Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
9gGB296kd4.exe

Overview

General Information

Sample name:9gGB296kd4.exe
renamed because original name is a hash value
Original sample name:eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12.exe
Analysis ID:1461967
MD5:448f1796fe8de02194b21c0715e0a5f6
SHA1:935c0b39837319fda571aa800b67d997b79c3198
SHA256:eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12
Tags:BlackMatterbraincipherexe
Infos:

Detection

LockBit ransomware
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected LockBit ransomware
AI detected suspicious sample
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Deletes itself after installation
Found Tor onion address
Hides threads from debuggers
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Overwrites Mozilla Firefox settings
Tries to harvest and steal browser information (history, passwords, etc)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Writes to foreign memory regions
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Enables security privileges
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 9gGB296kd4.exe (PID: 4508 cmdline: "C:\Users\user\Desktop\9gGB296kd4.exe" MD5: 448F1796FE8DE02194B21C0715E0A5F6)
    • C344.tmp (PID: 6020 cmdline: "C:\ProgramData\C344.tmp" MD5: 294E9F64CB1642DD89229FFF0592856B)
      • cmd.exe (PID: 2292 cmdline: "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C344.tmp >> NUL MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
9gGB296kd4.exeJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
    9gGB296kd4.exeWindows_Ransomware_Lockbit_369e1e94unknownunknown
    • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
    • 0x4bc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000003.2120339399.00000000016C0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
      00000000.00000003.2120339399.00000000016C0000.00000004.00000020.00020000.00000000.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
      • 0x7f571:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
      • 0x67410:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
      00000000.00000000.2074026515.0000000000151000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
        00000000.00000000.2074026515.0000000000151000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
        • 0x1841d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
        • 0xbc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
        00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.0.9gGB296kd4.exe.150000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
            0.0.9gGB296kd4.exe.150000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
            • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
            • 0x4bc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
            0.2.9gGB296kd4.exe.150000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
              0.2.9gGB296kd4.exe.150000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
              • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
              • 0x4bc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
              0.3.9gGB296kd4.exe.1726f54.0.raw.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                Click to see the 1 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 9gGB296kd4.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: 9gGB296kd4.exeReversingLabs: Detection: 86%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: 9gGB296kd4.exeJoe Sandbox ML: detected
                Source: 9gGB296kd4.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Videos\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Searches\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Saved Games\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Recent\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Pictures\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Pictures\Saved Pictures\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Pictures\Camera Roll\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\OneDrive\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Music\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Links\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Favorites\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Favorites\Links\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Downloads\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\XZXHAVGRAG\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\WUTJSCBCFX\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\TTCBKWZYOC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\QVTVNIBKSD\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\PSAMNLJHZW\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\JDSOXXXWOA\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\IVHSHTCODI\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\DVWHKMNFNN\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\AIXACVYBSB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\XZXHAVGRAG\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\TTCBKWZYOC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\QVTVNIBKSD\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\PSAMNLJHZW\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\NWTVCDUMOB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\JDSOXXXWOA\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\IVHSHTCODI\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\HTAGVDFUIE\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\AIXACVYBSB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Contacts\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\dd432c4a-ba38-4070-9985-ed1b3bea85dc\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\VirtualStore\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5172_761252224\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5172_1791500899\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_2640_817343797\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Low\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_995017740\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_778675694\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_736602331\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_649288342\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_339006160\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_27162369\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1988346647\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1959985254\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1807723660\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1693012001\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1635976352\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1619438387\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1485273224\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1421574262\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1318414972\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1289371347\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1234978473\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1191663050\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1090636871\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{99fff775-938d-4e2c-9c06-5d56107a5383}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{2737c7bb-35fb-4b44-baf9-033ca587595d}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4e763a36-90d3-4d6c-9949-dd01f7e5d23f}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ea91a05a-d98f-4429-81a9-272df0335447}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{de0f148a-c476-467a-b7a3-14b0bb463140}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{65f1ccda-b31b-4b8c-959a-abfdbaf76c40}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: 9gGB296kd4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error;9 source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131890309.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorwtYV source: 9gGB296kd4.exe, 00000000.00000003.2136874058.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137295242.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2133481937.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137928076.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2139484843.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134658727.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135176390.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137842716.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138131549.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135795832.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134201567.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134294823.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2136499348.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131890309.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138227725.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2136242161.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138895779.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132211942.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132841546.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138510914.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138484199.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\KXPPmHd.sYMY1N6ah source: 9gGB296kd4.exe, 00000000.00000003.2136874058.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137295242.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2133481937.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137928076.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2145608965.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2140819661.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2142785864.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2139484843.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134658727.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2143070906.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135176390.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137842716.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138131549.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2144483622.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135795832.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134201567.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134294823.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2142728874.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2141107996.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2141791272.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2145092562.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2143826894.00000000016C0000.000000
                Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: 9gGB296kd4.exe, 00000000.00000003.2123481280.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120673431.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122397205.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124966652.00000000016A2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error80 source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2133481937.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134658727.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135176390.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135795832.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134201567.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134294823.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2136499348.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131890309.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2136242161.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132211942.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132841546.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error'vP source: 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error'vQ source: 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorah source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2133481937.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131890309.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132211942.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132841546.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorS source: 9gGB296kd4.exe, 00000000.00000003.2142785864.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2141107996.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2141791272.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorw source: 9gGB296kd4.exe, 00000000.00000003.2140819661.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2142728874.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error'vY source: 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorwtQ^ source: 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\sYMY1N6ah.README.txt+8 source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: SYMY1N~1.TXTsYMY1N6ah.README.txt.pdb source: 9gGB296kd4.exe, 00000000.00000003.2123481280.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122397205.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124966652.00000000016A2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbjQy source: 9gGB296kd4.exe, 00000000.00000003.2178955646.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2173240584.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177910991.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2181077235.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2174052237.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2176285804.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162285423.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2178519568.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2175732392.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162061783.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177091774.0000000001566000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorw6Q source: 9gGB296kd4.exe, 00000000.00000003.2143070906.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2143826894.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2143277127.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00155C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00155C24
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015A094 FindFirstFileExW,FindClose,0_2_0015A094
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001574BC FindFirstFileExW,FindNextFileW,0_2_001574BC
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00157590 FindFirstFileExW,FindClose,0_2_00157590
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_0015766C
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015F308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_0015F308
                Source: C:\ProgramData\C344.tmpCode function: 4_2_0040227C FindFirstFileExW,4_2_0040227C
                Source: C:\ProgramData\C344.tmpCode function: 4_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,4_2_0040152C
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015A470 GetLogicalDriveStringsW,0_2_0015A470
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Jump to behavior

                Networking

                barindex
                Found Tor onion address
                Source: 9gGB296kd4.exe, 00000000.00000003.2175732392.0000000001599000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2286125360.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2162645721.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2171438303.0000000001598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2287974115.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2162285423.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2177910991.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2190452097.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2190237475.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2283829520.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2171750768.0000000001599000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2306049700.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2177091774.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2181077235.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2092919015.0000000001566000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2162061783.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000002.2382687666.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2294109208.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2302939548.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2284808338.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt447.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt513.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt384.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt300.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt427.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt69.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt338.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt136.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt19.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt515.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt240.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt168.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt526.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt281.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt442.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt426.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt288.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt148.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt183.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt264.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt93.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt16.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt254.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt132.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt429.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt299.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt161.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt375.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt457.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt366.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt291.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt283.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt243.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt244.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt293.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt364.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt542.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt198.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt483.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt99.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt367.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt339.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt494.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt459.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt356.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt209.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt37.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt397.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt100.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt259.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt370.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt454.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt242.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt26.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt336.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt377.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt373.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt325.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt519.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt13.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt376.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt433.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt455.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt204.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt414.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt461.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt493.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt496.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt72.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt510.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt445.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt130.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt178.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt511.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt70.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt389.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt238.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt504.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt170.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt102.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt505.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt76.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt117.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt111.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt160.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt115.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt121.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt185.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt33.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt314.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt492.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt221.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt302.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt251.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt297.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt478.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt79.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt140.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt225.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt448.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt230.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt248.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt410.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt508.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt65.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt186.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt531.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt313.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt395.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt428.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt378.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt277.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt187.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt405.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt12.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt450.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt392.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt310.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt466.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt220.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt385.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt315.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt358.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt18.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt360.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt180.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt383.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt231.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt143.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt279.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt46.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt257.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt176.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt39.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt191.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt506.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt172.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt319.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt524.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt525.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt218.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt462.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt415.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt229.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt390.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt96.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt2.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt541.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt261.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt275.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt274.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt499.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt25.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt77.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt399.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt116.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt171.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt10.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt184.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt61.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt350.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt119.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt7.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt128.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt424.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt520.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt133.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt278.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt372.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt394.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt477.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt125.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt537.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt80.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt162.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt38.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt23.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt406.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt452.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt309.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt446.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt86.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt9.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt228.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt320.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt469.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt423.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt337.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt440.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt491.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt323.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt534.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt89.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt158.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt123.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt245.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt396.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt460.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt94.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt246.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt294.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt351.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt404.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt36.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt177.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt432.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt422.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt344.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt489.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt154.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt110.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt90.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt6.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt1.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt193.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt285.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt417.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt54.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt306.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt374.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt480.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt97.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt24.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt416.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt527.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt92.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt443.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt475.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt518.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt49.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt413.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt42.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt114.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt484.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt532.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt74.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt60.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt236.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt451.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt59.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt487.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt435.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt118.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt14.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt247.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt11.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt458.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt365.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt57.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt73.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt83.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt138.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt232.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt502.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt166.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt200.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt481.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt224.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt207.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt156.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt153.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt126.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt234.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt182.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt163.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt536.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt330.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt539.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt145.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt353.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt199.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt500.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt30.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt267.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt318.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt104.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt165.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt194.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt173.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt485.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt215.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt8.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt21.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt465.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt237.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt190.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt210.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt266.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt431.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt401.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt81.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt456.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt217.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt363.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt425.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt476.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt109.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt50.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt29.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt498.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt239.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt235.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt530.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt47.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt216.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt167.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt321.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt105.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt355.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt332.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt391.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt419.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt67.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt467.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt101.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt147.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt272.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt497.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt280.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt124.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt256.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt150.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt296.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt241.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt348.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt201.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt127.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt543.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt512.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt362.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt188.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt444.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt28.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt223.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt141.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt398.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt15.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt208.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt34.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt262.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt436.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt479.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt368.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt540.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt255.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt270.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt142.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt408.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt212.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt214.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt62.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt139.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt354.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt249.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt516.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt412.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt503.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt268.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt403.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt437.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt53.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt349.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt393.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt449.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt522.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt146.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt411.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt329.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt252.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt41.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt345.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt521.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt258.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt260.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt64.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt528.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt402.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt463.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt55.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt4.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt346.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt507.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt32.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt189.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt409.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt327.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt226.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt63.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt181.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt471.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt129.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt211.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt292.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt263.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt453.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt233.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt533.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt149.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt222.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt276.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt195.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt335.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt71.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt273.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt17.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt464.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt535.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt501.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt192.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt113.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt91.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt326.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt388.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt488.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt82.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt179.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt144.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt103.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt135.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt473.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt379.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt386.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt295.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt382.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt434.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt120.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt43.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt66.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt22.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt307.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt418.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt5.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt407.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt468.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt470.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt317.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt58.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt265.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt316.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt35.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt529.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt98.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt196.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt106.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt131.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt430.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt202.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt31.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt387.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt27.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt197.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt495.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt152.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt361.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt286.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt517.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt538.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt134.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt157.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt151.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt359.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt312.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt400.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt3.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt514.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt334.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt305.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt303.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt205.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt75.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt523.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt341.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt107.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt369.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt45.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt0.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt269.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt441.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: sYMY1N6ah.README.txt340.0.drString found in binary or memory: 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2175732392.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2286125360.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162645721.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2171438303.0000000001598000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2287974115.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162285423.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177910991.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2190452097.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2190237475.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2283829520.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2171750768.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2306049700.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177091774.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2181077235.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2092919015.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162061783.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000002.2382687666.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2294109208.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2302939548.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2284808338.0000000001597000.00000004.00000020.00020000.00000000.sdmp, sYMY1N6ah.README.txt447.0.drString found in binary or memory: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
                Source: 9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
                Source: 9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
                Source: 9gGB296kd4.exe, 00000000.00000003.2271160486.00000000017CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/baseline/1/d42b5e35-3f2e-431b-8cd2-520
                Source: 9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/eec4177f-7316-4582-b718-3403a
                Source: 9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/4021496d-cb04-4a5b-bf58-d08e6
                Source: 9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/9960b9ae-8cf1-45ac-9f50-58f36
                Source: 9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/e91526c8-8514-429f-825c-8cca9
                Source: 9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/8d6f5212-230d-4e97-91ef-b5
                Source: 9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/ae191358-d70d-4da6-a09b-6f
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.0000000001699000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.0000000001699000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon-196x196.2af054fea211.png
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.000000000163C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon.d25d81d39065.icox
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: 9gGB296kd4.exe, 00000000.00000003.2274661878.00000000015E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/firefox/browser/logo.eb1324e44442.svg
                Source: 9gGB296kd4.exe, 00000000.00000003.2275287291.00000000015F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/protocol/img/logos/mozilla/logo-word-hor.e20791bb4dd4.svg
                Source: 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
                Source: 9gGB296kd4.exe, 00000000.00000003.2175732392.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2286125360.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162645721.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2171438303.0000000001598000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2287974115.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162285423.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2092057915.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177910991.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2190452097.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2190237475.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2283829520.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2171750768.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2306049700.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177091774.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2084349267.0000000001578000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2181077235.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2092919015.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162061783.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2089780860.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000002.2382687666.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2294109208.0000000001597000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.torproject.org/download/)
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
                Source: 9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/

