c260a4e8640f86b8d1030ad
                                              • Opcode Fuzzy Hash: dd21764ff4bb1524acf1455533993e384d80da851307338f5c34217e24f0eb04
                                              • Instruction Fuzzy Hash: 69A14AB4501205CBEB18DF15C91175B7BA2FB85309F24C46FE8068B3A1EB7E8852CF5A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4b4ae5349aac36441dd3ac0233a1ac784a3375e58a3900e5acfb47e569883507
                                              • Instruction ID: 8aa13c44050f2e355b8892d52f45b0916f17c1938a40efd61d732a6663af4c46
                                              • Opcode Fuzzy Hash: 4b4ae5349aac36441dd3ac0233a1ac784a3375e58a3900e5acfb47e569883507
                                              • Instruction Fuzzy Hash: 643167B2A11A0A9BC328CF19C894A26F7B2FF99301755CA29C95DC3B52C334F850CB84
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1719015712.0000000000451000.00000020.00000001.01000000.00000003.sdmp, Offset: 00450000, based on PE: true
                                              • Associated: 00000000.00000002.1718999454.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719036583.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719055928.000000000046D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719077943.0000000000476000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719098188.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1719115037.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_450000_ggjLV4w8Ya.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                              • Instruction ID: bf44f4534b4979a09a819f194325c6de312f753b05295ebcc402db24dbc88e29
                                              • Opcode Fuzzy Hash: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                              • Instruction Fuzzy Hash: A2E04FBB20D3425FF928855174533A78387C380679E25849FE806DF6C0EF5BECA62449