                Spam, unwanted Advertisements and Ransom Demands

                barindex
                Found ransom note / readme
                Source: C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\sYMY1N6ah.README.txtDropped file: ***Welcome to Brain Cipher Ransomware!***Dear managers!If you're reading this, it means your systems have been hacked and encrypted and your data stolen.***The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours.In order for it to be successful, you must follow a few points:1.Don't go to the police, etc.2.Do not attempt to recover data on your own.3.Do not take the help of third-party data recovery companies.In most cases, they are scammers who will pay us a ransom and take a for themselves.***If you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. Download and install Tor Browser (https://www.torproject.org/download/) 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. Enter your encryption ID: M8AL5cWJEU5CnMMPwCdt4x9NVn0ZY2uNtIgnKwkDJwdPbnanVROYFzGmgUCImexTGDmINYgSZXdlhM7D199lNMb294TGY2Email to support: brain.support@cyberfear.comJump to dropped file
                Yara detected LockBit ransomware
                Source: Yara matchFile source: 9gGB296kd4.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.9gGB296kd4.exe.150000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.9gGB296kd4.exe.150000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.9gGB296kd4.exe.1726f54.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000003.2120339399.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000000.2074026515.0000000000151000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                Modifies existing user documents (likely ransomware behavior)
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile moved: C:\Users\user\Desktop\FACWLRWHGG.xlsxJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile moved: C:\Users\user\Desktop\IVHSHTCODI\ZSSZYEFYMU.mp3Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile moved: C:\Users\user\Desktop\XQACHMZIHU.xlsxJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile moved: C:\Users\user\Desktop\IVHSHTCODI.xlsxJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile moved: C:\Users\user\Desktop\TTCBKWZYOC.pdfJump to behavior
                Writes a notice file (html or txt) to demand a ransom
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt -> encrypted and your data stolen.***the most proper way to safely recover your data is through our support. we can recover your systems within 4-6 hours.in order for it to be successful, you must follow a few points:1.don't go to the police, etc.2.do not attempt to recover data on your own.3.do not take the help of third-party data recovery companies.in most cases, they are scammers who will pay us a ransom and take a for themselves.***if you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. download and install tor browser (https://www.torproject.org/download/) 2. go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. enter your encryption id: m8al5cwjeu5cnmmpwcdt4x9nvn0zy2untiJump to dropped file
                Writes many files with high entropy
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Q7PtFHm.sYMY1N6ah entropy: 7.99511668185Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OTYABSZ.sYMY1N6ah entropy: 7.9940684251Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Zcv48lK.sYMY1N6ah entropy: 7.99524794467Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\2yADOXR.sYMY1N6ah entropy: 7.99589247484Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\d9lI4gO.sYMY1N6ah entropy: 7.99558486609Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Y32D5AU.sYMY1N6ah entropy: 7.99385930515Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lT2MCVK.sYMY1N6ah entropy: 7.9945302982Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\JKcArG2.sYMY1N6ah entropy: 7.99515845691Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\jbY0wsU.sYMY1N6ah entropy: 7.99535598181Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ZpjwN4d.sYMY1N6ah entropy: 7.9954763928Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\qJZFRuc.sYMY1N6ah entropy: 7.99492211928Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\eAHxS9o.sYMY1N6ah entropy: 7.99528266188Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\wj3yhdD.sYMY1N6ah entropy: 7.99548410868Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Ln0G7yJ.sYMY1N6ah entropy: 7.99489369978Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\0LvzBE1.sYMY1N6ah entropy: 7.9946540226Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\S3lT2nY.sYMY1N6ah entropy: 7.99451633406Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\s6sju2A.sYMY1N6ah entropy: 7.99479427968Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\mFwj0Lj.sYMY1N6ah entropy: 7.99379774123Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\L4kOt2M.sYMY1N6ah entropy: 7.99544884637Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lGRBFsX.sYMY1N6ah entropy: 7.99452482975Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OvUQKZP.sYMY1N6ah entropy: 7.99543344994Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\yaPWCgn.sYMY1N6ah entropy: 7.9946663902Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\AsIoZMK.sYMY1N6ah entropy: 7.99500262493Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\vN10rU4.sYMY1N6ah entropy: 7.99448361318Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\fvV61dN.sYMY1N6ah entropy: 7.99446617914Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\9HSivmE.sYMY1N6ah entropy: 7.99459569264Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\N5i5JZg.sYMY1N6ah entropy: 7.99541135263Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\UoWUmDO.sYMY1N6ah entropy: 7.99560632415Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\sPOSCb1.sYMY1N6ah entropy: 7.99446117534Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\TfafkGS.sYMY1N6ah entropy: 7.99338315322Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lJjvyzl.sYMY1N6ah entropy: 7.99539653022Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ixlBRt7.sYMY1N6ah entropy: 7.99531495662Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\N06NXwr.sYMY1N6ah entropy: 7.99488684524Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\dyYGTCG.sYMY1N6ah entropy: 7.99447769434Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\PM4u6So.sYMY1N6ah entropy: 7.99552143457Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\FcgPoNJ.sYMY1N6ah entropy: 7.99488109542Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\VobaGMs.sYMY1N6ah entropy: 7.9946836435Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\KxJAe4y.sYMY1N6ah entropy: 7.99541507377Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\VBbKUbn.sYMY1N6ah entropy: 7.99452214328Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\pGDzCGD.sYMY1N6ah entropy: 7.99604223996Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\y3MWcKk.sYMY1N6ah entropy: 7.99497834624Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\xgvrI3J.sYMY1N6ah entropy: 7.9950358591Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OLL6qFi.sYMY1N6ah entropy: 7.99511170195Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\erY0N7K.sYMY1N6ah entropy: 7.99499011174Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\kvXVEXk.sYMY1N6ah entropy: 7.99499203121Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Ju35Uhl.sYMY1N6ah entropy: 7.99538737629Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\EYIL0wL.sYMY1N6ah entropy: 7.99545886243Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\AmzoeEr.sYMY1N6ah entropy: 7.99483373918Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\XliX2AI.sYMY1N6ah entropy: 7.99472175491Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\u0EpDSq.sYMY1N6ah entropy: 7.99477341109Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\RNgbCos.sYMY1N6ah entropy: 7.99450393604Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\uM6ypVl.sYMY1N6ah entropy: 7.99585729492Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\hrfUrQa.sYMY1N6ah entropy: 7.99430385871Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\zqaxk91.sYMY1N6ah entropy: 7.9945618681Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lZs5mFo.sYMY1N6ah entropy: 7.99506867715Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\WA3OYdR.sYMY1N6ah entropy: 7.99519000116Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Jeeic48.sYMY1N6ah entropy: 7.99545419942Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\9DMy04w.sYMY1N6ah entropy: 7.99522874537Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\5uTAc8S.sYMY1N6ah entropy: 7.99553549703Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\QglPwrf.sYMY1N6ah entropy: 7.99460339164Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\uplF2kE.sYMY1N6ah entropy: 7.99333510941Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\xbR1WRJ.sYMY1N6ah entropy: 7.995712493Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\D0R51Yg.sYMY1N6ah entropy: 7.99538385567Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\vpjgWJ0.sYMY1N6ah entropy: 7.99473301409Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\6EdNVx8.sYMY1N6ah entropy: 7.99448579884Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\hgvbiuc.sYMY1N6ah entropy: 7.99523734472Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\HGHJN5b.sYMY1N6ah entropy: 7.99471246512Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\iDKhdb3.sYMY1N6ah entropy: 7.99460857671Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\q1c43nI.sYMY1N6ah entropy: 7.99509256322Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\F1g3mdr.sYMY1N6ah entropy: 7.99469694135Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\0666I8Y.sYMY1N6ah entropy: 7.99526810208Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\yTgHu1O.sYMY1N6ah entropy: 7.99462675911Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\PoqqjZU.sYMY1N6ah entropy: 7.99510286764Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Ae3UiPh.sYMY1N6ah entropy: 7.99540020224Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\PpDqSGg.sYMY1N6ah entropy: 7.99578859319Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\uyZhN5o.sYMY1N6ah entropy: 7.99479789592Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\p6Q9pnM.sYMY1N6ah entropy: 7.99633069261Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\9d4ZYJU.sYMY1N6ah entropy: 7.9949489691Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\G0MmRxX.sYMY1N6ah entropy: 7.99646871371Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\90HcYlf.sYMY1N6ah entropy: 7.9937019783Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\Fg8Fmg0.sYMY1N6ah entropy: 7.99548504851Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3mt98Zy.sYMY1N6ah entropy: 7.99446034738Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\Owx9bgg.sYMY1N6ah entropy: 7.99455976476Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\e7BsBcA.sYMY1N6ah entropy: 7.99758433742Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\HHd0Juh.sYMY1N6ah entropy: 7.99045580332Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\q3AYTpr.sYMY1N6ah entropy: 7.99026250504Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\6Je8jpg.sYMY1N6ah entropy: 7.99688986512Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\yW0rnhx.sYMY1N6ah entropy: 7.99167424814Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\H2nDQtS.sYMY1N6ah entropy: 7.99569743922Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\2IUB8g1.sYMY1N6ah entropy: 7.99484094494Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\EjN1Tv7.sYMY1N6ah entropy: 7.99930054549Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\stiLb8O.sYMY1N6ah entropy: 7.99934931564Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ka0jh48.sYMY1N6ah entropy: 7.99317740429Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\oEobBy0.sYMY1N6ah entropy: 7.99939479106Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\ptDt5cs.sYMY1N6ah entropy: 7.99922813903Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\Cl9nV1f.sYMY1N6ah entropy: 7.99927331765Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\cwd6j1h.sYMY1N6ah entropy: 7.99927154636Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\UYwekms.sYMY1N6ah entropy: 7.99441275686Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\ibZxCTa.sYMY1N6ah entropy: 7.9912510428Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\2ofIH2E.sYMY1N6ah entropy: 7.9982080352Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Ggw053u.sYMY1N6ah entropy: 7.99497317461Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\vgHycHX.sYMY1N6ah entropy: 7.99484596931Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\JRMW2MO.sYMY1N6ah entropy: 7.99502841455Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\N2CUQpr.sYMY1N6ah entropy: 7.99469657649Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\KQHk1pG.sYMY1N6ah entropy: 7.99522226645Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OSM4mzh.sYMY1N6ah entropy: 7.99520511244Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\HHvc529.sYMY1N6ah entropy: 7.99508840492Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\o7oH2vK.sYMY1N6ah entropy: 7.99537591178Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\dcu3tk2.sYMY1N6ah entropy: 7.99467290604Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\15WWehB.sYMY1N6ah entropy: 7.99511584814Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\QgOh9Dg.sYMY1N6ah entropy: 7.99967272639Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\PS6xfWz.sYMY1N6ah entropy: 7.99970951322Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\SVyqJjM.sYMY1N6ah entropy: 7.99965467324Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\l7PWZgN.sYMY1N6ah entropy: 7.99518772201Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\k7Av8cF.sYMY1N6ah entropy: 7.99966219999Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\XYTFbKn.sYMY1N6ah entropy: 7.99723817021Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\rSJQJPD.sYMY1N6ah entropy: 7.99462723254Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\S6p5hhH.sYMY1N6ah entropy: 7.99918771657Jump to dropped file
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\ilT5g4B.sYMY1N6ah entropy: 7.99885726288Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\9gGB296kd4.exe entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\IIIIIIIIIIIIII (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy) entropy: 7.9969991335Jump to dropped file
                Source: C:\ProgramData\C344.tmpFile created: C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy) entropy: 7.9969991335Jump to dropped file

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 9gGB296kd4.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                Source: 0.0.9gGB296kd4.exe.150000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                Source: 0.2.9gGB296kd4.exe.150000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                Source: 0.3.9gGB296kd4.exe.1726f54.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                Source: 00000000.00000003.2120339399.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                Source: 00000000.00000000.2074026515.0000000000151000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                Source: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00167034 KiUserCallbackDispatcher,CreateThread,CreateThread,CreateThread,CreateThread,NtTerminateThread,CreateThread,0_2_00167034
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015B444 NtSetInformationThread,0_2_0015B444
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015B470 NtProtectVirtualMemory,0_2_0015B470
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015DC60 NtTerminateProcess,0_2_0015DC60
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00159880 NtClose,0_2_00159880
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001604B4 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_001604B4
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015E1E8 CreateThread,NtClose,0_2_0015E1E8
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00157E58 NtQuerySystemInformation,Sleep,0_2_00157E58
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015B674 NtQueryInformationToken,0_2_0015B674
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015DE78 SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,0_2_0015DE78
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00156668 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,0_2_00156668
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015B734 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,0_2_0015B734
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00158F68 RtlAdjustPrivilege,NtSetInformationThread,0_2_00158F68
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001597D8 NtQuerySystemInformation,0_2_001597D8
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015B3C0 NtSetInformationThread,NtClose,0_2_0015B3C0
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00159811 NtQuerySystemInformation,0_2_00159811
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015982A NtQuerySystemInformation,0_2_0015982A
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00157E8A NtQuerySystemInformation,Sleep,0_2_00157E8A
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00157EA3 NtQuerySystemInformation,Sleep,0_2_00157EA3
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00158F66 RtlAdjustPrivilege,NtSetInformationThread,0_2_00158F66
                Source: C:\ProgramData\C344.tmpCode function: 4_2_00402760 CreateFileW,ReadFile,NtClose,4_2_00402760
                Source: C:\ProgramData\C344.tmpCode function: 4_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,4_2_0040286C
                Source: C:\ProgramData\C344.tmpCode function: 4_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,4_2_00402F18
                Source: C:\ProgramData\C344.tmpCode function: 4_2_00401DC2 NtProtectVirtualMemory,4_2_00401DC2
                Source: C:\ProgramData\C344.tmpCode function: 4_2_00401D94 NtSetInformationThread,4_2_00401D94
                Source: C:\ProgramData\C344.tmpCode function: 4_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory,4_2_004016B4
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015A68C: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,0_2_0015A68C
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001580B80_2_001580B8
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001520AC0_2_001520AC
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00154D030_2_00154D03
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00154D080_2_00154D08
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001552180_2_00155218
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess token adjusted: Security
                Source: 9gGB296kd4.exe, 00000000.00000003.2294109208.0000000001597000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exe.muij% vs 9gGB296kd4.exe
                Source: 9gGB296kd4.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 9gGB296kd4.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                Source: 0.0.9gGB296kd4.exe.150000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                Source: 0.2.9gGB296kd4.exe.150000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                Source: 0.3.9gGB296kd4.exe.1726f54.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                Source: 00000000.00000003.2120339399.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                Source: 00000000.00000000.2074026515.0000000000151000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                Source: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                Source: classification engineClassification label: mal100.rans.phis.spyw.evad.winEXE@6/1158@0/0
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\sYMY1N6ah.README.txtJump to behavior
                Source: C:\ProgramData\C344.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5876:120:WilError_03
                Source: C:\Users\user\Desktop\9gGB296kd4.exeMutant created: \Sessions\1\BaseNamedObjects\Global\fd4c3fa3c63bf4363270a4a5cdf05ad5
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: 9gGB296kd4.exeReversingLabs: Detection: 86%
                Source: unknownProcess created: C:\Users\user\Desktop\9gGB296kd4.exe "C:\Users\user\Desktop\9gGB296kd4.exe"
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess created: C:\ProgramData\C344.tmp "C:\ProgramData\C344.tmp"
                Source: C:\ProgramData\C344.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C344.tmp >> NUL
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess created: C:\ProgramData\C344.tmp "C:\ProgramData\C344.tmp"Jump to behavior
                Source: C:\ProgramData\C344.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C344.tmp >> NUL
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: activeds.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: adsldpc.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: gpedit.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: dssec.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: dsuiext.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: dsrole.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: ntdsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: authz.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: adsldp.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeSection loaded: wldp.dllJump to behavior
                Source: C:\ProgramData\C344.tmpSection loaded: apphelp.dll
                Source: C:\ProgramData\C344.tmpSection loaded: rstrtmgr.dll
                Source: C:\ProgramData\C344.tmpSection loaded: ncrypt.dll
                Source: C:\ProgramData\C344.tmpSection loaded: ntasn1.dll
                Source: C:\ProgramData\C344.tmpSection loaded: windows.storage.dll
                Source: C:\ProgramData\C344.tmpSection loaded: wldp.dll
                Source: C:\ProgramData\C344.tmpSection loaded: kernel.appcore.dll
                Source: C:\ProgramData\C344.tmpSection loaded: uxtheme.dll
                Source: C:\ProgramData\C344.tmpSection loaded: propsys.dll
                Source: C:\ProgramData\C344.tmpSection loaded: profapi.dll
                Source: C:\ProgramData\C344.tmpSection loaded: edputil.dll
                Source: C:\ProgramData\C344.tmpSection loaded: urlmon.dll
                Source: C:\ProgramData\C344.tmpSection loaded: iertutil.dll
                Source: C:\ProgramData\C344.tmpSection loaded: srvcli.dll
                Source: C:\ProgramData\C344.tmpSection loaded: netutils.dll
                Source: C:\ProgramData\C344.tmpSection loaded: windows.staterepositoryps.dll
                Source: C:\ProgramData\C344.tmpSection loaded: sspicli.dll
                Source: C:\ProgramData\C344.tmpSection loaded: wintypes.dll
                Source: C:\ProgramData\C344.tmpSection loaded: appresolver.dll
                Source: C:\ProgramData\C344.tmpSection loaded: bcp47langs.dll
                Source: C:\ProgramData\C344.tmpSection loaded: slc.dll
                Source: C:\ProgramData\C344.tmpSection loaded: userenv.dll
                Source: C:\ProgramData\C344.tmpSection loaded: sppc.dll
                Source: C:\ProgramData\C344.tmpSection loaded: onecorecommonproxystub.dll
                Source: C:\ProgramData\C344.tmpSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Users\user\Desktop\9gGB296kd4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.iniJump to behavior
                Source: 9gGB296kd4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: 9gGB296kd4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error;9 source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131890309.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorwtYV source: 9gGB296kd4.exe, 00000000.00000003.2136874058.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137295242.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2133481937.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137928076.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2139484843.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134658727.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135176390.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137842716.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138131549.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135795832.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134201567.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134294823.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2136499348.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131890309.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138227725.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2136242161.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138895779.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132211942.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132841546.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138510914.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138484199.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\KXPPmHd.sYMY1N6ah source: 9gGB296kd4.exe, 00000000.00000003.2136874058.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137295242.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2133481937.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137928076.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2145608965.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2140819661.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2142785864.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2139484843.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134658727.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2143070906.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135176390.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2137842716.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2138131549.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2144483622.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135795832.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134201567.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134294823.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2142728874.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2141107996.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2141791272.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2145092562.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2143826894.00000000016C0000.000000
                Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: 9gGB296kd4.exe, 00000000.00000003.2123481280.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120673431.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122397205.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124966652.00000000016A2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error80 source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2133481937.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134658727.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135176390.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2135795832.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134201567.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2134294823.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2136499348.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131890309.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2136242161.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132211942.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132841546.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error'vP source: 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error'vQ source: 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorah source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2133481937.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131890309.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132211942.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2132841546.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorS source: 9gGB296kd4.exe, 00000000.00000003.2142785864.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2141107996.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2141791272.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorw source: 9gGB296kd4.exe, 00000000.00000003.2140819661.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2142728874.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error'vY source: 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorwtQ^ source: 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\sYMY1N6ah.README.txt+8 source: 9gGB296kd4.exe, 00000000.00000003.2128453866.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2131020083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2130088360.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122468342.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2126759480.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2120931057.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127035592.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127676083.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121915401.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2121527639.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124836093.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127243278.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2129061039.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2127791928.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: SYMY1N~1.TXTsYMY1N6ah.README.txt.pdb source: 9gGB296kd4.exe, 00000000.00000003.2123481280.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2123290208.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2122397205.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124569513.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2124966652.00000000016A2000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbjQy source: 9gGB296kd4.exe, 00000000.00000003.2178955646.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2173240584.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177910991.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2181077235.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2174052237.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2176285804.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162285423.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2178519568.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2175732392.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162061783.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177091774.0000000001566000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.errorw6Q source: 9gGB296kd4.exe, 00000000.00000003.2143070906.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2143826894.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2143277127.00000000016C0000.00000004.00000020.00020000.00000000.sdmp
                Source: 9gGB296kd4.exeStatic PE information: real checksum: 0x31a7e should be: 0x2fd64
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00176047 push FFFFFF9Ch; retf 0_2_0017604F
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015356B push 0000006Ah; retf 0_2_00153644
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001535D5 push 0000006Ah; retf 0_2_00153644
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001535D3 push 0000006Ah; retf 0_2_00153644
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001561EE push esp; retf 0_2_001561F6
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Videos\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Searches\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Saved Games\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Recent\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Pictures\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Pictures\Saved Pictures\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Pictures\Camera Roll\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\OneDrive\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Music\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Links\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Favorites\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Favorites\Links\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Downloads\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\XZXHAVGRAG\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\WUTJSCBCFX\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\TTCBKWZYOC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\QVTVNIBKSD\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\PSAMNLJHZW\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\JDSOXXXWOA\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\IVHSHTCODI\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\DVWHKMNFNN\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Documents\AIXACVYBSB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\XZXHAVGRAG\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\TTCBKWZYOC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\QVTVNIBKSD\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\PSAMNLJHZW\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\NWTVCDUMOB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\JDSOXXXWOA\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\IVHSHTCODI\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\HTAGVDFUIE\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Desktop\AIXACVYBSB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\Contacts\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\dd432c4a-ba38-4070-9985-ed1b3bea85dc\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\VirtualStore\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5172_761252224\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5172_1791500899\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_2640_817343797\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Low\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_995017740\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_778675694\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_736602331\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_649288342\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_339006160\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_27162369\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1988346647\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1959985254\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1807723660\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1693012001\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1635976352\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1619438387\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1485273224\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1421574262\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1318414972\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1289371347\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1234978473\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1191663050\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\edge_BITS_6440_1090636871\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{99fff775-938d-4e2c-9c06-5d56107a5383}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{2737c7bb-35fb-4b44-baf9-033ca587595d}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{4e763a36-90d3-4d6c-9949-dd01f7e5d23f}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ea91a05a-d98f-4429-81a9-272df0335447}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{de0f148a-c476-467a-b7a3-14b0bb463140}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{65f1ccda-b31b-4b8c-959a-abfdbaf76c40}\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txtJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Deletes itself after installation
                Source: C:\ProgramData\C344.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C344.tmp >> NUL
                Source: C:\ProgramData\C344.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C344.tmp >> NUL
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001591C8 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,0_2_001591C8
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
                Source: C:\ProgramData\C344.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX

                Malware Analysis System Evasion

                barindex
                Contains functionality to detect hardware virtualization (CPUID execution measurement)
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001510BC 0_2_001510BC
                Source: C:\ProgramData\C344.tmpCode function: 4_2_00401E28 4_2_00401E28
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001510BC rdtsc 0_2_001510BC
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00155C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00155C24
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015A094 FindFirstFileExW,FindClose,0_2_0015A094
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001574BC FindFirstFileExW,FindNextFileW,0_2_001574BC
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00157590 FindFirstFileExW,FindClose,0_2_00157590
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_0015766C
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015F308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_0015F308
                Source: C:\ProgramData\C344.tmpCode function: 4_2_0040227C FindFirstFileExW,4_2_0040227C
                Source: C:\ProgramData\C344.tmpCode function: 4_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,4_2_0040152C
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_0015A470 GetLogicalDriveStringsW,0_2_0015A470
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Jump to behavior
                Source: 9gGB296kd4.exe, 00000000.00000002.2382687666.000000000152E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft-Windows-Hyper-V-Guest-Drivers/Admink-
                Source: 9gGB296kd4.exe, 00000000.00000003.2119382077.000000000168C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                Source: 9gGB296kd4.exe, 00000000.00000003.2127676083.0000000001638000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 10/04/2023 14:08:59.672EXCEL (0x145C)0x7E8Microsoft ExcelTelemetry Eventb7vzqMediumSendEvent {"EventName":"Office.System.SystemHealthMetadataDeviceConsolidated","Flags":33777031581908737,"InternalSequenceNumber":149,"Time":"2023-10-04T14:08:57.331Z","Rule":"120600.4","Contract":"Office.Legacy.Metadata","Data.ProcTypeText":"x64","Data.ProcessorCount":2,"Data.NumProcShareSingleCore":1,"Data.NumProcShareSingleCache":1,"Data.NumProcPhysCores":2,"Data.ProcSpeedMHz":2000,"Data.IsLaptop":false,"Data.IsTablet":false,"Data.RamMB":4096,"Data.PowerPlatformRole":1,"Data.SysVolSizeMB":50000,"Data.DeviceManufacturer":"VMWare, Inc.","Data.DeviceModel":"VMware20,1","Data.DigitizerInfo":0,"Data.SusClientId":"097C77FB-5D5D-4868-860B-09F4E5B50A53","Data.WindowsSqmMachineId":"92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","Data.ComputerSystemProductUuidHash":"LFm9Ltrk4S277wbAA8Obddw+Rm4=","Data.DeviceProcessorModel":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","Data.HasSpectreFix":true,"Data.BootDiskType":"SSD"}
                Source: 9gGB296kd4.exe, 00000000.00000003.2119382077.000000000168C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,1
                Source: C344.tmp, 00000004.00000002.2388675834.0000000000583000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&22
                Source: 9gGB296kd4.exe, 00000000.00000003.2322233483.00000000016A2000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2337604458.00000000016A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 9gGB296kd4.exe, 00000000.00000002.2382687666.0000000001580000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft-Windows-Hyper-V-NETVSC/Diagnostic
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess information queried: ProcessInformation

                Anti Debugging

                barindex
                Hides threads from debuggers
                Source: C:\Users\user\Desktop\9gGB296kd4.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\ProgramData\C344.tmpThread information set: HideFromDebugger
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001510BC rdtsc 0_2_001510BC
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_00155A20 LdrLoadDll,0_2_00155A20
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess token adjusted: Debug
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess token adjusted: Debug
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess token adjusted: Debug

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\9gGB296kd4.exeMemory written: C:\ProgramData\C344.tmp base: 401000Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeProcess created: C:\ProgramData\C344.tmp "C:\ProgramData\C344.tmp"Jump to behavior
                Source: C:\ProgramData\C344.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C344.tmp >> NUL
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001510BC cpuid 0_2_001510BC
                Source: C:\ProgramData\C344.tmpCode function: EntryPoint,ExitProcess,GetModuleHandleW,GetCommandLineW,GetModuleHandleA,GetCommandLineW,GetLocaleInfoW,GetLastError,FreeLibrary,FreeLibrary,GetProcAddress,CreateWindowExW,DefWindowProcW,GetWindowTextW,LoadMenuW,LoadMenuW,DefWindowProcW,SetTextColor,GetTextCharset,TextOutW,SetTextColor,GetTextColor,CreateFontW,GetTextColor,CreateDIBitmap,SelectObject,GetTextColor,CreateFontW,4_2_00403983
                Source: C:\Users\user\Desktop\9gGB296kd4.exeCode function: 0_2_001604B4 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_001604B4

                Lowering of HIPS / PFW / Operating System Security Settings

                barindex
                Overwrites Mozilla Firefox settings
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\sYMY1N6ah.README.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\sYMY1N6ah.README.txtJump to behavior

                Stealing of Sensitive Information

                barindex
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\ocRW7c8.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\4yRLXqv.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835635.a669692a-f9c9-42c0-a803-7b87d3ff5834.new-profile.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\59IE0p5.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\I2ZL1VW.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\b8f053a5-de16-4a2c-8120-1ab4aadd63e8Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\IwIIR9T.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\G0MmRxX.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\9d4ZYJU.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3mt98Zy.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840727.01c0ecdb-8e59-4210-95f1-0fd0406e84ad.event.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\search.json.mozlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\a2lbrMI.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ORwJ9J1.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\AlternateServices.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840708.3c7034d6-bc52-43bb-9a23-5da34ee205e0.health.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\previous.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\EcLd8XN.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\yQNgYYq.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\0SyGSJH.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\DbDu624.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\mxNMmus.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\Owx9bgg.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\3c7034d6-bc52-43bb-9a23-5da34ee205e0Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835647.a83301c6-790b-49f3-adc7-55a855f7fe79.main.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\PPwrpEC.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shmJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ytMJsbG.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\d9oQD2H.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\MDcpzUE.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\eventsJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\8zSrmWF.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\unNWrQ5.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\6q1ODe5.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cFJUxjy.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\eRw0QHc.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\PsqVaNl.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\a83301c6-790b-49f3-adc7-55a855f7fe79Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\oaI4cDm.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\p6Q9pnM.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\Gg0amMm.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\2GmI7A8.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\.metadata-v2Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\RJtwXeH.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\u4qq9IH.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\8XGTzi9.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\2uqEY5R.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\NO91LAD.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\ls-archive.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\VBRjSqx.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\M9kD4yT.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\containers.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\PpDqSGg.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\Gliz3OF.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sSzSWhO.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\6VuAN58.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\handlers.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extension-preferences.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\c6RPFKr.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shmJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\pkcs11.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\43bb9a55-74a2-452e-8233-6899a7f737b0Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\Fg8Fmg0.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\iKwUGfx.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835649.b06d08be-79e8-4bfe-b6aa-988ea3d35cbd.first-shutdown.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cUHyt9l.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\nqt1JQA.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\eLMv4UB.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\compatibility.iniJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\90HcYlf.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\q3AYTpr.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\B9X8kZb.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\HHd0Juh.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840748.a8c1f564-c2e2-4ef8-a85f-52a56488f193.main.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\DnxFSVN.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\JeJvTjS.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\oXip040.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\session-state.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\times.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\QslIvdC.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\times.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\7755ad51-2370-4623-9d21-15c89f2143dbJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426835643.9a3c31ca-35e4-421e-91e1-5f7b9bd27492.event.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\EqbA7WC.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\1696426840727.86be03dd-6b03-42f5-89cd-4606f43d25ad.health.jsonlz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\state.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\ae04dde8-69a1-49f8-95f1-d533ed587ff6Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\iZR11xP.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\whQsWef.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\xulstore.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4Jump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sKnpIef.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite-shmJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\shield-preference-experiments.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\4qo62rr.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\e7BsBcA.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\background-updateJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\k47Yr1b.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\Skf1FTJ.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\nMZX4Zh.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.jsonJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\1ov7Tri.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\uyZhN5o.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\DV0qI5G.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\v3FJh8J.sYMY1N6ahJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\SiteSecurityServiceState.txtJump to behavior
                Source: C:\Users\user\Desktop\9gGB296kd4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmJump to behavior

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		112
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		211
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network Medium2
                Data Encrypted for Impact
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Virtualization/Sandbox Evasion                		LSASS Memory1
                Virtualization/Sandbox Evasion                		Remote Desktop Protocol1
                Browser Session Hijacking                		1
                Proxy                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)112
                Process Injection                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin Shares1
                Data from Local System                		SteganographyAutomated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Obfuscated Files or Information                		NTDS5
                File and Directory Discovery                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Indicator Removal                		LSA Secrets121
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                File Deletion                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1461967 Sample: 9gGB296kd4.exe Startdate: 24/06/2024 Architecture: WINDOWS Score: 100 36 Malicious sample detected (through community Yara rule) 2->36 38 Antivirus / Scanner detection for submitted sample 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 5 other signatures 2->42 8 9gGB296kd4.exe 35 1001 2->8         started        process3 file4 20 C:\Users\user\AppData\...\dcu3tk2.sYMY1N6ah, DOS 8->20 dropped 22 C:\Users\user\AppData\...\RNgbCos.sYMY1N6ah, DOS 8->22 dropped 24 C:\Users\user\AppData\...\KxJAe4y.sYMY1N6ah, DOS 8->24 dropped 26 167 other files (165 malicious) 8->26 dropped 44 Found Tor onion address 8->44 46 Contains functionality to detect hardware virtualization (CPUID execution measurement) 8->46 48 Writes a notice file (html or txt) to demand a ransom 8->48 50 6 other signatures 8->50 12 C344.tmp 8->12         started        signatures5 process6 file7 28 C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy), data 12->28 dropped 30 C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy), data 12->30 dropped 32 C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy), data 12->32 dropped 34 24 other malicious files 12->34 dropped 52 Contains functionality to detect hardware virtualization (CPUID execution measurement) 12->52 54 Writes many files with high entropy 12->54 56 Hides threads from debuggers 12->56 58 Deletes itself after installation 12->58 16 cmd.exe 12->16         started        signatures8 process9 process10 18 conhost.exe 16->18         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                9gGB296kd4.exe87%ReversingLabsWin32.Ransomware.Lockbit
                9gGB296kd4.exe100%AviraBDS/ZeroAccess.Gen7
                9gGB296kd4.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                https://www.avito.ru/0%Avira URL Cloudsafe
                https://www.ebay.de/0%Avira URL Cloudsafe
                https://www.amazon.co.uk/0%Avira URL Cloudsafe
                https://contile.services.mozilla.com/v1/tiles0%Avira URL Cloudsafe
                https://allegro.pl/0%Avira URL Cloudsafe
                https://www.olx.pl/0%Avira URL Cloudsafe
                https://www.amazon.com/0%Avira URL Cloudsafe
                https://www.wykop.pl/0%Avira URL Cloudsafe
                https://support.mozilla.org/products/firefox0%Avira URL Cloudsafe
                https://www.leboncoin.fr/0%Avira URL Cloudsafe
                https://weibo.com/0%Avira URL Cloudsafe
                https://www.bbc.co.uk/0%Avira URL Cloudsafe
                https://www.zhihu.com/0%Avira URL Cloudsafe
                https://bugzilla.mo0%Avira URL Cloudsafe
                https://www.ifeng.com/0%Avira URL Cloudsafe
                https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%Avira URL Cloudsafe
                https://www.amazon.fr/0%Avira URL Cloudsafe
                https://support.mozilla.org0%Avira URL Cloudsafe
                https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle0%Avira URL Cloudsafe
                http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion0%Avira URL Cloudsafe
                https://www.amazon.ca/0%Avira URL Cloudsafe
                https://www.reddit.com/0%Avira URL Cloudsafe
                https://www.iqiyi.com/0%Avira URL Cloudsafe
                https://www.amazon.de/0%Avira URL Cloudsafe
                https://www.torproject.org/download/)0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                No contacted domains info

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://www.avito.ru/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://contile.services.mozilla.com/v1/tiles9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.amazon.co.uk/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.ebay.de/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.amazon.com/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.wykop.pl/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.leboncoin.fr/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://www.olx.pl/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://allegro.pl/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://support.mozilla.org/products/firefox9gGB296kd4.exe, 00000000.00000003.2089932502.000000000163C000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://weibo.com/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.bbc.co.uk/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bugzilla.mo9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.ifeng.com/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.zhihu.com/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.amazon.fr/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A8000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle9gGB296kd4.exe, 00000000.00000003.2272329056.00000000015DB000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://support.mozilla.org9gGB296kd4.exe, 00000000.00000003.2089932502.0000000001699000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2089932502.00000000016A1000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion9gGB296kd4.exe, 00000000.00000003.2175732392.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2286125360.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162645721.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2171438303.0000000001598000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2287974115.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162285423.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177910991.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2190452097.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2190237475.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2283829520.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2171750768.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2306049700.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177091774.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2181077235.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2092919015.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162061783.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000002.2382687666.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2294109208.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2302939548.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2284808338.0000000001597000.00000004.00000020.00020000.00000000.sdmp, sYMY1N6ah.README.txt447.0.drtrue
                • Avira URL Cloud: safe
                		unknown
                https://www.reddit.com/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.amazon.ca/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.iqiyi.com/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.torproject.org/download/)9gGB296kd4.exe, 00000000.00000003.2175732392.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2286125360.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162645721.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2171438303.0000000001598000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2287974115.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162285423.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2092057915.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177910991.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2190452097.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2190237475.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2283829520.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2171750768.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2306049700.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2177091774.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2084349267.0000000001578000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2181077235.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2092919015.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2162061783.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2089780860.0000000001566000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000002.2382687666.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2294109208.0000000001597000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                https://www.amazon.de/9gGB296kd4.exe, 00000000.00000003.2094237410.000000000168C000.00000004.00000020.00020000.00000000.sdmp, 9gGB296kd4.exe, 00000000.00000003.2094319695.0000000001694000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                No contacted IP infos

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1461967
                Start date and time:2024-06-24 21:42:07 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 6m 19s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:9
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:9gGB296kd4.exe
                renamed because original name is a hash value
                Original Sample Name:eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12.exe
                Detection:MAL
                Classification:mal100.rans.phis.spyw.evad.winEXE@6/1158@0/0
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 78
                • Number of non-executed functions: 6
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtCreateFile calls found.
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                • Report size getting too big, too many NtEnumerateKey calls found.
                • Report size getting too big, too many NtOpenFile calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                • Report size getting too big, too many NtReadFile calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.
                • Report size getting too big, too many NtWriteFile calls found.
                • VT rate limit hit for: 9gGB296kd4.exe

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\AAAAAAAAAAA (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\BBBBBBBBBBB (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\CCCCCCCCCCC (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\DDDDDDDDDDD (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\EEEEEEEEEEE (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\FFFFFFFFFFF (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\GGGGGGGGGGG (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\HHHHHHHHHHH (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\IIIIIIIIIII (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\JJJJJJJJJJJ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\KKKKKKKKKKK (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\LLLLLLLLLLL (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Reputation:low
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\MMMMMMMMMMM (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\NNNNNNNNNNN (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\OOOOOOOOOOO (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\PPPPPPPPPPP (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\QQQQQQQQQQQ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\RRRRRRRRRRR (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\SSSSSSSSSSS (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\TTTTTTTTTTT (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\UUUUUUUUUUU (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\VVVVVVVVVVV (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\WWWWWWWWWWW (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\XXXXXXXXXXX (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\YYYYYYYYYYY (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\ZZZZZZZZZZZ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.ini

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.578867274719237
                Encrypted:false
                SSDEEP:3:UEZEVhuhYKhR+MdwJVLMGWookWnzmbov389Ae:QSYKWTVzekWnSbm7e
                MD5:525D0DE8D319CF9B3A240AB91D3B9062
                SHA1:EAE27287F9F53585B5A063678C28F4FAE1FCCFFF
                SHA-256:29BF5327B9AA1784411C35B597EF8456CA415A484083EF72A1F009D9955B0805
                SHA-512:AA5B4A5F7F33EF6EF3E76A38194A1FDA5BAA27C90967F8D403AEF9EE945585573FBB76C70876D83BE8FDD408E7CECE1F32F208593D5640427CB60CAA1376D27B
                Malicious:false
                Preview:O....a.s.moP+......#..G.....t..C......Nl%..e.}.8Rk.E..T..-.p/85.q......!#.v.(..S.......QV.#d..........mN.........;..%..

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\AAAAAAAAAAA (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\BBBBBBBBBBB (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\CCCCCCCCCCC (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\DDDDDDDDDDD (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\EEEEEEEEEEE (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\FFFFFFFFFFF (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\GGGGGGGGGGG (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\HHHHHHHHHHH (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\IIIIIIIIIII (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\JJJJJJJJJJJ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\KKKKKKKKKKK (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\LLLLLLLLLLL (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\MMMMMMMMMMM (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\NNNNNNNNNNN (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\OOOOOOOOOOO (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\PPPPPPPPPPP (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\QQQQQQQQQQQ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\RRRRRRRRRRR (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\SSSSSSSSSSS (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\TTTTTTTTTTT (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\UUUUUUUUUUU (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\VVVVVVVVVVV (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\WWWWWWWWWWW (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\XXXXXXXXXXX (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\YYYYYYYYYYY (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\ZZZZZZZZZZZ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\desktop.ini

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.590570956923317
                Encrypted:false
                SSDEEP:3:EGr57QlkgqjfVnWU7w/nhCeMNpGfxsf3G/ThwGj:N7Q+gqjVnWfbcCxZ7j
                MD5:957F67F12BE1078ED89755366A7B61DC
                SHA1:EAB6EB10CA20D014F9DE75ED0F351E9BE423DB1B
                SHA-256:28E96BE0CF01011FD5D49A55F1A703CEDAA8E27ABB005B74B90FB871065B639B
                SHA-512:345CD8BD3C8DC70ED29B2E54B24F31AD5CAB04EE34B4608CBD1A60C31B30FAAF45B39E7886E2B6CA9537B08398F0D0676F131BEAEFE302B1FB09FCB4C37075CF
                Malicious:false
                Preview:.Y..ER+.w.R...Z..}.1}.....c...n.....:..@sq-*......y...6.j...s.<m../0.:...V.I.?-.z)_.Tc....A..B_.[1.......%.!w. ...n......;.