                                              Execution Graph

                                              Execution Coverage:46.8%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:0.9%
                                              Total number of Nodes:213
                                              Total number of Limit Nodes:2
                                              execution_graph 873 403983 876 40389c 873->876 887 402a78 876->887 880 403903 881 403914 880->881 917 40362e 880->917 935 4022dc 881->935 941 4028ba 887->941 888 402a9e 888->881 892 4026c0 888->892 890 402af0 CreateMutexW 890->888 955 4024f8 892->955 894 402729 894->880 894->881 898 402f18 894->898 895 4026e7 CreateFileW 895->894 896 40270b ReadFile 895->896 896->894 899 402f2e 898->899 899->899 959 40227c FindFirstFileExW 899->959 900 402f67 CreateFileW 903 402f57 900->903 905 402faf 900->905 901 402faa 904 4030c5 NtFreeVirtualMemory 901->904 906 4030ed 901->906 902 402fb4 NtAllocateVirtualMemory 902->905 912 402fe8 902->912 903->900 903->901 904->901 905->902 905->912 907 4030f3 NtClose 906->907 908 4030ff 906->908 907->908 961 402e10 908->961 910 40311f 910->880 911 40304b WriteFile 911->912 913 403068 SetFilePointerEx 911->913 912->901 912->911 914 403095 SetFilePointerEx 912->914 913->911 913->912 914->912 918 40365e 917->918 965 403144 918->965 920 403678 GetLogicalDriveStringsW 923 403695 920->923 931 403673 920->931 921 403898 921->881 922 40371d GetDriveTypeW 922->923 923->922 927 40375a CreateThread 923->927 928 4037c6 923->928 923->931 970 40217c 923->970 924 403809 925 40381c 924->925 926 40381e Sleep 924->926 929 403835 RemoveDirectoryW 925->929 925->931 926->924 927->923 990 4032e8 SetThreadPriority GetDiskFreeSpaceW GetDiskFreeSpaceExW 927->990 928->924 930 4037f9 NtClose 928->930 929->925 930->924 930->930 931->921 974 4031e0 931->974 936 402303 935->936 937 402335 GetShortPathNameW 936->937 938 402330 27 API calls 936->938 937->938 939 40235e 937->939 939->938 940 40246d ShellExecuteW 939->940 940->938 942 4028dd 941->942 945 402760 CreateFileW 942->945 946 402797 945->946 951 4027da 945->951 946->951 953 4020bc 946->953 947 402802 947->888 947->890 948 4027f6 NtClose 948->947 949 4027b7 950 4027c0 ReadFile 949->950 949->951 950->951 951->947 951->948 954 4020c8 RtlAllocateHeap 953->954 954->949 956 402512 955->956 958 402760 4 API calls 956->958 957 402522 957->894 957->895 958->957 960 4022af 959->960 960->903 962 402e2e 961->962 963 402e7c MoveFileExW 962->963 964 402e37 DeleteFileW 962->964 963->962 963->964 964->910 968 403155 965->968 966 4031c6 966->920 966->931 967 40318d CreateThread 967->968 981 403478 SetThreadPriority 967->981 968->966 968->967 978 401d94 968->978 972 402192 970->972 971 40222a 971->923 972->971 973 40221b CreateDirectoryW 972->973 973->971 975 4031eb 974->975 976 40321d 974->976 975->976 977 40320e NtClose 975->977 976->921 977->976 979 401da8 NtSetInformationThread 978->979 979->968 986 40348b 981->986 982 4034af 983 4034f0 WriteFile 983->986 984 4035d9 SetFilePointerEx SetEndOfFile 985 403605 NtClose 984->985 985->986 986->982 986->983 986->984 988 402104 986->988 989 402110 RtlFreeHeap 988->989 989->986 991 403349 GetTempFileNameW CreateFileW 990->991 992 4033a9 DeviceIoControl 991->992 995 4033a4 991->995 997 403258 992->997 994 4033fd CreateIoCompletionPort 994->995 998 40326d 997->998 1000 4020bc RtlAllocateHeap 998->1000 999 403283 999->994 999->995 1000->999 1119 4032e4 1120 4032e8 SetThreadPriority GetDiskFreeSpaceW GetDiskFreeSpaceExW 1119->1120 1121 403349 GetTempFileNameW CreateFileW 1120->1121 1122 4033a9 DeviceIoControl 1121->1122 1125 4033a4 1121->1125 1126 403258 RtlAllocateHeap 1122->1126 1123 4033e9 1124 4033fd CreateIoCompletionPort 1123->1124 1123->1125 1124->1125 1126->1123 1001 403956 1002 403963 1001->1002 1003 403976 1001->1003 1010 4019d4 1002->1010 1048 4016b4 1010->1048 1013 4016b4 9 API calls 1014 4019f4 1013->1014 1015 4016b4 9 API calls 1014->1015 1016 401a05 1015->1016 1017 4016b4 9 API calls 1016->1017 1018 401a16 1017->1018 1019 4016b4 9 API calls 1018->1019 1020 401a27 1019->1020 1021 4016b4 9 API calls 1020->1021 1022 401a38 1021->1022 1023 401b70 RtlCreateHeap 1022->1023 1024 401ba1 1023->1024 1025 401ba6 RtlCreateHeap 1023->1025 1040 402812 1024->1040 1044 402836 1024->1044 1025->1024 1026 401bcb 1025->1026 1026->1024 1096 401a40 1026->1096 1028 401c03 1028->1024 1029 401a40 RtlAllocateHeap 1028->1029 1030 401c59 1029->1030 1030->1024 1031 401a40 RtlAllocateHeap 1030->1031 1032 401caf 1031->1032 1032->1024 1033 401a40 RtlAllocateHeap 1032->1033 1034 401d05 1033->1034 1034->1024 1035 401a40 RtlAllocateHeap 1034->1035 1036 401d55 1035->1036 1036->1024 1038 401d94 NtSetInformationThread 1036->1038 1037 401d7a 1101 401dc2 1037->1101 1038->1037 1041 402836 1040->1041 1042 402850 RtlAdjustPrivilege 1041->1042 1043 40284e 1041->1043 1042->1041 1042->1043 1043->1003 1045 402849 1044->1045 1046 402850 RtlAdjustPrivilege 1045->1046 1047 40284e 1045->1047 1046->1045 1046->1047 1047->1003 1049 40176f 1048->1049 1050 4016cf 1048->1050 1049->1013 1051 4016f5 NtAllocateVirtualMemory 1050->1051 1074 401000 1050->1074 1051->1049 1053 40172f NtAllocateVirtualMemory 1051->1053 1053->1049 1055 401752 1053->1055 1059 40152c 1055->1059 1057 401000 3 API calls 1058 40175f 1057->1058 1058->1049 1058->1057 1060 401540 1059->1060 1061 401558 1059->1061 1062 401000 3 API calls 1060->1062 1063 40157e 1061->1063 1064 401000 3 API calls 1061->1064 1062->1061 1065 401000 3 API calls 1063->1065 1067 4015a4 1063->1067 1064->1063 1065->1067 1066 4015ed FindFirstFileExW 1066->1067 1067->1066 1068 40166c 1067->1068 1069 401649 FindNextFileW 1067->1069 1070 40162a FindClose 1067->1070 1068->1058 1069->1067 1071 40165d FindClose 1069->1071 1082 401474 1070->1082 1071->1067 1073 401641 1073->1058 1075 401012 1074->1075 1076 40102a 1074->1076 1077 401000 3 API calls 1075->1077 1078 401000 3 API calls 1076->1078 1079 401050 1076->1079 1077->1076 1078->1079 1080 4010fb 1079->1080 1085 401394 1079->1085 1080->1051 1083 40148a 1082->1083 1084 4014b8 LdrLoadDll 1083->1084 1084->1073 1086 4013ee 1085->1086 1087 4013be 1085->1087 1086->1080 1087->1086 1088 401474 LdrLoadDll 1087->1088 1089 4013d2 1088->1089 1089->1086 1091 4014d8 1089->1091 1092 4014ee 1091->1092 1093 40150f LdrGetProcedureAddress 1091->1093 1095 4014fa LdrGetProcedureAddress 1092->1095 1094 401521 1093->1094 1094->1086 1095->1094 1097 401a5d RtlAllocateHeap 1096->1097 1098 401a79 1097->1098 1099 401a85 1097->1099 1098->1028 1099->1097 1100 401b5b 1099->1100 1100->1028 1102 401de9 1101->1102 1103 401e12 1102->1103 1104 401df2 NtProtectVirtualMemory 1102->1104 1103->1024 1104->1103 1127 402126 1128 402141 1127->1128 1129 4020bc RtlAllocateHeap 1128->1129 1130 402158 1128->1130 1129->1130 1105 4019b7 1106 4019e0 1105->1106 1107 4016b4 9 API calls 1105->1107 1108 4016b4 9 API calls 1106->1108 1107->1106 1109 4019f4 1108->1109 1110 4016b4 9 API calls 1109->1110 1111 401a05 1110->1111 1112 4016b4 9 API calls 1111->1112 1113 401a16 1112->1113 1114 4016b4 9 API calls 1113->1114 1115 401a27 1114->1115 1116 4016b4 9 API calls 1115->1116 1117 401a38 1116->1117 1118 40286c NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess

                                              Callgraph

                                              • Executed
                                              • Not Executed
                                              • Opacity -> Relevance
                                              • Disassembly available
                                              callgraph 0 Function_00401A40 40 Function_00401E78 0->40 1 Function_004026C0 39 Function_004024F8 1->39 2 Function_00401DC2 3 Function_004024C2 4 Function_00403144 38 Function_00403478 4->38 55 Function_00401D94 4->55 5 Function_00402B44 6 Function_00401FC8 7 Function_00401F4C 8 Function_0040204C 9 Function_00402B50 10 Function_00401350 71 Function_00401130 10->71 11 Function_00402ED0 12 Function_004024D4 13 Function_004019D4 76 Function_004016B4 13->76 14 Function_00403956 14->13 33 Function_00401B70 14->33 54 Function_00402812 14->54 78 Function_00402836 14->78 15 Function_00403258 83 Function_004020BC 15->83 16 Function_004014D8 81 Function_00401438 16->81 17 Function_00401FDB 18 Function_004022DC 19 Function_0040205C 20 Function_00401F5C 21 Function_004020DE 22 Function_00402760 22->83 23 Function_004031E0 24 Function_00402264 25 Function_00401EE4 26 Function_004032E4 26->15 27 Function_004032E8 27->15 28 Function_00401868 29 Function_0040286C 30 Function_00401F6C 31 Function_00401B6E 32 Function_00401FEF 33->0 33->2 33->55 34 Function_00401472 35 Function_00401474 41 Function_004013F8 35->41 36 Function_004013F6 37 Function_00402A78 82 Function_004028BA 37->82 49 Function_00402104 38->49 39->22 62 Function_00401E28 40->62 42 Function_0040227C 43 Function_0040217C 44 Function_00402BFC 45 Function_00401000 45->7 45->10 45->25 45->45 56 Function_00401394 45->56 73 Function_00401EB0 45->73 46 Function_00402D80 47 Function_00403983 60 Function_0040389C 47->60 48 Function_00402003 50 Function_00402C88 51 Function_00402E10 52 Function_00401190 52->71 53 Function_00401911 56->16 56->35 57 Function_00402017 58 Function_00402F18 58->42 58->51 59 Function_00401F9A 60->1 60->18 60->37 60->58 69 Function_0040362E 60->69 61 Function_00402126 61->83 63 Function_00402DA8 64 Function_0040152A 65 Function_0040202A 66 Function_0040152C 66->19 66->25 66->35 66->45 67 Function_00401F2C 66->67 68 Function_004018AD 69->4 69->23 69->27 69->43 70 Function_00401EAE 72 Function_00403230 74 Function_00401FB1 75 Function_004016B2 76->40 76->45 76->66 77 Function_00402234 79 Function_00401436 80 Function_004019B7 80->76 82->22 84 Function_00401A3E

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: Text$Color$CreateWindow$Proc$CommandFontFreeHandleLibraryLineLoadMenuModule$AddressBitmapCharsetErrorExitInfoLastLocaleObjectProcessSelect
                                              • String ID:
                                              • API String ID: 3548022523-0
                                              • Opcode ID: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                              • Instruction ID: 44f13d8dc4ada08d969f55db554330e9d88bd117b0c18836a0928b418f5903af
                                              • Opcode Fuzzy Hash: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                              • Instruction Fuzzy Hash: 89F0B724B651416AC500BFFB9947A0D6E2C6E8472BB50657EB0C1344E74D3C87009EAF

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 3 402f18-402f2b 4 402f2e-402f33 3->4 4->4 5 402f35-402f5b call 40227c 4->5 7 402f67-402f8c CreateFileW 5->7 8 402f5d-402f61 5->8 10 402f8e-402f96 7->10 11 402faf-402fb1 7->11 8->7 9 4030bb-4030bd 8->9 13 4030c0-4030c3 9->13 14 402f98-402fa6 10->14 15 402faa 10->15 12 402fb4-402fe0 NtAllocateVirtualMemory 11->12 16 402fe2-402fed 12->16 17 402fe8 12->17 18 4030c5-4030e4 NtFreeVirtualMemory 13->18 19 4030e7-4030eb 13->19 14->15 29 402fa8 14->29 15->9 24 403000-403003 16->24 25 402fef-402ffe 16->25 21 40301b-403020 17->21 18->19 19->13 22 4030ed-4030f1 19->22 28 403023-40302e 21->28 26 4030f3-4030fc NtClose 22->26 27 4030ff-40311d call 402e10 DeleteFileW 22->27 30 403015-403019 24->30 31 403005-403010 24->31 25->30 26->27 36 403126-40312a 27->36 37 40311f 27->37 32 403030-40303a 28->32 33 40303c 28->33 29->7 30->12 30->21 31->30 35 403041-403048 32->35 33->35 38 40304b-403064 WriteFile 35->38 39 403138-403141 36->39 40 40312c-403132 36->40 37->36 41 403066 38->41 42 403068-403088 SetFilePointerEx 38->42 40->39 43 40308a-403091 41->43 42->38 42->43 44 403093 43->44 45 403095-4030b6 SetFilePointerEx 43->45 44->9 45->28
                                              APIs
                                              • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,80000000,00000000), ref: 00402F82
                                              • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004), ref: 00402FDB
                                              • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000), ref: 0040305F
                                              • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001), ref: 0040307E
                                              • SetFilePointerEx.KERNELBASE(000000FF,00010000,00000000,00000000,00000000,?,00000000,00000001), ref: 004030B3
                                              • NtFreeVirtualMemory.NTDLL(000000FF,00000000,00010000,00008000,?,00000000,00000001), ref: 004030E4
                                              • NtClose.NTDLL(000000FF,?,00000000,00000001), ref: 004030FC
                                              • DeleteFileW.KERNELBASE(?,?,00000000,00000001), ref: 00403118
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: File$MemoryPointerVirtual$AllocateCloseCreateDeleteFreeWrite
                                              • String ID:
                                              • API String ID: 590822095-0
                                              • Opcode ID: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                              • Instruction ID: 1b8bdb635f3090c090aca30f1047892238d11e79f8ef36d2dcee79009cce4089
                                              • Opcode Fuzzy Hash: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                              • Instruction Fuzzy Hash: ED714871901209AFDB11CF90DD48BEEBB79FB08311F204266E511B62D4D3759E85CF99