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\AAAAAAAAAAA (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\BBBBBBBBBBB (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\CCCCCCCCCCC (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\DDDDDDDDDDD (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\EEEEEEEEEEE (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\FFFFFFFFFFF (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\GGGGGGGGGGG (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\HHHHHHHHHHH (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\IIIIIIIIIII (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\JJJJJJJJJJJ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\KKKKKKKKKKK (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\LLLLLLLLLLL (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\MMMMMMMMMMM (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\NNNNNNNNNNN (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\OOOOOOOOOOO (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\PPPPPPPPPPP (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\QQQQQQQQQQQ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\RRRRRRRRRRR (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\SSSSSSSSSSS (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\TTTTTTTTTTT (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\UUUUUUUUUUU (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\VVVVVVVVVVV (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\WWWWWWWWWWW (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\XXXXXXXXXXX (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\YYYYYYYYYYY (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\ZZZZZZZZZZZ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.ini

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.631230743728252
                Encrypted:false
                SSDEEP:3:n0B4gbF9HW9px8GWihsqJ4+CxEiMLTQAY2k3zBhYK8Mb6pldxdn:zEb29px8SPJz/LkAbatpEL5
                MD5:4062D3207AA37586E618F8908B65D34A
                SHA1:CA6D3F67597F1DEF01AB8EB93AC47A497AB297CF
                SHA-256:37E08D79D09927EDD0C09C7DA3C6D1A5FA21648C2ABFE44BF71D909A2211FFB9
                SHA-512:ADA288594C314FDEC0CC77D61E56A6333839557F8A724440A986CD48A15DE2D51C8F8DB6702DE67B3602B3D157505EE086230E82F9F642E1B1220D35DB908D65
                Malicious:false
                Preview:........@......].I..:..d...A;..ST.c*.qmeF.......Z...Q.<kn.>.....X..3`3.T~.%......O..hF.....}.T...$.5.}*>...)>...L.2...8

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\AAAAAAAAAAA (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\BBBBBBBBBBB (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\CCCCCCCCCCC (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\DDDDDDDDDDD (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\EEEEEEEEEEE (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\FFFFFFFFFFF (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\GGGGGGGGGGG (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\HHHHHHHHHHH (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\IIIIIIIIIII (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\JJJJJJJJJJJ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\KKKKKKKKKKK (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\LLLLLLLLLLL (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\MMMMMMMMMMM (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\NNNNNNNNNNN (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\OOOOOOOOOOO (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\PPPPPPPPPPP (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\QQQQQQQQQQQ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\RRRRRRRRRRR (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\SSSSSSSSSSS (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\TTTTTTTTTTT (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\UUUUUUUUUUU (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\VVVVVVVVVVV (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\WWWWWWWWWWW (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\XXXXXXXXXXX (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\YYYYYYYYYYY (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\ZZZZZZZZZZZ (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):129
                Entropy (8bit):6.580918922056369
                Encrypted:false
                SSDEEP:3:c+ysq3ZJsoKwiEU3N6qAlxS6mPLM5scUJLsmXQI+:clZi2uohlxELlcUFs/x
                MD5:4371C2F36B4D15050569FB697DF27919
                SHA1:FB06F4C83E521667459964818F81F8565F291332
                SHA-256:177802F59FF9C92E70247F1D29FC4A7E8F5C8D24988DB312E363DA84930B2BA2
                SHA-512:CE0D248D844D9A85B281AAD694BA0D8BF19C89B3E6C3D0557B359C28A720899B2B2713FC455DB6A8BBAB735A442736D55FC22D68EA189CA4119AE86503844C67
                Malicious:false
                Preview:Bf@|... G.....!.....K.h..G.*....M.>.....+....0'.Ei.c..B..1...^a@...&....o.......i.P.RV...'i.q,.I...j...s..1.x.A...A..RQ.j...n(

                C:\$WinREAgent\Scratch\sYMY1N6ah.README.txt (copy)

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\6who9JH.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.145556820542822
                Encrypted:false
                SSDEEP:6:CstizxsecsKaRi3PZ8zkO4sJakyHDttjL45YM6yJ0H:C0c9csKa0RROt70t25YM6yJ0H
                MD5:C1D54BA9DE9DD19CFCB8650310E4DEE8
                SHA1:AAF97C8083E6AC5654B96C764407B43920A0A297
                SHA-256:82EF32C6991DE883B3937D0A0E2501405EA78C60D1B5361912400550F00D0CCB
                SHA-512:907DDD61365577F0C3FB0B8244C5372525ADBF6E479C914BB6E9612D2BD3487CCC2E4197A80F6906605FE85C564F71AA3036D9DA85A9602BE6BE0737EF268110
                Malicious:false
                Preview:..C=$..l.............BG.vn,..&.,...EH.o...Pa...GG(.\.[..Zg8..q[U.V...GZq.7d0.~.Fb..]....2..K..W.x..S..YqS..gb.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\XQH01uv.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):524885
                Entropy (8bit):7.999613549291336
                Encrypted:true
                SSDEEP:12288:IJeG8I0MzdlDHWMV1Pi2cFo4nkU50iJkS9n14XHzFqZguI4+qK:IJebIfTWMri2cbnkU50ol1mTwU
                MD5:B0ED984B94F7AAF33ECCC963EB993D15
                SHA1:47888F72FFC626026CAE8A45D6FA7BE5F0CD895F
                SHA-256:3A8E928021CB32484CF7A875BFE21BDF1C3DD363537BAB437B086BA60A617B13
                SHA-512:90C8C14F85A1CD8E616DB8D280A92EE0E5143F2CFA8478478E34D4ACDEA4245DA9128A23A24A2E078BC4A3A78AFA5C3AA326ADA504FE2743108F83AB1C023269
                Malicious:false
                Preview:...#.m[.l...{.q...v$.p. ...^h.$5..-..D.(...Q....[`iTg........i..P..|....&.s..DJ.....O"..A.~.S.$~.#N~.~6....f.u._r..G..C.:....f...9.....\.R57^......7P.....P=4.....e.Z.Rv..L.5iE..3C.5deV.j...O..P.`gqK..;_....I.$.....8.vW.X...L....J...[...}.......X.F...x.....;.~..i1.0{qV....I. 6~>@....N'.-s....i..f#.E.ps.\73.....IRG.|......e.%..Y..F...."5+.O.o._....X5.Jl.F,k.rW.1..."qd.._.(H1.:..=.sY..8..>..y.....H..N.|.....K"L....8.B........)....!....D....._..Qd....5N.gY....c..].m.X...!.z..3.n.Y-......^W.!1.F..Dc..Z.0}lOha.....RH.?..u.$5Z.Td..C. L..|.k...F.i.{.G.Q......A8,.......u.R.y.}..p.^.D..T._..I......./.)=x....[y.."..y_....m.1..3.}...P.c.G..,........n.._......;.......S.....s...?Jp.L.F....Y...I.=x..,x,...N$8+....=.Xg.Q..c..._....!=.9.. ;%`...,....?.A.YQ-.....dIS.&...2Rk.YN...y..b3F...{.S.`.Ehw..[.7O....W-,r]..}.C.&?..u...a56.7e.`..i....(m2...)....^~..qQ..,L.%..,........8...p|Z.ld?.o#.Hl..d......W..J....]..a..Z..;<.O)....3..<..B.......Uo......23.$..h;A

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\fuSLB4x.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):45286
                Entropy (8bit):7.996099290496845
                Encrypted:true
                SSDEEP:768:7FRPd3zBSH8Jua4mWtfOUV2q3ZRU833AC8ZcrU/qCyFqp08TBkfL6:7pS8JuaKf73ZN3T8ZGIuUTBZ
                MD5:A769DADC2729E0B8E1426CFB8017BEB3
                SHA1:6C0FE1CD89833DE13DD0553936B84218679E31A4
                SHA-256:74838F035234D15840790D9475E6A8370F3807B31973295F7D945FC7D4D7DDAB
                SHA-512:8DAD17E139F8B668A8D4B9D441F27EB055033E0DBD4F5D3CCE8CD7378E195AC553FE262A9243F99FC540AF69A15366AE737E2D191E6B894142A73E14666D6A88
                Malicious:false
                Preview:Jd:.g.....n)3f...D..@..G\.%3(.........E...4t...{.....V...`....:.{..r.....3. ....!.....[........T...#.I.....n/.>n..ZJ....l.z......f....(L........WS..7..2...n3."....qra..........`.lc*QGO..5j..=.Y.Q...._.'z.N...K..$..9L...JY$.D..<....%?.al]E.8@.y...Gw........Y.x....$.a.u..s.o4(....g...n..f.U.PXX.c.>....<.=.5g..F...............<......r!....!N_..8......$.]u....."..9.x~.d.j.....u...e.CUre..U...Q h.....O.x.N.N..vu..p)$%.V..... .....D!..]#".4w...v......p..Us....nQ.V.*o..G.cUfe`c.\:#.>...=.@.fHB...s..Tr.<|-O.....w...Yfw.. .'......xkI........".T....}.Y...B..%?..1.7...~.V?....EIO.......z....z.4.]...U..G=".q..6.1..|al..B.q....?...e..&>?....v.}q.].~.iD.:.d...f.9..\..^..v..~....._ XO.~.uSv.x.?[D...d..w.....!..._.,..(....P..]t..%M......eO..$....,....|.zuR....A1...w.}.h+..\...[3.>..`.t.OZ..Jr..Xi .Q.2.7a..2R*\...}....z....L....`>.f.1........`=.Z.g0)....@..8.Q.'P.F.V..k....V..A....7....o..v...3^E..+.#.5.,x..<Ya{.[<Re.%.g$.&.f>#.....K.B....ah..fi.

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0YEUD8V.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):461
                Entropy (8bit):7.471423579533857
                Encrypted:false
                SSDEEP:12:+4Ii4QVSt0D0DxyDwu6cwoGvrbat70t25YM6yJ0H:+44QVSt60An8nWU2uD
                MD5:4AD788749CFFC698EF64CF1AC826EF7B
                SHA1:72F4DDEFE7E7F8FB89773984BC63074D72FDCB82
                SHA-256:194A173BC66B240B593F3F2D8806599AC481EE3EB1AEB8DFE9A84DCF61404179
                SHA-512:C5BEDBE3CEB7418ECF9F03045406864A607B1471B49ADC288F729B2ED83FC17C65CA19DDDE527EFDC121550C18CDCE4312E21B7486C8E40E69C890EE86407BA1
                Malicious:false
                Preview:.K]jI..u8.u..?.*s......{.......... .@\.u......].y...q."..{d..}.{b..p'......7:...$.r..r.....~.}.-....S...G.......... y.G...=.i[....R..]\&O.._.^....W.D.;..G0.&B........`g.S6...y....'...M^.JC....O....a......."..i...#d....CP.0..q..Ma.....9....^n..k...hAa.(%.\..9..bm|b....T...........n.'.EK.bl0...Z......p.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0rcN0ZI.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):475
                Entropy (8bit):7.556539927603792
                Encrypted:false
                SSDEEP:12:9K/NbzOGiPwsqFUwTxGoG7vRhK8sKu4t70t25YM6yJ0H:Q5zO74sqzxG9TIKNU2uD
                MD5:E038956399A1D9BE54AE3E48538B6BC3
                SHA1:DD1131F0A407C2DB223892DF0B87EB09DBB8D5A0
                SHA-256:52A1A8D86D5C66351802081FF7E6C5A9A03932E58FA0264402A032106E09DC03
                SHA-512:5A9136BA33458FB3172FD1F7C369DAEF846CA77F3DE7D5B2730886633E356D7E15AA96E57604B16A00EB5FEE9C35D82BAC78213F8B415938E3299680687F6057
                Malicious:false
                Preview:r7.|O/:!..aBqO....r....+.F......b......w.Yd.+...A...V..;.V.CbN.*<.4raRX.W.-.C...W..+.Z...D;x..m&.C..@..R.._.R..E..o...L.^.M.....V.E. .a..i....G.t.J.Xc.s:W(..4#..|.^.W......c..pA.y.q..o].c.O....V..BR]n..j$...k1p..}.H....r.....df?6)8..!a.r...AQa.....9....^m..k.......<., j.R.b..x2LN...[.o....3)."..F.....i....c.A.h..z...r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\24vsykQ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):439
                Entropy (8bit):7.4898523939168244
                Encrypted:false
                SSDEEP:12:ih1ekqOH02bsmG0h4hC2u38t70t25YM6yJ0H:2YkqOLaPU2uD
                MD5:C7EE56AEB31E48069BF2E9090DB5EBD8
                SHA1:A0F5D8B8380EF4F93A5889F3D8EEC66433BE7DCF
                SHA-256:E298E51F3BE87E78C5076A26061E6729C78922EBA0780AB9B86105BEC46B3BEB
                SHA-512:18EF2AB54CC312B4942A3EB73EF790691C9BE4980763EA300759C4696162873B0ECCCBD15ED9B0026A118555902E18A1A9F401876C15EF12C3135E3A3C15BD33
                Malicious:false
                Preview:z]~..j....=.|.xcf../.....d.u*.O..I$?H{.m.8T..FB...Ru..`...U...\.;t..Et.a&.8.{..nxP..kJ.;e..l..a.w.PR....q.y..).......).<E.....{$.fG..jB.@..k.%Z.\.NPC.......Gr~..|.0!.<..4........w.*c.........Q.=8@8!}..sj...8.S~...E.9....^m..k..[.2...1.%YK..s~.\...'.%`.P..k4..'......O.!_.pT6!..}..;(4..q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2USUWWx.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):463
                Entropy (8bit):7.570317204161452
                Encrypted:false
                SSDEEP:12:G9JZfC4M4G25uinERUoZyHypebv4cJYt70t25YM6yJ0H:UPtG24owvZyHysbDJ4U2uD
                MD5:EE8CFE66DF9C65F139BA3659CF72295E
                SHA1:D8939732136497D457BABD98DC19CFA0CCBD6499
                SHA-256:6F4A237768B85292B99A1804F2C8389D177E379CE8FE64C714E47EB97EA6B922
                SHA-512:7702A5E0B1AB2349D1D874619A23670CE759E9153954EFCD2534BDC272ED207EE02DC58A5DC57FC610CC62559BAFCA565AF918FFC2400A730EE92490C073338A
                Malicious:false
                Preview:.dj.6.a....=..'.^a._...c./....X{.?Gt0v.%..5`...YXh..=.k..C....h..e.......|.nd.Hg...;.R(Gk..v./s.T2..W:.C..e....Ho.I.35|}...H..Ed lM'J....S..%....+....M....d...A..\...v.nx.*4...{$.....i...8S8p.9.........v..m...*a-~3..K}......c.?...k....]m..h..r-f....<.......3.>rd.|.+5N....U7.{9....,i..P.....w.Ws...B.......s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3XGXxbl.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):464
                Entropy (8bit):7.591242318551294
                Encrypted:false
                SSDEEP:12:uosb6yCNiItX3SlvHyW2aZA/LyOwvFZt70t25YM6yJ0H:7sWyCkIt34vSmZAzyOwt7U2uD
                MD5:2C1A9CFCFB893ECFC0CBE634A5F905E0
                SHA1:BB624B36378C5904EFC3C49BF88318C1ED8B935B
                SHA-256:037D83E7453882D657ADF02A2F0127C3F060F8AC796DF1776FD75B210189AB79
                SHA-512:A5F1A5D0F3C7ABAC756921C771D16DBFFCF05FD07A57F64D3B2CCFA201C6B262D9738B1F9FB8E3D8253E910540349ABDBA17C699BACCAABF26908FCF4975A843
                Malicious:false
                Preview:@Z.N....A...%f......g..J.2.z..Vr:.IA.(}a.z.w.".x.....*...T.......U..g.9.[!:..2g.1..^f..A..u.1./.F.T..m;....dr..x2.....&]{.b0..s~.n...>...m._..=....dT.n....|..'.U4^Jm....~..`..<... #.."..9^{yqx1+.*.........yS.......;.m....7.|~..HRGc.....S~...E.9....^m..k.q....C...,.p....UP.........1.v...?.>.rC....F_......u.:......q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\5gu3Tef.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):456
                Entropy (8bit):7.540284642445989
                Encrypted:false
                SSDEEP:12:SQZE+KsMtKwFOUG04b8IHct70t25YM6yJ0H:VCsMtKJb8I8U2uD
                MD5:0545924401C10B68DFE58C8CEB7D5223
                SHA1:087D21807D497778DC2CB697B22A8059EE43263C
                SHA-256:892E3EA05BF345A1C76A0B87765CC7EF9A929E4BF0DF9D1CAB8BEB263A93D523
                SHA-512:9FD0F7D39633D645D65902F6A81AF59189D3D79CC8A5A9E2CC24B2805ECBAD15FB57A962D9A2662617EA9EB2D0A95EF57ACED436AA7F412C0E67487E9B561F12
                Malicious:false
                Preview:$.('"M..y:..w._].(..x...s.2SQQ:.A....N.....o..N..K.@....N$.........VI..o.ed.#.~...8.....a..L..x..v1(......4..x....Bpp..;...R.g.|.....K.s...%l....ZX..p7..S..D.7~/.gw....Zt._.k.%...,. ...kp....v...E...4......p..R...+39...|E.....Qa.....9....^m..k..D.gJ.f..bM.d....V.R_.s.:...{..o(....9....C.Y......j.=..n..-....r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6E7TX5X.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):455
                Entropy (8bit):7.501516693743488
                Encrypted:false
                SSDEEP:12:QuaFE/FdQMXoQ4mu6IttoGh1HRWrt70t25YM6yJ0H:P7/FS3m9mz1HRcU2uD
                MD5:8DA5BF95A8339818A441EBFE1DCA5DDE
                SHA1:4AC4E942C7E3D65020C7E91BE0A9C334FAD92ACB
                SHA-256:0FDDC21388F7A1F4CE7502DE69ECCCBCC7F6B208DF0A5780171A7AE4145D65E2
                SHA-512:A0C72B6B7E29552A2B378D56753F298AF2EA3AB4700A24B137D0FF6A6CED80CF9E0E2AE617FE6BA9471979FF04E543AF480B558BB16381C48D620E6074B80D22
                Malicious:false
                Preview:...:w)..c..?a..v'..+..m.-u..........ZHP.....L.\.b+gF....<w8k{@.n..c.lR&..w.l...Ao?C....s..KQ.mmu......H.L.&.@.....k+....5.}tv.. ..jM+.r..dJea..3s?..]7..bY.vD......I(..N......>.../aL..O.3..|.W.G.M.'K.........).@d....7l..l......S3.....:....^m.....t.?.t.... _b......S........uM..x..Wu....G.../..$-.NGi.I...m.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\9W4jgBg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):431
                Entropy (8bit):7.57690476904807
                Encrypted:false
                SSDEEP:12:4OulMLvk9hbF4GOtZPJKzlcJli8X20qpt2uYa1t70t25YM6yJ0H:RLvk9hRMDEyub0qj/3U2uD
                MD5:787FEAC50B5E27B6670F560A8AC519EB
                SHA1:68534B3E7C9EAA331600907BA1E7BD08B0CA8379
                SHA-256:CB429B6899446B7EF62DA225D345F55827BE617AD2909B69A65D863A4FBF5FF4
                SHA-512:40902FB98CCA69AF9D38447637DD09BEFCFFFE40A9F5CFD1FB85E55255DCD5A0F985F67ECB3D83795A53B625C38FC63D5C9FFC2348BD46A3A068A15B763F507C
                Malicious:false
                Preview:5%./..>...._.?....&/.U...gL...|J....s.......>c].Hg.]@..L.....^...bbsEK..GO..C..A.P...Y#X...^f.m...aWj.> ..x.t`.0......+.R..$.2o..%...,...g.G$.@..!6....k.a..u..1...A$:........."....l0........L8.......nc7....9....^n..k..r..d.i.....{..;H........w..G...1..`...A....-7=..P..ib-.#..ba...Tt.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\BQGQmaf.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):456
                Entropy (8bit):7.5767170504549535
                Encrypted:false
                SSDEEP:12:gBXqwIx1KDKsaxxNjF7AnPouV+ufUhOt70t25YM6yJ0H:+qwIAxEmPbRch6U2uD
                MD5:B7316C6B8AF40EBAB1F3CAEDE1703533
                SHA1:FA399386A9B974C040201FB237C9FBA8DCBC5685
                SHA-256:D2F0AC6C9323164DE1ADC82A029EE43B98D70A81040D292BCA77A00F1B3DF1EF
                SHA-512:D671BB22CAD578456870CE2C892BBE92BE90E07D8A25908F2173E079C2CCE8FE0DA24D87EE88049DE1B25B8D605FFA11BD94CEB7EEA5E50516CF866014B69FCA
                Malicious:false
                Preview:..q..A3...w.5}..v.L6...>.. ..{...#.q7..q."?e..Mw..[.p.m...;O...Y..h...5.l.....V.P.......)>1.u>.........._.l.7.b..A.y@M.B.Y...[.,\.A*........[.T.d............Rv.:n_.<V....|D.3.D."D.....8R...Dt.c..j'......p...n...*f!*...@,._.r..Sa.....9....^m..k...w.....&N.j...#].{.l...f./.v...,...U..L..7.$n.0-B..#.\Q...<....r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\Boiz3cT.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):440
                Entropy (8bit):7.499727271480509
                Encrypted:false
                SSDEEP:12:AWisFsN5njRRkexwsw3l2gA7Z0gQw83Ot70t25YM6yJ0H:EsazknsGKgwbU2uD
                MD5:E6A04FFD3AAFF748FEEF88CD0E9165B9
                SHA1:DFF87FBF5A2A4F11FD17C90058488A3391CF6720
                SHA-256:0B35D19CB133CD827131DA59369639D36BC27C1498843BE729D13ABFEFB2DBA5
                SHA-512:3DC7519A566EEE62898F49C95330AFEEF06FFD8364F569F5C974A42A647FE19EFABAB34D12268789553FAAFFC8F86811AE9F5058C7D1153BBB6AF326CF8AED1F
                Malicious:false
                Preview:.1#&t.wp..0UX.(6..$...V....5~..dN......M.1..3.f../.F.....:.F_3......mU...3w...#.........D...+.j..c.&.E.X.(..9..9..A.....^....L.=..ZJ......R,;..@ ...~7sbo..y......m,a........%...........2xq..$Qd5.@.X.....i........a.....9....^m..k...+...f..Q....ns.K..m..X.*....l..X....R..Q,++..w.K.u."....02...r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\Dqgcynb.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):469
                Entropy (8bit):7.584376778254399
                Encrypted:false
                SSDEEP:12:0/kR0Z8mju1Bj+UG4LuBdU5PXDLuOt70t25YM6yJ0H:0/nZ8mja+OL9u6U2uD
                MD5:9363F89B0E7A9BAD9F80DF2ADC95F1B9
                SHA1:E971406013B0759140EC75D1C6A907BD41F43254
                SHA-256:B2F4C4D83CBB8D0C2A38845DE6A3E41F39F5C20139BC04D76F308A04105E411A
                SHA-512:684E1C500BA5063844B5E5C6C11E5E2F491DBA4EF554EF13B02A8E0604475CD6330C55FB18306DE1ED17B215C2C3561AB13BFC836295DC965391732FD0D23A9F
                Malicious:false
                Preview:y`.a.......7..$..B^#..^...Y...-.\.%.N.i..,..>.....4L..p....#..w...:....s.!..L`..4ZU.Q.W8U$.EL..3.D.......Yv...6M..P....#.....!...6U.f..(.@...VPe....%....._..f.=#.&i.;...u.$c..y~....,C*.c...p..GJfP.L..!.......r..]y`1z.....+..+h^..*..c..4.9.....^m..k..r.....;K...>.v.m...LX"k+..Z8.<.L..u..........N.......%..I.u.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\EHYBRzQ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):463
                Entropy (8bit):7.513786103964353
                Encrypted:false
                SSDEEP:12:wtbimEcyFOqi6bOtk3HtGbRf7+t70t25YM6yJ0H:Abibh0t6bLXtGb5+U2uD
                MD5:B91AF1B8A30856E0CFB29AA92D66E981
                SHA1:DD62276751DA5390AD6C4DCF3570AE76E4B9ED1A
                SHA-256:5FDB07D95C55EA63C8AB0ADF5B95D110861D7097EB0D748329F72939ACF9F6D8
                SHA-512:85243F613189DC996FFCD95416B2405B814CFEAF93302711F87692F469C6F4D7DA7929CE7BA2972F095D0ED7A666191F87375066853D74AEADF495C5C2F403E4
                Malicious:false
                Preview:.yo....o..I...G.Wh...t...%.pZ*.V.@.<..v..~[.V.V.}/..Q....Scu/.....1...Z.....!B...w3o.....a.....N7$......<..8ii...~.}y.y2...aK.....;-w.......b..8.I.. i=.+......v....}...B.7}....S?..5..|.~~...i..u.......&...U....._....*Jf.....?c.?...k....]m..h..r..........rSx.........6.G,...#.....B..ST...Aq.O.3n.K.>...H.5.s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\EMuuanE.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):432
                Entropy (8bit):7.468571423698685
                Encrypted:false
                SSDEEP:12:ke0M+OWHFkWy397jB8EvKbQ5PtS6XAt70t25YM6yJ0H:z6O+1U5jB8HbQJt2U2uD
                MD5:6EED0BC075823FB2E9F3219E75A022DB
                SHA1:901B38AC2E2859237800009F97CFDA98DAC34AD2
                SHA-256:5AC623790D2AE27AF6F5212515220957357B8FC0144F9D0C20FAD9F20117FC28
                SHA-512:5BD71CF1EE5F4B81D1CB50FC42ECB64D895ED30E83F1DDD55E84E47624D7115B8EC40AA296F1C1D547145A50B295DEEE8113996C41C075F17B4610D3388D9423
                Malicious:false
                Preview:.3..EF.b..f);m..`\..M..^>.....}.z...6........bA%.H`..,..G...b.[fK.fu...T.....<....`Q...h.0*.%.p..e....O.VYXu./M...v.orui.r..@......~`.=.MOR`................./.Z...Pe..4.~.....A.........$.d4.bd. ..)'....*..Q..?...k....]m..h..r......9+...`.Lvm..U..c.m.....=..!..&7)7...h..h....>...u<%Q!BMos.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\Fa8QxZP.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):420
                Entropy (8bit):7.529841434477421
                Encrypted:false
                SSDEEP:12:pUG/N/OxvGAKWAg8sP/rut70t25YM6yJ0H:WE2xODWAgjaU2uD
                MD5:48E9552BC0BCC6527FD2402088E8CD0A
                SHA1:FA8DB204E121E420155B5844FC137B1632BB32A0
                SHA-256:4EB4EF9813628437504AB263661C59C524DC85125FBAFBEC72599734DD6B88B4
                SHA-512:F6C521CDCC2D0641E614DDD1FB2D62552F2B82057B0B0EF8E80F001DD520D743C3E42F212C44C6767BEEE40CDDBD54C5633134BDCB1D709224008A36BCDF7E65
                Malicious:false
                Preview:w..pP..Y3A.U.>...>.-.J....5..l........q%..63.....F...hy.+e.9".3..E.%...:".jK.....ky.L..z....Jk.%.3........*..h......%........{..s.]0.}.X..............1.k.f..8B.L.z...V.........q.;_mlf..P8.`...e........a.....9....^...9...7W~..<.Y+*.....V.0.....k.<..]..y.C...v..r 6..)j.4-W..l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\GF1nR06.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.562756920538201
                Encrypted:false
                SSDEEP:12:weZ7hmLcKn/9zuiWlOF5jT02/vUdOt70t25YM6yJ0H:r7hmLcG/9zuiWlOz3ZvbU2uD
                MD5:449568E41D9C4F2F401F358091768465
                SHA1:7B62AFD986D3C7256216FD20BF66C785B227497A
                SHA-256:6CB966749C5FD8FCAC7304ECD0F69E2D875D4D5DCE4CF6D7F47F93C4791050E1
                SHA-512:50552EF1FBD956887C342B4016426F93CFA376BA88C338D941EC3282F3C083D10338627EC44D07E20E9246E6AF61126D07EEB10EE1969B4DE953BB1B9397D1E8
                Malicious:false
                Preview:...cd......f...._.OZ.......w...j+..<.s....#....i.r.K..W.....f....?1.[x.$.x.....d.2..8.J.cX....M`.....{i...j...i.Z.Q\{.K}.Z....i..t.5.....x.^...k7.......N.a.R'g.7p....8)?.&y....yT..=..f..v.5.C..=...1.........%.......+..~...q...d....a.....9....^m..k.....x.?O..c.$...t......v...}q'F..r....0f....pb.....+..:ry.ty,=Y.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\GRSuqUj.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):458
                Entropy (8bit):7.53183909929409
                Encrypted:false
                SSDEEP:12:s1SBbA7l6YwAaxwmVJEs/SSg1b7RgJMIt70t25YM6yJ0H:sVwBpJEsqT1b7RwpU2uD
                MD5:1EC9C93EABD92F3F7BC196F2A0E61269
                SHA1:5BB48F4465CDE32423C62508722F49C7A5E88A90