                                              Control-flow Graph

                                              APIs
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 004032FB
                                              • GetDiskFreeSpaceW.KERNELBASE(?,?,?,00000000,00000000), ref: 00403313
                                              • GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000,?), ref: 00403332
                                              • GetTempFileNameW.KERNELBASE(?,00000000,00000000,?), ref: 00403375
                                              • CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000000), ref: 00403398
                                              • DeviceIoControl.KERNELBASE(000000FF,0009C040,00000000,00000002,00000000,00000000,?,00000000), ref: 004033CD
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: DiskFileFreeSpace$ControlCreateDeviceNamePriorityTempThread
                                              • String ID:
                                              • API String ID: 2011835681-0
                                              • Opcode ID: 229209989839885a3588f396d77e0cdc96e3fac898d9f41ca49139373efe7470
                                              • Instruction ID: c3badfffa75a89a0abcd59fd2fd34812244497566a58eab59887ac76a1f04a4a
                                              • Opcode Fuzzy Hash: 229209989839885a3588f396d77e0cdc96e3fac898d9f41ca49139373efe7470
                                              • Instruction Fuzzy Hash: D6510A71A01209AFDB00DF90DD49F9EBB79FF08700F2092A5E611BA2A1D730AE45DF95

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 67 40362e-403671 call 403144 70 403673 67->70 71 403678-40368e GetLogicalDriveStringsW 67->71 72 403886-40388a 70->72 73 403690 71->73 74 403695-4036af 71->74 75 403898-40389b 72->75 76 40388c-403895 call 4031e0 72->76 73->72 78 4036b1 74->78 79 4036b6-4036cd 74->79 76->75 78->72 81 4036d4-4036eb 79->81 82 4036cf 79->82 84 4036f2-40371a 81->84 85 4036ed 81->85 82->72 86 40371d-40372a GetDriveTypeW 84->86 85->72 87 403735-403749 call 40217c 86->87 88 40372c-40372f 86->88 94 40374c-40374f 87->94 88->87 89 4037ba-4037c0 88->89 89->86 90 4037c6-4037ca 89->90 92 403809-40381a 90->92 93 4037cc-4037d2 90->93 97 40381c-40382b 92->97 98 40381e-403829 Sleep 92->98 99 4037d5-4037d8 93->99 95 403751-403775 CreateThread 94->95 96 403755-403758 94->96 95->89 104 403777-40378b 95->104 96->94 105 40382e-403831 97->105 98->92 102 4037da-4037db 99->102 103 4037dc-4037de 99->103 102->103 103->99 106 4037e0-4037f6 103->106 104->89 107 40378d-4037b7 104->107 108 403833-403854 105->108 109 403835-40384a RemoveDirectoryW 105->109 112 4037f9-403807 NtClose 106->112 107->89 115 403862-403866 108->115 116 403856-40385c 108->116 114 40384e 109->114 112->92 112->112 114->105 117 403874-403878 115->117 118 403868-40386e 115->118 116->115 117->72 119 40387a-403880 117->119 118->117 119->72
                                              APIs
                                              • GetLogicalDriveStringsW.KERNELBASE(00000068,?), ref: 00403687
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: DriveLogicalStrings
                                              • String ID:
                                              • API String ID: 2022863570-0
                                              • Opcode ID: b400b6a985817d68bb33d17dbc945ad3f7ed75c1c6e1d9200f5b880ce86a855b
                                              • Instruction ID: 4dd69471dbc29d4f16846e3344e2d9633d6215cd74752d72760f366e6b0bc30a
                                              • Opcode Fuzzy Hash: b400b6a985817d68bb33d17dbc945ad3f7ed75c1c6e1d9200f5b880ce86a855b
                                              • Instruction Fuzzy Hash: 33815CB590160ADFDB10DF90D948BAFBB75FF08306F1086AAE511772A0D7399A41CF98