                SHA-256:B0FC5E058CAF072EEABC826F8AFA5E55604465CD334C6B8E12E4E38FD5210202
                SHA-512:D3E1ABE0C15EEBEB78B4C1AC28AC856A1400D86ABE6F0DC7B331B90C8947901DFF44053F3CF7BCFA76D27E1A41AF60C338BA482598927BAB8F5F8EAB6C2C57ED
                Malicious:false
                Preview:.6...:...?.......Otls.@ZH.)..O..2...=...o..(....|`.Ojs@j...5...!..{N......"..]...$].P.&{.MbL...Y.....Jn7.m..+.j.J.[......!....v..........{...'....V...hJcP........W........zN\Kg27.x...m.Sy.'..2....[UG......s...W...D.Y..+..,yw..S.Qa.?...k....]m..h..rN...h..U..C...3..Sr*.......t.3..j.......n...X2....[..B.1e..s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\GpCEZMC.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):457
                Entropy (8bit):7.604523087277884
                Encrypted:false
                SSDEEP:12:n5E4IHzf1aK8wooNfaNESAP9MG2f0q8gt70t25YM6yJ0H:n55ITNaK8sNfUoSbT8gU2uD
                MD5:B87703E3B81D29852F1CC2625C3E0B11
                SHA1:C7F132953A662DC0B6BACFB6538044C08C055340
                SHA-256:50CCA3EC6DB67D426F795D45047B806D8C2D4C9D5A4B53EC1A31BB9A945436CD
                SHA-512:B5B21C03DA9705568D26213145DD097F813F9E417E0378D095F3F3A982F64D56981A2CF612A675A5A2BAD7B29432DAB0036A9D319F7C871CDE60D20DA4BF78FE
                Malicious:false
                Preview:#FM_.{.D.4.89..-t.......s.......5.L.BX<|.T(Z.......%..y..=...O.$.F....}.0.#......1..he.....p.......-.-R^N..].<.|..+6.x~u,.?.Q| ....~#.c.,mH.8.....!...T*.t..n.q.E.}.B$....7.A..'\>k...F..b!..v.MF....N.......#Tq=..8. ...)~._.<...S~...E.9....^m..k...l..`pG...$...U.....-..V......Qk......./...l.e.WlR.+...M..q.q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\HRqPWAL.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):468
                Entropy (8bit):7.552439420645994
                Encrypted:false
                SSDEEP:12:66j2R6/FZBXZCJDwMEqbR2asBuSHqyt70t25YM6yJ0H:66WIC0tquU2uD
                MD5:E20F5409AD3C4E30185C981095241CC0
                SHA1:10EA57834BE018A0948D3C6C5C8627A2CD897D40
                SHA-256:A958BFF6B192602743794E0D923D4BF1DD6629D6F401116A8EB0EA015E5E2FF7
                SHA-512:CDECF5104B988904AF6063937FC1BE66F376A4E55CDBE5DEAFE480AFB631AC88795927B8F2A4FBAF9C5DE2EE8D88FE8531E2D9139E974EA992A1AF7660314DE0
                Malicious:false
                Preview:.>.M..q...p...[C.j9&.>.T.'...2.d..M...^.9E.y.v{...=.|z..J.......k.'.........._.H..l.....H....q..z.|....4.4.IQ. $.......E.)...nk.Lv..}.....g.K.2o.../.bB.Z.nA......l...X...a.{Z.L...-P......9..a.nZxWK.........H......E1...A..![...`..0....S~...E.9....^m..k.^Hn5...m....]...-.widK.$..r...c...$.v..1.;..>.q....r9.Q\|..q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\IQiy4uF.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):469
                Entropy (8bit):7.550018887632785
                Encrypted:false
                SSDEEP:12:EldgXoIshmYIg0URGdUaFW705VtdGqUD4kNWZt70t25YM6yJ0H:EAXmhmlg0YwztbUE4+U2uD
                MD5:74F8DA06EA5C25EC1067FA3BDFE78BB5
                SHA1:7F8991E183013A6675FE0FDC5B8F51F46AFF8AC4
                SHA-256:FF37993D12498F0D03B45108A4F9CB2F4BA6F7F2B5ED4B0A8838D9870B30F3DF
                SHA-512:098BB99F453A97A0C9C920B328C23FBF239495B909719F2B22461265FF44C25E9C099853230D370633ED31F3AA48DBFDBF906A30D068FCB525DBA6494562E455
                Malicious:false
                Preview:i .......Nu.`.{.8.P...q..3.r.[L..........J ....s.......].......d.-Y..4e..Fl.k...l.....E. ...R+.C.|b.....C.........4VJM...rI......jK....*7.^c.u ...........o..}.5.~Qk......}.).gc......6<5..>hV'w....%G7/4...[.w.......r..Q...36.z.8.Yq.z...Sa.....9....^m..k....Q.|.S}.nU._.g*...\[...4.cPK+..N.fb......Z!.........Hp..Gr.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\K6c1QsT.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):438
                Entropy (8bit):7.586639800479944
                Encrypted:false
                SSDEEP:6:CaeMoZuJ+B5k1GF2lmF2BapM0l7nlB+HzqEgZ4sJakyHDttjL45YM6yJ0H:TeMsuJmkdBapM6L0rgZt70t25YM6yJ0H
                MD5:1C5C9F827F94539414A44F56D5BCFA4D
                SHA1:5860689A0C3867BAB9A319302E83AE924A56972B
                SHA-256:F7D21F374433F8D70AB451977B6022CE09647F4BAA0596FD8E6109B0962DDA52
                SHA-512:060F939E009B4BD013A16F7BA2A7DE768BCC1DB5D319F1B531AF15CCE868E669C444F55C3BB5705D202B90996779E6FE59173F79F6F0410DD33ED40259D6DEF9
                Malicious:false
                Preview:D...O.]...t.efi.4e.,....X...".w.l.)......Z./....$.........Pf:..D.D...K.'At..UdN...P...$X.._R.\9.N..o...*#.d..ZN..-.{....k...k..m.p....t.8.....IfJqz....g".2.q........&.}........C.>tS......v...qp<zB.Z..+..E.J......a.....9....^m..k......7..../.5].......b.fS.....v.Q.."....G...&xP..\..w..+..O.b.1-/r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\LZxg3wM.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):466
                Entropy (8bit):7.532443541810611
                Encrypted:false
                SSDEEP:12:zJ/wv1Hg3lxhzg+SaIo46cwAQbLWQ5t70t25YM6yJ0H:eKHh0+SaI3Q/WuU2uD
                MD5:8FBBD66D2A1A621ABF5FB7536F2E20F5
                SHA1:D24454F2AD7FC24FB2C66104F7A518F78FDADF00
                SHA-256:E93C952EB09B568754CD07B7AAFBF63A559797DAA47395521C1C92814670BDC1
                SHA-512:161DAC3EEEE019FEB939D79FF6981CB3703BFCFEFEEBDC2B3EFF119366C9655D8B58FE11D40DAFA43FD7537C0856ED60E12E3D6056E03CC80083F5D836716D8D
                Malicious:false
                Preview:R<............9"}..B._.c.4n........vMd.P./ .-.c&:r.Nd...!.=.L.)..H.....t.G.)..X?.....]cxV........(i...;....bg....9V&..=,..(<...;...VWI:0..|.d..8-0l0w~...V.d.6R.l.N._..Sp..{.M5..EV.3..T.o..~_.v.......j.Qt.....].D......#...j.d........|M.0.....Ma.....9....^n..ki.zF..J....9f.U7k..2.F].b..W.Z....b.|...E/.WX.1.G....At./..p.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\LjAiAvu.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):478
                Entropy (8bit):7.517855230662438
                Encrypted:false
                SSDEEP:12:lSaAvnYJjlytSmsLFTFjj0/V0MVYjRVdt70t25YM6yJ0H:lSahJJgSRFTFwuGoRhU2uD
                MD5:F2E77E728C8460452B410D119D477D47
                SHA1:B78230775BFA77101158478738A646F747F973E9
                SHA-256:1BAC1E0CC27BFC7FC30385EB10B82B6D32C06F8C27BA94E7DA2E39DD79FE33F6
                SHA-512:544D045FC985A8AA2F55D943CB61836487920D6DB269D30F792DD091EB7844223A26E7BB421A361CB4E4D1E9FBDFF3499FC64646A40E32B229C0DFF7E04A5CC7
                Malicious:false
                Preview:....yW\<....%.&.S..@..?.0.b.8..=.......P.0.h. ...~.\1V]F.~..R.........O5........kI....x!4......Fd.l...{4p.....q#..hG...&.....>9.MK"7.M`.3.1e.dI.`.*p.....|Z..=KS....7.A-*x...C....rV.P.>.O.4`.$.E^.?Z.?:....Af.....]\.....~..U...?.0}...&O.h......a.....9....^m..k..m.1e....+;..%=.;....J..cz.$..-..c...b.b.6.:w..R...T..^!So..r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\OOYJc3W.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):462
                Entropy (8bit):7.523494470002769
                Encrypted:false
                SSDEEP:12:ODFDIgnQbu4M8i1xKjGpVgn+Q1it70t25YM6yJ0H:eQbuBXxPVgnr+U2uD
                MD5:E52F3C0D4C040C2966EE260BAFD004A8
                SHA1:4616F3EE1D4B67E6CAF6D726C8311F4D5813820F
                SHA-256:25CC55252563B917C94865E5581A76F747346DF119876B8E7E6E0A48974FDDF1
                SHA-512:373EB073AD96E330C602653FC75C3B900E0580EEB558D3680AD598833ECC0AA6F54D7053CD2E861A3F79E6B90C00B69BFB2AF98FAAFD7FDF3E19E207A53ABD96
                Malicious:false
                Preview:.....?6.[...[&...^....y~J...[P.p..;.dr.&6q...|..#......zh.x.s..g".x....~\.j..H..L....fF...6a.&..`N.:..?Sx5k.-..Mf.....:..R..[..J)I.2.g...d....l.o|}.....V+....@.j.0.t.wa......G.$vJ@.q.....g...H&.r1\>........$Yd7.D.....Y....&.>.Qa.....9....^m..k..Hx.....R..N.gh.(....t...!....L...x..>..@..M..H.j.C2i.....<..EJ.Br.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\ShzTseA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.527392993431352
                Encrypted:false
                SSDEEP:12:QokPOyvVtFho8ljWT1yvw0fHnZ4iqzdit70t25YM6yJ0H:QZ7vVtFiTwVfjg+U2uD
                MD5:2E80DBCCB15D79E5067BA4557A56EAED
                SHA1:1C71F0BE07C68A03DC1676F84EDB7E262A197219
                SHA-256:D150B7AEC1D30F4B8A668EEFFAA8AE7369DFCE0D4FF428F6E5E6580C955B13E3
                SHA-512:6C91AB2EA988EA914DE0B5C534511A3E89D1832671263D3E6C13C30979785AD0BCFDFB91D422FDC225B5A1DD7AAECDAB5A2F9AA4F02E0C3249B00E604089E641
                Malicious:false
                Preview:.f`Bi...h..$..U...Jr.^%........:f.cu2.J..A..N{..%W..m...Q#.U...>....)?.m...........$..`...~.Wz..;etx......I.9Ir.Z..?.....>d......5.=....Q .YH.w......g..e.m.9...NTRIf..Y.........5.. W...O.....w..d.x..h4......?x"4.-d.4......i...X_O.i..Sa.L...9....]m..F..+..I.......\OW\d.kSA4.>.0n.6+.-.4.t.Z......,.D.........%4S..o.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\Sjze6Ed.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.524833347846771
                Encrypted:false
                SSDEEP:12:t5z2WQRva/oyqhu+rag7keIFF9RA1bZt70t25YM6yJ0H:t5rA/FbIeILAb7U2uD
                MD5:BE3A5EA69F6CFAAC65A4DCDC9A8FD821
                SHA1:731FD17288DF49185D4DCFB1E295B8C78364749A
                SHA-256:6B14DCA6A3468FB80104755145421F7D2BFB253F98A9D0B360AACD37D0CA28FA
                SHA-512:58CF0C3F9F76B2E0F3CA787104674BB0C75C207689312911E8B824FDD1E485DDA42388C53A30B36D1148FD9342EAD88B13940612134CE57F2BD6A58955A9C8A1
                Malicious:false
                Preview:..us8..`z.|...........~.>v..Z.y..Q],.[..8....3.$...".n....K..2.\....5^.`..O.a](.(j.k..g...C.HdL.(....3S|....O...}..2.:.~U.....E..i.................@.S....f8&imax,.....^<...."....c.I...^.......d..kRY!ep.D...."...nN..#2. ...\.......c.?...k....]m..h..r..ac.iM..jSYd.....]..[..o...3.8..$..9..`~q....A.k...?....8..,s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\Tx5d6zu.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):442
                Entropy (8bit):7.48806744319487
                Encrypted:false
                SSDEEP:12:QUHhEEYByMI75rVocwKkxwczAeat70t25YM6yJ0H:DHYByMarm0eWU2uD
                MD5:974A085291A6662746B95FA9AE980B75
                SHA1:33AAF3663AB2A4A2626509A99EF52D37808ED639
                SHA-256:B908107E9D45D01F600EBAB881D0345A6FE3DFAEE914E2F14F40CBDB338CC818
                SHA-512:51B501011CC78ED6E886D8F71641FA6F486E54A6C1E22EEB55CB32C66472198FB30BE7A9C87BC8DEA26D08D112CB99C47C8E6EF3098E3BCFF67CBDB54BC61E56
                Malicious:false
                Preview:.._.\.6n.N-..T.T.Gp...s......r..?u...ws..".....2..|.\.7...?./O..=.o..~z..ir.PM..J*~..........58........o..qVau...p m.L....@...#J?M....s8..zO...B=.^. $3..`..w......].F...,}[5.@.'.S..O.....2xr..>X.=..d)....Az;0.....Ma.....9....^n..ka.2./....FC.TZo..{.Z~.}...$jT......3.G../...\.._5H..&.......Tp.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\TzQ8Wa5.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):462
                Entropy (8bit):7.571999407228745
                Encrypted:false
                SSDEEP:12:Ndj8sTgFWeRr3wl9rYUjp2R1WmZmnt70t25YM6yJ0H:NZ8sTg0eRwsUS15mtU2uD
                MD5:9F8EE67475DF7B274B63AB1317CC7929
                SHA1:587D70CFF0E66ED242B58FAB76D9A8628AED09F8
                SHA-256:20C4F9F906BFB7126E3437F5BF37112EAD56108C415AF7D48B6B45FB0CBA756D
                SHA-512:72CACA42010A6FD8F862F84767A7627EE4368B2828270EF0511A42970AD321D1DE7763ECF3C13F85CE7A88C65CBCFBBDD8512DA434A95AA76E99A36612188F95
                Malicious:false
                Preview:.>.......2...!..]T.6....K|o..k....*.r4..&4.x...D...fBV.....W..IuZ.j.J.^.rd9....%...tb.?._....P`.I..2...........mY..=...1.. .)E.....+..E..p4.kU..C..)...KF....... .8.*..Z.......`..Q....8..\:.....G{.......b.z.`.....t..ZnM..37....z].X0J./.YS~...E.9....^m..k.ADG....=...zQ......3.]N.....)..E.i....``.....w........~...tq.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\UqzWTCa.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.5762436532636075
                Encrypted:false
                SSDEEP:12:9aU6hR/lZFxi1P9pzm2NTUkuF2it70t25YM6yJ0H:cU6FZPi1P9lJTUkc2+U2uD
                MD5:19DAD6674B0575513DDC67C7345DB1A0
                SHA1:65286028936352EAA332A4B811AC7FD8C80067C3
                SHA-256:167CE3515E283D32A09EBFAE5E65AF51C7D14B39F60A11045BF8E70691493CFF
                SHA-512:ABA3EA978BC211ABF65CBA9A6B8BD5092BA07C3B850EE65B18391233ABB9DFEB939A79747FFB25F7C6172D3C114DBAC513CFD8BB41559ED844F5D086EB84393E
                Malicious:false
                Preview:C%f9..>..Q.J....e)|g.z.KV.V.......r...PIV..17..#,c..2_..qoE.....^...kh..:....'...}.".....M...*UW....e.......K..q.7....R.q. .>..&p..."<...}iG.|.f.U...w.)...5....}....i......%....q'.......=<...x..B/.w,.I..Bm..t.....&....M........vq.0J./.YS~...E.9....^m..k....._.l.....^a.P..~./x..4..K.v...Tlc.L.D*........X4...i..9- q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\VS6oCAk.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):476
                Entropy (8bit):7.516649022023138
                Encrypted:false
                SSDEEP:12:l8TJwwoGN67QtYFKuBdU7Ht70t25YM6yJ0H:K9foU8rsU2uD
                MD5:BCD733C0718F948AB4AE960506A79D9C
                SHA1:5A383B898B91BC2131C960EC5EE0273964CAFBAA
                SHA-256:9078728055C0DC56608A6363F79ABBF72BA7364A8760EBAD2AD48DD67B9FC85F
                SHA-512:BA249E388ACD29482E9A0B50960DF1BD1AD3C8F881515FE2406C9F915183C109EFC53008BE62323E5BD1FC5C2695AFEE7ABBEDA7F4942C92874C379BE28DC3C6
                Malicious:false
                Preview:[CiF.....3....j........h.t...P.~u.*y..n.%..}p.] ...d=...q;.....HI...3..._).g.t.=}..OJ.Z..6.......>......$.U e.ZaI.H..Q..p....0-~.-1d.U...E..?..~7...uF....C.....g.x2._L.BO..E.M...m..3.....h.n..D..3....App5...#...`u......v...W.3[D.....Rm,..)..cz...4.9.....^m..k..r...Lm....6.3*U=.8..C..=)...3.I`..#S..Og6.Ve..%...G..Y....s.u.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\W8i6Nwv.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):462
                Entropy (8bit):7.587499968827726
                Encrypted:false
                SSDEEP:12:IaJ8QezwwcPcY6Cg8sigxMzcwdjCBJt70t25YM6yJ0H:ICQtcPc1CgRigxmsLU2uD
                MD5:B73ECC59836CD8666E9FD8E85BB55BCF
                SHA1:B69E508976D64F6B20841F0DD520AA60432B410D
                SHA-256:DAEEC410B729B4CA2CEF2815A3D52A30F88DFB3756917DDF29B107616195B653
                SHA-512:58F568B6FF98D0F8056FD6BB6609BB918A72359798BEE52CEA8CFE870D7A171CA29C4AEFFE5B021F403041615CBD61C1EC1715ED0A74A34D182DA3D040B6D00C
                Malicious:false
                Preview:.......+....>b...:..#..!2..g$....S....X.......o^....[S.)5iN..........\...n...&'.M...UgV@.H.>qb?..l.g...7Hf.z,g...D.....Q.,..W.d..w].1M4;..I.......q.. .T....d%.<...#..U....o.mb.C..w\.0..a.W.s..Y.>Ei......7.|......1.\iK..5.......0....Ma.....9....^n..kh)b.2.B.[.u.m.0.;.....]5vl.Q...G..L...G..16....K....<.{..v.v..p.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\WNdqLuo.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):481
                Entropy (8bit):7.595221906229139
                Encrypted:false
                SSDEEP:12:2gy7+RuWv2egFizQoD892HmTNUZt70t25YM6yJ0H:2gy7euO2eSCQOEZU7U2uD
                MD5:BA38C1440611F9F6075B5BDBAFB8F8AD
                SHA1:61273CF54B31EC3246013A496D06F3A547037EEE
                SHA-256:151115BD6C3040263EB60AC3D8C08B1C67469656C2199B4D771EE36688295BC9
                SHA-512:5470B4B12729B8824EE54BA78296A2644DA0C24D75AA61801E9950DC4C9D7674642532AEBD9D423D0F48B365B36DA389D315EFF7D82EAC1C0EF8264233FACDE8