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 124 40152c-40153e 125 401540-401558 call 401000 124->125 126 40155d-401564 124->126 125->126 128 401583-40158a 126->128 129 401566-40157e call 401000 126->129 132 4015a9-4015b2 128->132 133 40158c-4015a4 call 401000 128->133 129->128 135 4015b4-4015e1 call 40205c call 401f2c 132->135 136 4015e6 132->136 133->132 135->136 140 4015ed-40160e FindFirstFileExW 136->140 142 401610-401628 call 401ee4 140->142 143 401666-40166a 140->143 153 401649-40165b FindNextFileW 142->153 154 40162a-40163c FindClose call 401474 142->154 144 40166c-4016af 143->144 145 40166e-401678 143->145 149 40167a-401698 call 401f2c 145->149 150 40169d-4016a0 145->150 149->150 150->140 153->142 155 40165d-401660 FindClose 153->155 157 401641-401646 154->157 155->143
                                              APIs
                                              • FindFirstFileExW.KERNELBASE(C:\Windows\System32\*.dll,00000000,?,00000000,00000000,00000000), ref: 00401601
                                              • FindClose.KERNELBASE(000000FF,?,00000000), ref: 0040162D
                                              • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00401653
                                              • FindClose.KERNEL32(000000FF), ref: 00401660
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: Find$CloseFile$FirstNext
                                              • String ID: C:\Windows\System32\*.dll
                                              • API String ID: 1164774033-1305136377
                                              • Opcode ID: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                              • Instruction ID: b8f602421e8d3e3309feb9384621a56ef9d54da146c7d7394d3b11ea37959a12
                                              • Opcode Fuzzy Hash: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                              • Instruction Fuzzy Hash: 30418C71900608EFDB20AFA4DD48BAA77B4FB44325F608276E521BE1F0D7794A85DF48

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 158 403478-403488 SetThreadPriority 159 40348b-4034ad 158->159 161 4034b3-4034b5 159->161 162 4034af-4034b2 159->162 163 4034b7-4034bf 161->163 164 4034e8-4034ee 161->164 163->164 167 4034c1 163->167 165 4034f0-403513 WriteFile 164->165 166 403533-403535 164->166 168 403515-403520 165->168 169 40352e 165->169 170 4035d4-4035d7 166->170 171 40353b-40354f 166->171 172 4034c8-4034e0 167->172 168->169 173 403522-40352a 168->173 174 403629 169->174 170->174 177 4035d9-403626 SetFilePointerEx SetEndOfFile NtClose call 402104 170->177 175 403551-403561 171->175 176 403598-40359c 171->176 188 4034e2-4034e6 172->188 189 4034e4 172->189 173->169 178 40352c 173->178 174->159 179 403563-40356a 175->179 180 40356c-40358f 175->180 182 4035ad 176->182 183 40359e-4035a2 176->183 177->174 178->167 186 403596 179->186 180->186 185 4035b4-4035cc 182->185 183->182 184 4035a4-4035ab 183->184 184->185 194 4035d0 185->194 195 4035ce-4035d2 185->195 186->185 188->159 189->172 194->185 195->174
                                              APIs
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 00403488
                                              • WriteFile.KERNELBASE(?,?,?,?,?), ref: 0040350E
                                              • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000), ref: 004035EA
                                              • SetEndOfFile.KERNELBASE(?), ref: 004035F6
                                              • NtClose.NTDLL(?), ref: 0040360E
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: File$ClosePointerPriorityThreadWrite
                                              • String ID:
                                              • API String ID: 2296109371-0
                                              • Opcode ID: 0fcde9d867e2c8e00a33e5a4b04594799b7cacc31207ed4f9c9132c7825b27dd
                                              • Instruction ID: 02d7b4ff8a3576d09fe5cde13513df6eb5b6ce77b27be8b8a28bc97f0a3a62b9
                                              • Opcode Fuzzy Hash: 0fcde9d867e2c8e00a33e5a4b04594799b7cacc31207ed4f9c9132c7825b27dd
                                              • Instruction Fuzzy Hash: E75128B1101601EBDB10CF50DD84B577BB8FF08305F2052AAE905AE2A6D379DE95CF89

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 218 402760-402795 CreateFileW 219 4027f0-4027f4 218->219 220 402797-4027a9 218->220 221 402802-40280b 219->221 222 4027f6-4027ff NtClose 219->222 220->219 224 4027ab-4027be call 4020bc 220->224 222->221 224->219 226 4027c0-4027d8 ReadFile 224->226 227 4027e4-4027ea 226->227 228 4027da-4027e2 226->228 227->219 228->219
                                              APIs
                                              • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040278B
                                              • ReadFile.KERNELBASE(000000FF,00000000,00000000,00000000,00000000), ref: 004027D3
                                              • NtClose.NTDLL(000000FF), ref: 004027FF
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: File$CloseCreateRead
                                              • String ID:
                                              • API String ID: 1419693385-0
                                              • Opcode ID: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                              • Instruction ID: da411bd40fb0d6d878d2d447c4e829303a7e8bd202b0d35ae7576ead56d2946b
                                              • Opcode Fuzzy Hash: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                              • Instruction Fuzzy Hash: CA211A35601209EBDB10CF94DD89B9EBB75FF08310F2082A5A510AB2E1D7719E51DF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 230 40286c-4028b9 NtSetInformationProcess * 3
                                              APIs
                                              • NtSetInformationProcess.NTDLL(000000FF,00000021,?,00000004), ref: 00402888
                                              • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002,?,00000004), ref: 0040289D
                                              • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004,?,00000004), ref: 004028B5
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: InformationProcess
                                              • String ID:
                                              • API String ID: 1801817001-0
                                              • Opcode ID: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                              • Instruction ID: 48adbd17ca007e7691ff2066b81a5959555298f4bd9a539b6f325b5cfe831ef7
                                              • Opcode Fuzzy Hash: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                              • Instruction Fuzzy Hash: 2BF0F871141610EBEB15DB84DDC9F9637A8FB09720F2403A1F2319E1E6D3B0A484CF96

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 231 401dc2-401df0 233 401e21-401e27 231->233 234 401df2-401e10 NtProtectVirtualMemory 231->234 234->233 235 401e12-401e1f 234->235 235->233
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?), ref: 00401E0B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-3916222277
                                              • Opcode ID: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                              • Instruction ID: 836d3446d31acb3b31e0b6cd8f4ee088cd02c28435d2c0c4ff934eaabbb3754d
                                              • Opcode Fuzzy Hash: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                              • Instruction Fuzzy Hash: 72F03176500109ABDB00CF95D988BDFB7BCEB44324F2042A9EA14A72D1D7355E458B94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 316 4016b4-4016c9 317 401859-401862 316->317 318 4016cf-4016d6 316->318 319 4016f5-401729 NtAllocateVirtualMemory 318->319 320 4016d8-4016f0 call 401000 318->320 319->317 322 40172f-40174c NtAllocateVirtualMemory 319->322 320->319 322->317 324 401752-40175a call 40152c 322->324 326 40175f-401761 324->326 326->317 327 401767-40176d 326->327 328 401774-401781 call 401000 327->328 329 40176f 327->329 332 401851-401854 328->332 333 401787-401798 call 401e78 328->333 329->317 332->327 336 4017c9-4017cc 333->336 337 40179a-4017c4 call 401e78 333->337 339 4017fa-4017fd 336->339 340 4017ce-4017f8 call 401e78 336->340 337->332 343 401815-401818 339->343 344 4017ff-401813 339->344 340->332 345 401830-401833 343->345 346 40181a-40182e 343->346 344->332 345->332 348 401835-40184b 345->348 346->332 348->332
                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,?,00103000,00000040), ref: 0040171F
                                              • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00000000,00103000,00000004), ref: 00401742
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                              • Instruction ID: ad4b5e7ce53ce887a57ee0cc443bca07838dd3003dcb7b2c4dfa2ad75add82e8
                                              • Opcode Fuzzy Hash: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                              • Instruction Fuzzy Hash: E3416031904204DADF10EF58C884B9AB7A4FF05314F14C1BAE919EF2E6D7788A41CB6A
                                              APIs
                                              • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004022A4
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: FileFindFirst
                                              • String ID:
                                              • API String ID: 1974802433-0
                                              • Opcode ID: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                              • Instruction ID: 55f0629c3eadcc188d8749e42e063c0b49bca1bc4f8f265f590f61ae6da82bee
                                              • Opcode Fuzzy Hash: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                              • Instruction Fuzzy Hash: BBF0C974902608EFDB10DF94CD49B9DFBB4EB48310F2082A5A918AB2A0D7715E91CF84
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: aa114f1ee830f8e65f17497400cb821732dd9855ab7f2e9336f62d107f04939d
                                              • Instruction ID: 11feaedc7804a35758cc3de20cdbd9b5fdb1a8219b2693dc5a4dcc1aa8dfa6ad
                                              • Opcode Fuzzy Hash: aa114f1ee830f8e65f17497400cb821732dd9855ab7f2e9336f62d107f04939d
                                              • Instruction Fuzzy Hash: A9F03931241A01EBD7109F85ED85F577B28FF54701F2092BAA6003A2A1C771AC80CF8D
                                              APIs
                                              • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000), ref: 00401DBB
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: InformationThread
                                              • String ID:
                                              • API String ID: 4046476035-0
                                              • Opcode ID: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                              • Instruction ID: 482b214da63c1bafeb7c1bb62a0bbbc62c262419b9af6fea3894fce228737229
                                              • Opcode Fuzzy Hash: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                              • Instruction Fuzzy Hash: FEE05E329A020DAFD710DB50DC45FBB376DEB55311F508236B5029A1E0D6B8F891DA98