                Malicious:false
                Preview:?.g.3..@..1...m%....\....U-bK....=.L;Zm..m,78E7...G"...V-R.L....~.?.!.$..U.O.|Aw...1.].S+R.H.....gt..tZD..E......~.5......u.Z.P*.2.j.@.qx..N.{M.Z..t.3,.Vg......I.h.Gn.'.I.Qw.|0_+........Rg.t.f.X...F..6.>.....x'.b....A..K....2xs..$Yd7.G......{.f...P.S~...E.9....^m..k.B.b.M.7........o.1s,9.P.D..........e...c)S...q..T=/.5D.D..O.q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\WTkGxMg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):457
                Entropy (8bit):7.529439024777702
                Encrypted:false
                SSDEEP:12:kF6xi4/Iyc6sYOhUXIjVpC0lZZ3p6KYt70t25YM6yJ0H:kb4pc6vXIjVgddU2uD
                MD5:6BBDCA9CD54EF7082078F3F6AE578773
                SHA1:160547624364EBDB4B1A0D4B572CB4C38A5AE358
                SHA-256:16482F08881CC63904087C779C75D841B1655DAF8561EDAD6878B907A51D27B0
                SHA-512:D166CC6472778F600F3AE2267FCAD23AAB0D355EBFDDC7C8AE6C8805193811F495B356D7AF41ADC5550144716DF13D5C43D5E99A06C045147F34DEA65A2EEAFF
                Malicious:false
                Preview:..ADPN..2...e.N....s....#.p4j..v...a.n...=emfU..........m.....v..4.|.%l!."....86'4w...%W..D......)....c. Yn...DEKK.*.;-...8}%}....<.!.$..j.S9N........Sb)YJ1..=.......^....s.M.....`.....ajN...z...8.k...W........."...lH....|..PLq.0....Sa.L...9....]m.......v...3iN.?...Y...K.3.Z ..B.I"&..n.^.....q*.........UP^r...O-o.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\Wh5c1H8.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):465
                Entropy (8bit):7.533750154663232
                Encrypted:false
                SSDEEP:12:hQ68KoUMelXtNLax+UyaJinfnYt70t25YM6yJ0H:l8ONHa+UBinwU2uD
                MD5:E97C69697C6C62211204AD634005FDAF
                SHA1:FF797C3830C34F61CBC2EDCAD09329B081D88BFD
                SHA-256:C0717F33EA56EDECAE8903567563A648FCF8BB68A366E6A8A6FF8754CB9F5B55
                SHA-512:D63168547B973EB22B39A0B39C89239E3F034F7E0BC1543D57A7F2D28A3F11AEB40ADFE25BD8FEBCBF1600C9D13D3E51A71E7BD7867B82E9D8AD5F547A899925
                Malicious:false
                Preview:.LS.....d...&....w.5./..0R(i..0.LD.e.T.Nch{....X....#......G...+.2.......[..z...Q.V../...cwj.4.....5......H....N..r..........o....~.k.IM.../.Cb....i..m............T...E$J.<e..u.k4...b..i@2.b.......!...nM..+2......m.....AQa.....9....^m..k..v.t.#..B.TY+.gZnQ.q..er..T...-.t...K...\Y.p.Fw......J....L.."Cr.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bGZy3FS.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):469
                Entropy (8bit):7.539435261199393
                Encrypted:false
                SSDEEP:12:63TVXrte4afq+ZDSj0fr2amQxP8SUt70t25YM6yJ0H:yXRSDSofr2amg3UU2uD
                MD5:99D7FEB58337BC210C0D917A256C7151
                SHA1:8D7CB9616732B6B8D15D7E8FA606371B5E6EE984
                SHA-256:48185FE5F106C34DBD88DBCDD34ACEFDFF4A79E840961C9C82553305CD386A8C
                SHA-512:78E30E53F9485E704FC1383EE84D4B6E3F2A2D48DE39E303E9EEB97DE2E5A43DBB37AB78BAD922DC1FCC8F6C79F727BD60A577CF3008AD23C1A0F59ABB7939AC
                Malicious:false
                Preview:..g...........Bn..|}.y..j.~..Q..P.P?..!|.S..R..?....a".Or..$....n.....\.....8'...A..S.r9..l.z...tR..G....i.v.{|..}....>b.......s.....J...,R.5..l<D...[(.Z)...+f:,BM3M..&8..W..W-]..(t%....0V..j}..#.......{ ....q..m`0'#a%!..#..{.d....a.....9....^m..k...C.hE.&$..SF...r..a\.~.."!%tj.c......&?A..*x...y.....j&.5}.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cjSenkV.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):467
                Entropy (8bit):7.606095102853296
                Encrypted:false
                SSDEEP:12:mPiS6jpYLeAVOiA15zW2HiaqR7fYt70t25YM6yJ0H:2xCCLfVOiA1tTJdU2uD
                MD5:FBA44DB19621B1C93CD8BBDBA889F80D
                SHA1:CB8051116F07ACE522E27ED8025058527D165903
                SHA-256:6AF9E41FC4C8CFC42D19C1E091BF2C24F025871EB3A4BFCD0EABCB5B31802BE7
                SHA-512:C5F61DC593BF4FEF2833D64BF70CC0948A1A0267E1C349AF5DD660DC04F57FD9E5057E92DBACFD4C5D5A210E6453B5B6FF7159ACCBAE84314507E65E60D8DA61
                Malicious:false
                Preview:I.<|.-Bg..S..>....`.K..X.7_....+...S....Q....Z.<p.DgY.}F...vk,.Nxf..>..G....}>.........+.o..a.[..H%......0.8.%1.U&.?,.....u.ba8.f_..p........Q...|M.N...4..Au.RiY..9O...5yj.....$...V$d..Sw...73...0...v.6\~=Ad......."......./6....'A.......S~...E.9....^m..k.....;E.:.N...v....P.....I.....B.yw.Q...b.K#.9.r..[V....\.;J...q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cvy3oXk.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):477
                Entropy (8bit):7.584031673127961
                Encrypted:false
                SSDEEP:12:MB4b96UuhIwfBnghInm+pevgbz/2MXN2t70t25YM6yJ0H:YVJhihI/qU2uD
                MD5:9219B983544C419BDC5C1F5D561E00E2
                SHA1:8E0597DD79202E4FD504FBBD3BB7D0359095E871
                SHA-256:0CAB75989B8F99AAFE6B9EBC8CD5C85DE489F44945D385FBDB854F867B2C1345
                SHA-512:8B9CB06A572F7424CF8DCAC883BB99AA4CBF6D5665696F0C6AF5D4CF54E62EBC777B0399306FF72362586638ED960562FDDBC96A7511889D37DE741EF23BA2CE
                Malicious:false
                Preview:7."D_.5$...:a..!...........0&.E.n......./.....Z.....%....}.]Y..>D..LW..m...g..cb...k..]O...}Ke.v~<.c......._?.4..6|[+8ch...D..~.............. p$.....J0.$....6.....<.k.|..i......L2.n.0r.>.n(W..j.EE...q!........!.q3.tX+M.F.......w....../2))~..`+.O.....S~...E.9....^m..k.g....)8.t[......R...8.lPb..U....8O.:...S.V....D>.r..b'......j.dq.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\dUTYBWL.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):462
                Entropy (8bit):7.535607829323316
                Encrypted:false
                SSDEEP:12:91CrsabRoH0oi/WJybt+qq3t70t25YM6yJ0H:fWbSUoeWJSVqdU2uD
                MD5:426E33297DA7EF533EBCBF8A8D4BC89D
                SHA1:BDAF278F633C1721B4766AFE0058CFFA80AFEEA0
                SHA-256:C4CD49174211338AB5D975AD74A7B0B7BF8EEF3557947CD2DEDDD26EA73ED586
                SHA-512:8C2046EF4261B41758FA69612D010D868C32A5AF6EFC41AC15E58849EEE63F08936BE7C90AFE6814EF81EED2DDDFBE2CFD6661F9B21B3455262371C57E6093AF
                Malicious:false
                Preview:-..=)....*...*....V-&..s....R,..(...{.Yo.i..8..b;$....._r..U..s..,....=.R.dZi.h&G.k..t.;.b.,..*A!.8..V...?...+.6.[.{.........}.b..-.j...5...v.LQ\`@..<M.....B.1.$.L.xh.z.....E...z.G.Z.}..K#Sx..,=.....=^...w.......s..U...+1.}3..H,.....Qa.....9....^m..k.....;....d.d.Z....]..F..>.A.$[\......ihG.Z)+..8t.....T..\..=r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\eS2xyaV.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):468
                Entropy (8bit):7.613405379995644
                Encrypted:false
                SSDEEP:12:RngeYtjdnmjIrtf6Hsnz/Hx6b/2+hVGoZz/YQit70t25YM6yJ0H:sjdnmsrfz/HcbdGoZIU2uD
                MD5:E4DBCBFFF454865A2EAA5A2FD1054ECB
                SHA1:D978C584D85BC7F0A9DBC8F4BB94BEF95EF93E77
                SHA-256:E3B5EF5BF6B482384EF5312126A36EE7A7F5ADFB67D7FFF8AC07FAC7B424C4A6
                SHA-512:B5CF0D3FFB80C4804747CF9BD0475C514C4065313C5D8B517AB33FC673BAA55AAEF6C92649C5772A98D3012B37250E920902F24E536C946DD96A6DA7017773D8
                Malicious:false
                Preview:.6....O..&.Z..Q...../G..s...O-...U.z.a...$.a....D( ...:.t4Gt.._qs.#3.b.4.....!..2...E......f.........M.?.#. ~..-..>...z...T...3.......G...gjW.{....E.\3..fP.a.E..1z.i:.\..p;.../......$`V..Vj2.:....Jc..d.{............v...Y...?d.(...Tq.....S~...E.9....^m..k.A.\)..N..+...-...H)M....\H.7;..Z.\<.~.......N.....P.T..AP.(..q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fEvREhw.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):468
                Entropy (8bit):7.550350305200079
                Encrypted:false
                SSDEEP:12:jQUROOAVGUWzVJAPxAFGt2+VJ5S53t70t25YM6yJ0H:jQ67AVqzV6AFGVVJ50U2uD
                MD5:3109E0E72D1963D98B2FE445A020A7D5
                SHA1:B5C1EE05E39B680F0CB1E7D93F5DF29A954EFC5E
                SHA-256:D0E9CA7DE575699B2D52702E073E46C19DD4E2AE08155EEE17DB66F3850D8077
                SHA-512:979F54095EF05CCFDA712C5203F64C8BB6C788CBDBBE49BF2DD3D5643A55BDE2F5B1028E8C333FCF46662FDADA1C950FAB9BAA546E8C83CC27065AF9851497BF
                Malicious:false
                Preview:..1T....O.....q..m.4...b}.l..N0...<DO._.d.......ogA{T..'..+.t.FD.:.=.1.T..\.g..@*........k.*.7.7L..r/.g?H.....=..G.`.8...hF..KZ.+...rq..5...96.X......i[c>._...7..%.UI..K+.Xq.I7.\.-.x....$1..Lugl..$....a8=..Po`.......#...nK..*1! 5...~.[...S~...E.9....^m..k.Sr@......1...`..q?W..6mw.......`.1.h...!.iT\._........d.....sq.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fo85Yba.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Secret Key
                Category:dropped
                Size (bytes):464
                Entropy (8bit):7.599732048178875
                Encrypted:false
                SSDEEP:12:F7TfGTaOylD7eMxXhtfGbtSB56QXt70t25YM6yJ0H:FffGRnMNhxGbtQ57U2uD
                MD5:AF7252F24E378F6751C8C8651C896366
                SHA1:FCE20E66736238ACBDFCE82E69685CEB3DA0D478
                SHA-256:B32F9413B5A8ABE45E0B5C9A19C7F9DCF2D5F20CFC6A74B1F445A6078572E7AF
                SHA-512:F938818CC7627F5FD95C3C1EB7861A7618E4AAFBFA516F1845C6B612DD573E42683B430D45983FCFF4C1C632FA612CE59B190237AD2DD75045B942A127A957C9
                Malicious:false
                Preview:..Ja.uf$_..1)..[...d>..W}F.N.z.:........~...@.Ha...dA.8.G...*..6...].IB`..N{7.&...DF.0.=..#k..#...0s4.&..r.@....;............6..j<.W...K..Xy.uH.: .b3..L7.j..'...$...$yO:.A.....vZKR%.v.H...e...cW._....{.....lu..!.u`z.......}T.W.....?c.?...k....]m..h..r#...$......'..<8*g.W..A/........6.].6.x..gr.zwk.....U~Z...s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\g2WNZYM.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):497
                Entropy (8bit):7.5775048477876945
                Encrypted:false
                SSDEEP:12:6mjM4JWnF0T+Nc2b5Aklit70t25YM6yJ0H:6iM4snF0T+pb57+U2uD
                MD5:CB26C4D3419253FEB33A06ABEF3B02BB
                SHA1:9072A0CC96DCD87EC6892E8BFDC53ED41FAEAA8E
                SHA-256:9F6DB481BAB441D00EA6D19F1518464AA62DDC267738E71A7B6C83AEAB76CF97
                SHA-512:359DE0B4D3073306891B3372794B40374407C43FF8061D0A36697BFDB313BCCD5C8A29805D9E6092FC51B3BF565C2B5189E32BCC66FF05F20D62AB1860758C0C
                Malicious:false
                Preview:.Ne..V.9.yQ............)....,...cVZ]..6..[..T.m./..7.z^.~..D..5.S..~R.v.pL...#C6<.........n.nU..B..$..p1...$.e[.\A..Y..M2...+..w.c...h....?.a.....n.....AH.{.A.._....fj.nc.(.....5.2..n.....@I$...,.;.Z...i...5.......0Hp....&P.........wg...........s..\nJ..(86-.v.\-....h.Z3c.?...k....]m..h..r....RypJe...J...p.2d...........ai.1.&.W..75..)n9.....5.....(2Vts.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\hL8ty0W.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):469
                Entropy (8bit):7.526606414303687
                Encrypted:false
                SSDEEP:12:WZIhIB/deiZTC79LcT96kOWSPR9GEcBwNQBdmtTD+7zt70t25YM6yJ0H:WZNAsTqoccGNQrmJ6JU2uD
                MD5:AF0E15E691D7EC0C2A1216C9346DF5ED
                SHA1:833D60D55EF43CE36E0CAF901465307BA81992A7
                SHA-256:E350E7016E6E54FFE02690C1F54B25A5371AE517AB40541F4E55A554BB6515A7
                SHA-512:ACC583C1D8B02AEA1FF6DF19F03CC1B72328F6ECBCE5F52DCAFA3E55CC82CA12ED3BFBBF7556CA229B0BDBB0443178D1BA6625F6430B1511797648DE4F93AB99
                Malicious:false
                Preview:..Z..Wg.N...U.K$..s.....1..0.O.Y.d...|..Ch......Q.R...r..!E.l.[..H.m.-..b.U..6.[.c..`G*..*..@...e.....u....e......../...:...'..@X.{..E....9.R}.....I...F..#.,.z...:......t.i..s..m e{....."...`O3$....5.q.:...&.-.....N...W.3zE.5z...vL.f.d....a.....9....^m..k..\1..8~.;....K.lr..f...N...h.....<....N.>....M..m.....\.c^+.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\hxSQlM1.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):445
                Entropy (8bit):7.515005054333335
                Encrypted:false
                SSDEEP:12:wzFlyZB5Fv79Su9Ckchj/2hnlP326Gt70t25YM6yJ0H:eFlybDAtthYlPG6yU2uD
                MD5:79BEDAF4983D66F60F465C7D4681E394
                SHA1:51ECB172FFDCC261FE2DDD4FE2753B817F131524
                SHA-256:055E74363C216A3C9C095EB678A273C0FE8256A567D431087EFEA068F01F5335
                SHA-512:2B4479DDF1FFD0066787E768E0CC9FC0CCF7E079E04EEF6D27BBFB82FB2097606AC261F742A1F93DD59E48B3754E720A5643CEB92492BAC8AF4F4716AE4595BD
                Malicious:false
                Preview:c....p.z....k.`:...wX"...:...j..5...;.4...f...D.I.Kk...a..!....6f.h<.d"W....p.(~./..W 'b.h..z.wu....}.r.Y.#8.k.;|..Rj...0.q..h.^...5.....A.VS\m..z.....o...=N..A{.C....u..V..a.5#.......:..}i..e......v....1b7..K..Js/.W...8.S~...E.9....^m..k....!.........\8d...@.....V..S...5.'..u.".|CW...]..Z........q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\iZRDDCV.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):463
                Entropy (8bit):7.531265489264524
                Encrypted:false
                SSDEEP:12:xbSTuhB4UTvsrRnM9UTbv53KJ2t70t25YM6yJ0H:dSKheUT0ZM9UTbPU2uD
                MD5:F6753E948C4AA21BA8ACACE2F169DE49
                SHA1:B69598FE1F0FBDBE327508C2BA5229449DE0D4E1
                SHA-256:E22B97A769CE3EF98FA085F27D78A016FBAD92BDBC16B2D7FD72FAE8A1B232F9
                SHA-512:4AF6F3669A1191621C4AD95F194BAF62EDECA12E85BE447C35C3F3563F62EA41BCDC781035357FD5D62F1D20C98A0FAF678BEF2229FE632A71B6C2EDC1E2FFE9
                Malicious:false
                Preview:`w....e;Pa7.......hW.*f....{..-|aN|.\M.A.....@.|H.k.>t...?.."..=$....H....p."9....`~h...>.'c....#.".z.[co.$T]+}.K.FOY..h......G...6..V.i[..i=...&....LA..uq.k..U...O....*O..>...G..].dD.Y2...-.....I...................u.....d[@.......a.J....AQa.....9....^m..k..E.} |.6..b..4....*p.Jh4.2.S}d.xO.Z}d..6.!.|....XA...:...H|%..Nr.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\6GOmDjG.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1683
                Entropy (8bit):7.890737984066461
                Encrypted:false
                SSDEEP:24:c9Ss0F0r4Ixs+3MHk9Dg4rNRVXcNAZIFzlH9rdGV9ohrI8CU2uD:cV4tpklFragIFN1dTm8hL
                MD5:34F1612A485E529D4E1A90E9F30462D1
                SHA1:FB2D70ED83477C798DD8762D46351CF275F33065
                SHA-256:4B526046C110669CB68EB93E5B1C9A4010392B49B5261A73F14CC0073C4F8602
                SHA-512:811ED10C8E6D5F885DB183E4A7F0E1DA83E0CF9C647E72CC190CFE3875E0DE95A8EEFBC490A79A0EA0EE61989BA19BE6003EA4243DE3C4FFC018E8E5E0816961
                Malicious:false
                Preview:-x.nJ.Tfi..%..V......[5.7y.b'l.5U..7..N.....o.....a..d..........$..y.xS.|XX..K.q!.a...t...9.d......" b..A.r*....c#.8..f.]/1.L........'...I....`.. t.o..r..?.7.|.].h`.]>.8....q..DY.....xdiW...q.0+0.@...Nb..p.7..S...2._...y.~T\..\.1.....E7...z..$J.]2....d....zI..U5.w."j.I.P..k}..S.......8.H.%..D .........h9-.Vq.jN..8......K|E!..._.i.}..>..y.....(...'....i...x.~g.}-...^....f..Q..E...h.J.N..S......"U.+_qO=|.....1b.*[...VN.w..._S..R...wO.`l...5.iwl.Z}%1.b...DY...V.@i.I.P..Uw8[.5y`|.Z8?J?f.\...Ep.....Z...i.vl=..{.5.-.._,&^.K.#...&....n.. H.....:...z.s....g$.m.Y.....A..&..R...)n......ui?@0..d...m.......f+/.oF.......N...1....... ...7gAn&t..]i.=._....r.(.^4..[..... lA....|t.m...K..Rg....Jx..^.....*}(F....#.U.C"p..y.....+.6...=.P..[.....0.,........75.F...]..Fb.....c8.....$.....(.......K....x\.P..qU\...mZ...e.O....=J.,.&..e(...R.Cy..C..h...61w&..4'...>.Q!BNey|.....l...J..fp9t.....?.1.s..#8+|......t..%p...2K...w.E..A...g~.Vs....A..hNa..".g..3.^6..g.