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 198 4032e4-4033a2 SetThreadPriority GetDiskFreeSpaceW GetDiskFreeSpaceExW GetTempFileNameW CreateFileW 201 4033a4 198->201 202 4033a9-4033ed DeviceIoControl call 403258 198->202 203 40346f-403472 201->203 205 4033fd-403415 CreateIoCompletionPort 202->205 206 4033ef-4033fb 202->206 207 403417-40342d 205->207 208 40342f-403447 205->208 206->203 207->203 212 403461-403467 208->212 213 403449-40345f 208->213 212->203 213->203
                                              APIs
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 004032FB
                                              • GetDiskFreeSpaceW.KERNELBASE(?,?,?,00000000,00000000), ref: 00403313
                                              • GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000,?), ref: 00403332
                                              • GetTempFileNameW.KERNELBASE(?,00000000,00000000,?), ref: 00403375
                                              • CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000000), ref: 00403398
                                              • DeviceIoControl.KERNELBASE(000000FF,0009C040,00000000,00000002,00000000,00000000,?,00000000), ref: 004033CD
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: DiskFileFreeSpace$ControlCreateDeviceNamePriorityTempThread
                                              • String ID:
                                              • API String ID: 2011835681-0
                                              • Opcode ID: 2bb202560a6aa134e71a635a3921368a9451dbb9fce4d81eab453209c020e30b
                                              • Instruction ID: db71fdc1c22404a5b670ef955f883ff194a6135e3213665c05072d4c5e51ce30
                                              • Opcode Fuzzy Hash: 2bb202560a6aa134e71a635a3921368a9451dbb9fce4d81eab453209c020e30b
                                              • Instruction Fuzzy Hash: 3621F871901209AFDB10DF94DD45F9EBBB9FF08710F208265F610BA2A1D770AA41CF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 236 401b70-401b9f RtlCreateHeap 237 401ba1 236->237 238 401ba6-401bc4 RtlCreateHeap 236->238 239 401d8a-401d90 237->239 240 401bc6 238->240 241 401bcb-401be7 238->241 240->239 243 401be9 241->243 244 401bee-401c05 call 401a40 241->244 243->239 247 401c07 244->247 248 401c0c-401c3d 244->248 247->239 251 401c44-401c5b call 401a40 248->251 252 401c3f 248->252 255 401c62-401c93 251->255 256 401c5d 251->256 252->239 259 401c95 255->259 260 401c9a-401cb1 call 401a40 255->260 256->239 259->239 263 401cb3 260->263 264 401cb8-401ce9 260->264 263->239 267 401cf0-401d07 call 401a40 264->267 268 401ceb 264->268 271 401d09 267->271 272 401d0b-401d3c 267->272 268->239 271->239 275 401d40-401d57 call 401a40 272->275 276 401d3e 272->276 279 401d59 275->279 280 401d5b-401d80 call 401d94 call 401dc2 275->280 276->239 279->239 283 401d83 280->283 283->239
                                              APIs
                                              • RtlCreateHeap.NTDLL(00001002,00000000,00000000,00000000,00000000,00000000), ref: 00401B96
                                              • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000), ref: 00401BBB
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: CreateHeap
                                              • String ID:
                                              • API String ID: 10892065-0
                                              • Opcode ID: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                              • Instruction ID: eac1ce902914894448f3c06d12ced00cbe17960004271ddceb971b2a38276b5e
                                              • Opcode Fuzzy Hash: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                              • Instruction Fuzzy Hash: 34513034A80A04FBD7109B60ED09B5B7770FF18701F2086BAE6117A2F1D775A5859F8D

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 286 4022dc-40232e 290 402330 286->290 291 402335-402347 GetShortPathNameW 286->291 292 402483-402487 290->292 293 402349-402359 291->293 294 40235e-402380 291->294 295 402495-402499 292->295 296 402489-40248f 292->296 293->292 304 402382 294->304 305 402387-402425 294->305 298 4024a7-4024ab 295->298 299 40249b-4024a1 295->299 296->295 301 4024b9-4024bf 298->301 302 4024ad-4024b3 298->302 299->298 302->301 304->292 311 402427 305->311 312 402429-402481 ShellExecuteW 305->312 311->292 312->292
                                              APIs
                                              • GetShortPathNameW.KERNELBASE(00000000,00000000,?), ref: 00402340
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: NamePathShort
                                              • String ID:
                                              • API String ID: 1295925010-0
                                              • Opcode ID: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                              • Instruction ID: 5bcac900e59d09c9622bdf940851d370624af246baed8abb1bc217228d1f7e1b
                                              • Opcode Fuzzy Hash: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                              • Instruction Fuzzy Hash: B6514E75900606EFDB00DF90E948B9EFB71FF48301F2082A9E6156B2A1C375AA91DFC5

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 349 4026c0-4026e5 call 4024f8 351 402730-402734 349->351 352 4026e7-402709 CreateFileW 349->352 354 402742-402746 351->354 355 402736-40273c 351->355 352->351 353 40270b-402727 ReadFile 352->353 353->351 356 402729 353->356 357 402754-40275a 354->357 358 402748-40274e 354->358 355->354 356->351 358->357
                                              APIs
                                              • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004026FF
                                              • ReadFile.KERNELBASE(000000FF,000000FF,0000021C,?,00000000), ref: 00402722
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: File$CreateRead
                                              • String ID:
                                              • API String ID: 3388366904-0
                                              • Opcode ID: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                              • Instruction ID: dec784d2d3492f4c007a4c80bb83cd8b4abde05e7af7cfb80cb91198c32a9eba
                                              • Opcode Fuzzy Hash: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                              • Instruction Fuzzy Hash: 7511D774910209EFDB10DF94DD48B9FBBB5FB08311F2046A9A524B62E1D7B15A91CF84

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 360 401a40-401a5a 361 401a5d-401a77 RtlAllocateHeap 360->361 362 401a85-401a94 call 401e78 361->362 363 401a79-401a82 361->363 366 401ac5-401ac8 362->366 367 401a96-401ac0 call 401e78 362->367 369 401af6-401af9 366->369 370 401aca-401af4 call 401e78 366->370 375 401b4d-401b55 367->375 373 401b11-401b14 369->373 374 401afb-401b0f 369->374 370->375 377 401b16-401b2a 373->377 378 401b2c-401b2f 373->378 374->375 375->361 380 401b5b-401b6b 375->380 377->375 378->375 379 401b31-401b47 378->379 379->375
                                              APIs
                                              • RtlAllocateHeap.NTDLL(00000000,00000008,00000010), ref: 00401A6D
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                              • Instruction ID: 68c0462a3af62cc3e50a8e225ecc1fff045641083c52707b2e4de1a33f1d8fac
                                              • Opcode Fuzzy Hash: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                              • Instruction Fuzzy Hash: 9F316935A14308DFDB10CF99C488E99F7F1BF24320F15D0AAD508AB2B2D7B59950DB4A
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                              • Instruction ID: 64be472d3da9365df722bb42b6a14b0a0006b9682bbf08d732ce7ada7e71b141
                                              • Opcode Fuzzy Hash: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                              • Instruction Fuzzy Hash: 8A214C71940208EFDB109F90DE49B9ABB71FF18301F2081BAE505AA2E1D3759E91DF89
                                              APIs
                                              • CreateDirectoryW.KERNELBASE(00000000,00000000), ref: 00402227
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: CreateDirectory
                                              • String ID:
                                              • API String ID: 4241100979-0
                                              • Opcode ID: aec36a0482896fdefc261f9a8e4ed8b8fffad9c6a154dc279330f3fd88b4ab19
                                              • Instruction ID: 9ce072fc3005d4f78cf2e49f7f895573a995d668e844b6c98341eda9cf3d519c
                                              • Opcode Fuzzy Hash: aec36a0482896fdefc261f9a8e4ed8b8fffad9c6a154dc279330f3fd88b4ab19
                                              • Instruction Fuzzy Hash: 81117CB5601105EFD700DF94ED88A87BBA8FF08300B1092B9EA15AB262D731D955CFD9
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00003478,00000000,00000000,00000000), ref: 004031A2
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: CreateThread
                                              • String ID:
                                              • API String ID: 2422867632-0
                                              • Opcode ID: 9e58d635c8bd693d4c2dc2c3a668e721e6aa14a97984da7d58b39bf4f406ce1f
                                              • Instruction ID: e5ec22d449c3d307afb1fc97fd659449252656cd0b8efbbc1ce39923ac99279f
                                              • Opcode Fuzzy Hash: 9e58d635c8bd693d4c2dc2c3a668e721e6aa14a97984da7d58b39bf4f406ce1f
                                              • Instruction Fuzzy Hash: B5115E75741B05ABD310AF94ED89B8BB768FF08711F2043B5EA10BA2E1D7749D418F98
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                              • Instruction ID: 5f31ce468cef0475a522e9655e813cee8f96e501922e94d34a843d9ecc1c4f5f
                                              • Opcode Fuzzy Hash: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                              • Instruction Fuzzy Hash: A921F974901608EFDB00CF90EA8C79EBB71FF08301F6045A9E5017A2A0D7B95A85DF89
                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 004014C4
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                              • Instruction ID: 140de97a3c31e0856ca0b204e221eb1e366fb0b1d4fd9a07ba92ba20ce5f8dd4
                                              • Opcode Fuzzy Hash: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                              • Instruction Fuzzy Hash: F7F03C3690020DFADF10EAA4D848FDE77BCEB14314F0041A6E904B7190D238AA099BA5
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(?,00000001,00000000,00000000), ref: 00402861
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: AdjustPrivilege
                                              • String ID:
                                              • API String ID: 3260937286-0
                                              • Opcode ID: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                              • Instruction ID: 70193a9dbc7aa9cd3770003b3bb97339f6e2972f30e24310785a39762e1cef45
                                              • Opcode Fuzzy Hash: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                              • Instruction Fuzzy Hash: B9E0263251821AABCB20A2189E0CBA7739DD744314F1043B6A805F71D1EAF69A0A87DA
                                              APIs
                                              • RtlFreeHeap.NTDLL(?,00000000,?), ref: 0040211F
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: d8e0199bfff3b7c7e37b2de0e6c62c950c10b2175f78bb828c44bc6e2d432229
                                              • Instruction ID: d3d976247e6901ac8e18a8e884b3ec4d922711d5bc20faefc563e272b4fb1b9c
                                              • Opcode Fuzzy Hash: d8e0199bfff3b7c7e37b2de0e6c62c950c10b2175f78bb828c44bc6e2d432229
                                              • Instruction Fuzzy Hash: 42D0C97A540209ABC704DF94ED49E47B769FF58710F1086A1BA045B222C630E890CFD8
                                              APIs
                                              • RtlAllocateHeap.NTDLL(?,00000008,?), ref: 004020D7
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2248301627.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2248260317.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248329005.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248351045.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2248375706.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_B875.jbxd
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                              • Instruction ID: 701e22a529f931561d5ec47da2ef603e250127bb9ab3ab4db12cbc5835053477
                                              • Opcode Fuzzy Hash: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                              • Instruction Fuzzy Hash: 05D0C97A140609ABC6009F94E949D87F769FF58711B00C6A1BA045B222C630E890CFD4