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\j1k0d63.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):253
                Entropy (8bit):7.181933137933825
                Encrypted:false
                SSDEEP:6:BrV0N1DzYCnhCmZNa24sJakyHDttjL45YM6yJ0H:HGJzYKhL3t70t25YM6yJ0H
                MD5:73D1E451737ECD1E9BBF5BA4D896657E
                SHA1:AED85B89BB18EDA7CBE4FDE0343C969FB58E861D
                SHA-256:B67B27484F3A9EDB66FBD163211B2A77762BE56CAF1A29B66F25CCFDD62F01E5
                SHA-512:221FB56382BD600CAC346479DC03C2A596C24BA19AA02545C24A18C0844F7381AD460206085BB0F45F9E606D17C8E94E9F8E8E8D8FE08DFC9DBEA63C9033EF20
                Malicious:false
                Preview:...3.'-.V~W.j^RkO..qo........"...z..&.<J...EH.o...S..D.h..b.3......?.r.Tq^..0e.F.B|0i.#..Y.....`^z.?1.....Z.....n_.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\jIMlsfA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):479
                Entropy (8bit):7.574293687359043
                Encrypted:false
                SSDEEP:12:OJ2tj/6pYz9WYHaMA7/bYnusHhZLXd1S1t70t25YM6yJ0H:TuEWp/MusBJdw3U2uD
                MD5:627DF096956ADC4221B90AD964DE5F66
                SHA1:E0222D3260C78E17541540E4C5BE7866AAD03288
                SHA-256:7D95E7855E88E0E18507A709D9EAB4E41EE0BBA9BF10278A855A918B2001E4F5
                SHA-512:78AAFF7D34D09211751190879C50B86ED466099D421F46B880070B188C6E041F90BAD3C8443F09522B90C61BC228BB96E8BC8CCB20559C165D25A0D45B88C06B
                Malicious:false
                Preview:.r.67.y.B..z.=E.....kv...V.6.J.<r...yI.Q.p.x.....Y*-.-Eh.0.K.nw/d8$.I,.....G..r@...................$e..:...}.~n\......(....J^..0!..nzM.M....0.R.g; 1w......FM\.P.,XK0....d.....t[t..(\#.J......bV.j..5G...Z...o....Qa;l....AN.w....n..........pO.+......Kx.m...S3.....:....^m.2..t.....\6Bx=...M....=..E..8......Z5.'..i,y.[n..s.r....Lvn.=..m.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\l640fZh.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):466
                Entropy (8bit):7.541172459254666
                Encrypted:false
                SSDEEP:12:tzz1nTstgAp6L4JBEHBMxbrZuH+Mmt70t25YM6yJ0H:Nz1YtgJ4MOxbrZXU2uD
                MD5:E01EEA8A39B97FD8EE3B37BE28FD5850
                SHA1:197365968D1629A3A583A55D35D730F5570C96B9
                SHA-256:28AF4F7C1578645A12BDEB69D62525CA416A41E0C4EBC58F32CF2A7A04B48CC6
                SHA-512:9D218D5A4BE834A3C9698F159F674ECABD232E6DC84944B2DE7768FF67085C7A3BBC27819A843EC24A30B80FF655104BBA03075CCF01B3B722EB384B5B5F18FF
                Malicious:false
                Preview:..;..l..lx.C.L...5.@..kY.3.oW..o~z...#_z..G.1E.{..QS.W..w....%...4.N...A..k.9.B....j.. ....c..K.a.()'.,...&.7V..,L..7t(.h.JB.a.q....-./.r...k.1.`m9...v.{l..K..............u......u.l...q.d..4..1..S..}....Vo.+.V......r...q.c.#05~..`%.~.g...Sa.....9....^m....W....[.a.X.d?(]..R.n..u........>st.$...Q......AX.#..),n.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\lWBow5p.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):463
                Entropy (8bit):7.586481228903062
                Encrypted:false
                SSDEEP:12:sJUiF+w2T4vvC+ujJeQ8QatBFh0rTxL9lst70t25YM6yJ0H:sJUiF+v0nCVjJeQvaz/0rTxLAU2uD
                MD5:2F532F975251C3AB9F6468088E7E4AAB
                SHA1:74F24BEFFA7B7655A03EC7996B05BB5739E7F88D
                SHA-256:26A6833797BC3CA52F8FBCB681847E0F7545F6B989667EEEA4AB6EACBE9B89D6
                SHA-512:9913957D016EA23EE4486F223A294AD0C1B65DF2BB0DA72554BA0E7C01A3D7751D4D0848D606EEA4E33DB710A2536DC4897A52E3E65E3927E676A4EBFF28427B
                Malicious:false
                Preview:.nH"..+.Bz....*.........;.!.:c...@.r.>..ws.......7.TY...O.W.+..H..o..8...,.....'.!..wC.,.r..#zF..=._1../......T.....J.*......y.,....D.g.9~%......ByK...=....q.w.....{..3w.yP....3$.5..~`.5...1..t..<I........1.........$Pa6.E...S."].h....AQa.....9....^m..k.......&...4..3.X.${...zq..r.._...=58..s~OTPWs..W".(+....N..G;..r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\m72gZ5U.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:mumps avl global and 58 byte data cells
                Category:dropped
                Size (bytes):468
                Entropy (8bit):7.521353423881423
                Encrypted:false
                SSDEEP:12:cLo9c81vzXWTRIjqRnS8/2v7UqtRnlxxt70t25YM6yJ0H:cu7vzXWTRIjqRnQnlZU2uD
                MD5:A93389F8976B6824973BA20F32561074
                SHA1:3E1805AA2F7904574E31D071C9DF3F55E6E4ED21
                SHA-256:B17C5AA092A0EA6027EB62BE8BF23ACAB9768F07DAB5A80684ED7A629763A702
                SHA-512:7A2291578336E9F7AFA94D05D29D2BCB3B734DB54A08130C222F87D9FDD0AB8167B8829DB617387AE207732BEBAF5F21A7AD158954A9B00CED4EE78E9175BA7A
                Malicious:false
                Preview:Y......:.$M.e.*f+b/.....z..tdO.Bq.&"....[./:o..........[L.I..+.n.1.!E4...........g....2.ol..(.2.O.X}q.Sx7;.../.W..._...X}..w..S1B.P.a[1P,e+.ps.9>.. ...=...|&.N..oM..R.f.q..>.}m..q..x&1X_J..473.oZ..C"V#ii.Oa....ETi......s.......(c0*...dP.f.....S~...E.9....^m..k.+.3,Z...$^...7.-...kC.@..c|i.g.I.!C.R..C..3..d..wlN.[....n.C. ..q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\oJ7bdVx.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):469
                Entropy (8bit):7.572118094405918
                Encrypted:false
                SSDEEP:12:A9/S+K0YtChh2uGAiskaZLOX+Yt70t25YM6yJ0H:AlS+K0Y431daU2uD
                MD5:59765D84CD1426A9D43774C06A95D32E
                SHA1:9AD32DF9C2A19B5967D619BB67DBA3B0A6AA9CD4
                SHA-256:E8D099FCBA6D533B48F6E0042EA3CD61B3BB06F729EFD032C9B3215CB7B057E1
                SHA-512:141BD81D70B1942E14A67376FDFF153D6B951DC9653BFA131A05AA577B8282F7677B1A492954F8C4205038D816A13DF90EC5935EBAA442CCDCA6870A67AB0E5B
                Malicious:false
                Preview:AA5-q....p.K..&K.....g..sLR..(...g.il..B|..!.."...<..1$....B.......#.!..v..>.....x3Y.Yq/............Y.z.b.......-.`nr..rz..HG.H.2../..l.-..82.3...S|...C.|.,..}......r(....6....DJ.n..'..8..;j.N..X..T[A..U.....I....~..X...(72,..ixBN...>.Qa.....9....^m..k...7.}<P..}@,.......[.._..-O ..D.(;..c....8.\<...G+.P...u5P.A.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\oSr79uo.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):480
                Entropy (8bit):7.564669609604493
                Encrypted:false
                SSDEEP:12:vP0lenyooZzaeTtZHnKttTOLoUs0AJfit70t25YM6yJ0H:ce9mmIFK/TOMU9AJGU2uD
                MD5:E62424BFCCBD055FBE3F1B8BB8A4827C
                SHA1:F30FD3FC2CB1E27F89AFF1AC1A2E050A71688DF2
                SHA-256:874DBF0D8F7245C4B75F93449442C0E7AC74CDDC6ED1A75E271584702D08FE6A
                SHA-512:EEDEA39B7B165591615DB10C88BAB16F6DC1D5B028A6D7C13334E0FF4155FA95C6B46B0039A35072BB6FBFE4CE3278330BB880C896EA248FA9DBBDDF24D12DEA
                Malicious:false
                Preview:bx.l.F}>`..2O.jJ..b......V...6...f.|+vK.j.....u...:.7.....B.E.Pk.w{$#..^.*X....!..S..U..!b.j..v8['5..P.0eP...Q.knF.j}...o.......MWNc.u.'L.<..3...B,.G....~.n..St[K.<....b.:.G.0,._1...O..@..aS.p.Z"@ZO...;S..<...f.An.B......B6..n...7 Ly...sN.z...AQa.....9....^m..k...R.._.Wl...... t....`}NV......6.f.A...a...m^^h.%w..~...[W...r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\oU96HMA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.563796874186325
                Encrypted:false
                SSDEEP:12:vK/mrVOQXb2d7XAlo2Itt70t25YM6yJ0H:v+NQQlvU2uD
                MD5:1D39FC26C598261C036A2E699B66911F
                SHA1:E85435FB73960C476CF0A8123BAC447599E4BEEE
                SHA-256:BBA2B20D2B0CD016D64E0D4DC10B104AE84BB9906AB96525C296C1E011807A59
                SHA-512:70B4D8E33715725120325A4D96267BF869450160E29BC4F5C36755D3FDB845582D0B8EE73700D268C7A0F8D4481A06AD8D7939F88E0CE063066CD0805B4965AF
                Malicious:false
                Preview:&..j.j..]+.I.^...t.X...,.1wY......x.YK....c.G..\......N..fH....=<..O).~....j%.5...w.<.X{;.X......~..:I.....<.B....c.>UJ..4._..P..m,..n..F..I..Fn....'.~.n.P;.9.e..M6...,.*...c..g.]6..I.....1.M.q.Y+...."......"..iK..+c)....t..0J./.YS~...E.9....^m..k..z:r;...Q.PX|..m&n.....,.4...C .E....S,........}..3.#.....>.?.q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\ro8bB6d.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):487
                Entropy (8bit):7.550413533289536
                Encrypted:false
                SSDEEP:12:p7FnGOv2POwJ6K25cs+Aj9k2X/hLdQVBYt70t25YM6yJ0H:ptGCSOY6K2+bAj3QVB4U2uD
                MD5:3B883248ACA8EA23BBBD517F2F6D20EF
                SHA1:08F15F0E0307F16094AB7A4D19558E2A0408B422
                SHA-256:5A266AFCE9CA7703C3EDCB4DFFFEB5534F2C03628F038CA7E94E400792321746
                SHA-512:0BB38C0B7A80138928F4C4999EC781D586BA16BCE6A30A8EFDA3BAA57474D67A49A91A90CB9DB502A5F4DC93F4AA5CD685E3CEFB52FA4488D7B5B7C6CAA0EDFA
                Malicious:false
                Preview:....9....2..ky'.w....)..K+R,..{f.G.g....H.0U.i....a.'H..u.C.. 1.^.#..P..)\C.q3.y-..K.h.%hAAJP.E.B(..tS.&>.../...".(.%.d..nP#&.Os.....k......95RM}.........d..-.6~KL.9.%q0.........u..&..R9w.]........J.s....u..R.....U...t..+.&..T........2xw..)U...:9 {..'E.....S~...E.9....^m..k........a.%.f..Tu..z.sIl%F...).8.|.t..r..N.....r..y....O.1..{5q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\rulN1gx.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):461
                Entropy (8bit):7.4912961597046355
                Encrypted:false
                SSDEEP:12:RcXFMj71M4d7tuXEV3r5Xb27Lk4UVoLit70t25YM6yJ0H:RQFMj71rFt/JzxU2uD
                MD5:E60D9B0C0DD533A10B1CEF15B149D4F3
                SHA1:98B63142C31B5D873F43959352BE93296C8E24E9
                SHA-256:7E0D94432AF40E31FC02F9A780BBED4B67E83B3FE43DFD346F275E4CA747DA4A
                SHA-512:107A47C0D0C890407B169400E7275F1F5AEB2BB03A2D549407F29EC669164AE518A2BC506B6424A759AC8705533E69280A12AB2305B7B598D9C58B5DDFB3679A
                Malicious:false
                Preview:.....F..J.L/i..hM.k........F}8P..V.n...S.Fk..b...M..9..LB.r..0E.....[xG.gO8.....5.-6..+..-.g.%...U..P..4.B.a....9.)....~.'<R..7.0.tyV...............#...e...QQ...|iu..[*.#0.$N....SFc.D..5@.x.. ER...}r.?d.......r.D(Td<.B.....'p......YS~...E.9....^m..k..T QDWW?]........Q.qmM.*...Z.......<......@.a....v.S.7...#Q=dq.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\seNf4nZ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):465
                Entropy (8bit):7.576400604127661
                Encrypted:false
                SSDEEP:12:Z/I4l29nrCtxRFaDOM/Dcjnu00dIoTBt70t25YM6yJ0H:Z/I4l29Qx6zLknIdIoTDU2uD
                MD5:468807AC095AC049BBA6419D0FDB865C
                SHA1:93C781E7AE7F79D16610B598976C362E511EC4A9
                SHA-256:A3F647545A3139D6BFF054B6B30E12B7C80118855216A9069930667FC1B2F814
                SHA-512:F44572E3F5279864321C5B1A36FD90DBFA9DD3A359F0198FCEDCAC77FC4C14D0F552CA4393A39337273E3F7989395721D46069F316D05BA6F7E0AC83597BAD5C
                Malicious:false
                Preview:....!.W..S..........).ea..|.........4W..h..YBQ.^t!.f.Qi.GU.T.i2..G.GTIQIH.D...B].X.'_)4.KE(..,...\..IQ.?...UHQ$T...?boHj...>.r..g.......Y.......t.u..M1%.-.H]d.G.h.A.V....v........!.:.q?[17...E|.#....RH5......N...Q.<.%.Y+........'...Sa.....9....^m..=5.i...}y...HZw...cp./,.#...D..+......lI...S..<.du.th...."..'n.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\vxY2wzQ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):438
                Entropy (8bit):7.572485163630128
                Encrypted:false
                SSDEEP:12:77PxBDy8/AUNfA2p2+Hqt70t25YM6yJ0H:77m8/AmfX24GU2uD
                MD5:A642DEEF7A0EE3B0C2AA683BF57EADB6
                SHA1:984EE92326F6C076D29C3381F053D330A26B1FC7
                SHA-256:8CBACC87709FC7847B7E2E4BB3BA47AF1AE435F589F1566041E47A104736C271
                SHA-512:11E6CB82F9E49027D66AB1D6726E7C9AF072D30D02E738B56E22A5A26A7A6B2A612FAC7A4B3AE1481D454BFB27FD5210EE69C025D952ECA423E12D0ED62A14F0
                Malicious:false
                Preview:....SM.X......<Q.1j.YD..k+!.V.9.4k..N*...f0(`\vC?.L.]..A1...;.])...;.\...u<.(Y..ox;..4......Fg....^.B..+.0s...^2Y*..e....C^.H.....].`u..t...V......].....XY>^.:l..../7..x.}b..rc.......".....=[D.Z....ST.....P.S~...E.9....^m..k...N....9..'U.L.S.K..6......F..:.GI..M.|r.........5..H......q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\vyLYPkg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):498
                Entropy (8bit):7.58915985312301
                Encrypted:false
                SSDEEP:12:owqsfXbFG4ZBZNDEmnC1IEVrtat6Dyc1t70t25YM6yJ0H:nr44ZBZh3CuOrtatKh3U2uD
                MD5:E089EB3627BF209956326E42EB7D208B
                SHA1:F1AD652C0C151CACCFFE150E70FA5E090AFEB7E0
                SHA-256:DB8D3FC81BF91DD3173520685916386A5D4CF32C2B3AA4DCBC4CD330AFC420F3
                SHA-512:ACB35A84C56C6428791F628774983EB7875CED7582B94F675CE37721B22868D09178CD973E989E004294DC79C610D305B78061F95F99459AE78ED6802A2CB49D
                Malicious:false
                Preview:...........?..T3.;.A.^Un...9^.C..wS..X..9.&..W....m_7.a...C.....+7dJ..~..W.z.:R..dv..K)....G...<K....3.|.y....$.M.....+[.....qx..<......<E.G3bk...}{W....P.]..".Z.z...D..3.~.t.B..R........=.3..}..[..f...)..+.X_...FH....N...q..x..C...e.>... .HIf.ZnK../2....}|.^....a.....9....^m..k..?.:`.r1_>.c..Y.WsP..C.Mn3....B...D..W.\..v.p..Z<.T.0P.p....g..r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\xjKmuBR.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):455
                Entropy (8bit):7.592782160634324
                Encrypted:false
                SSDEEP:12:mqVVjOtIHzfi29kTLO54J8UuNb7K/ZI21t70t25YM6yJ0H:nxTfi2eTL1J81Nb7EI+U2uD
                MD5:B12AEE1D0E914461829DC3AFE7192E1A
                SHA1:D17685FEA6DDAE5C9A2CED96B7D321EBCE725DE7
                SHA-256:BCD59837652F3E33594CB2825A9EDFACCDDA72C0AA4706A5A7AC0C74624CCD05
                SHA-512:1F3A34CE64D55EEE66D47EEFA2653A69FBD8E2AD80608CEBA1EECA78DCE8E14DDECB0B66B272F86DB437A392885E9F7970D2749F108B3A88139F6A787E156ADF
                Malicious:false
                Preview:?.=.......jY:'.Wwn.k......F....M.....7.L..P..N.p..=.-.........Y..Hv..1.%O.......C,.^......k.).,tJWY.,.w7...W9O.K.N*....uc...A8.].Z$Z..P%.R..X.H..."+.G7..8b.V...*...ki.).-)/...Q.[..O....... G.E,.......w..S.0[D.5..Y.I.X.J.*..Fc.?...k....]m..h..r.q.....E...G...D*.O....Wz.j.!..C.a.j.e..C.y.4.k3...ym.......hs.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\yxCESDz.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):461
                Entropy (8bit):7.5661122659859155
                Encrypted:false
                SSDEEP:12:mCh835+mb76j2enWPwMCIIoDzRt70t25YM6yJ0H:Jh83R76jnn/MC76U2uD
                MD5:C4F709F0243C719A72604EBF5FB9E54C
                SHA1:2EB4A3DF57D06B0DD34773834FD31D51EB44F3C1
                SHA-256:B94B4224F5EDD1EFD3E9D6C980A68AEA1660ACA653B9DBB846D7BAC1C80D656D
                SHA-512:740FD9947ECE1AACF7855C7A5562082E7F33EC6C78FCD7E127E6F9FF74194CD8944607B4A2F88C0EE5F5DFA9C4F1E050DFADF70FFD2D36C32EF861FB2FE09800
                Malicious:false
                Preview:..QL..x=.....{?....}...s.A.n..}..R..Bax.....%..:.)1...3.......<".D..|.B..-...........=....U..\.7C..q.\'h..Ag_^...P&<^{..N3.x..S........]g.$.;..3...Z.!..6.[..,Q.W...W..nu.s6...7....Gj.#...N.b...5.b...;..........V...(12-....l.~......a.....9....^m..k..:.k.......'.......m[.......3&....u.y.n..>.D..Q=.Z..7.S.c...r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\0JlNYXv.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):291
                Entropy (8bit):7.252358461293994
                Encrypted:false
                SSDEEP:6:wBa98nTm/AY+sMZ5/d+/lnB4l3k4sJakyHDttjL45YM6yJ0H:gTmIYWhM/1B4St70t25YM6yJ0H
                MD5:5E15CD523D21D207D74798735382D9DA
                SHA1:1EE2CFBCA57904ADEE7CCA3C72E0ED486B4F7CC6
                SHA-256:18A93C83F835193ECDF0A4A14EE7783523540ED36471A1ED69DF26EB2A75927A
                SHA-512:7E8721EFAFE6A72F6470A638B56320CB0005CCEAC8E381C4DE69559C2D53E8D684FFDE5EEE237662B4F5C53F4C462224F2E5139AD33835F33E016DE70565BA07
                Malicious:false
                Preview:.Jp.d>.TO..>.7[.B#.....Z%......=cY..|6..G.R...I.....j..m...3i.v...X0.m...S3.....:....^m2..-...#....c.8..lk...V..G....3..T.~].Y.Ha..}.C.Vj..w.&...O...m.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\wNiSZJy.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):253
                Entropy (8bit):7.156674799888125
                Encrypted:false
                SSDEEP:6:qFlRDwt1DzYCN5XKCWb5mhx4sJakyHDttjL45YM6yJ0H:wlRDwtJzYKKB5mDt70t25YM6yJ0H
                MD5:8921FD57D3D6193A710413EA99DF8081
                SHA1:B803AAB6107C0B20BFF01E2D98AA122C877191A1
                SHA-256:9B2D3E4875A2F386E3F31531F50F02A2A1BECA1318DA4201EBF439B1B41C72FD
                SHA-512:27C93F8579DDD8B5187561197AC579C8133DCE11634A38587138B3C1994C747E4E33D7804BF9318B8BD09122EAB533633AC9C136F4E40278292C2561CE8B3B31
                Malicious:false
                Preview:j....sJ.b.%..:..|.\U......"...z..&.<J...EH.o...S/:.0..../..%.)d(....k...-.....M.J$Xh_|'.{...;?..H.g.=.lY%%....._.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\3PtTvj9.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):560
                Entropy (8bit):7.612391204248183
                Encrypted:false
                SSDEEP:12:tkrIk+dbpCz0Hl2ZDtN/GN/V1EAOJYgFH3XQzdt70t25YM6yJ0H:tAIkpAlIDtN/uqbrXm/U2uD
                MD5:207BFEA034CADFEBFFC8B2483F68F7E4
                SHA1:5E3CBD36D29273888FADF0EEBD7A1DF5443BFEB9
                SHA-256:076DF35B5A1042784CC3316A5E4AFFCFD24EE7898B155467A68312906295A86B
                SHA-512:53E5C84EF87D7659C8D07CE2C1982C6A08C950410288284D8CC9554CF23B449611833D6FDB5FA4077812DA5311737767FAEE4C4BC29194869041DF37C9198926
                Malicious:false
                Preview:..C....2....F4.g.08,. d".....>.Z...e....b..y<...Y.=g.......!....X.z.'P..D..JZ...v.q.}_.#.5....k.....,k..!:..V.<.....(..e_-...Xe...{N.E...P.....4z.....q{jG...K.3.#.s....Os........}.....X7...Q.(.:..r.0..J[...2 .uDN......./.......^.....5.Bo.'....d...........+Jc..7..,.....{.].Q.4.d.......Oz..%..../jg.d..:n...........j..........1`x..&.<....EH.o.../..o.|.e.........._.v.a......."......2..s...dNj.-..+,...[.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\3uzQhSC.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.125877044247516
                Encrypted:false
                SSDEEP:6:AlANNzxseC+wMzoHXeJUHyC14sJakyHDttjL45YM6yJ0H:AlANJ9CWzaXpyC1t70t25YM6yJ0H
                MD5:00E1C1203DD72D8365F413B6487A0774
                SHA1:73A72577DBFEF364EE223159FED39D00A5BC4AE2
                SHA-256:0C29A8664137910D6B476DA2D906CFA6F7EE0F731A4E0564164FEFEE611334F0
                SHA-512:09D5635CD014AC296D95F9BBD89839D5248EB83B77716E10C6F3B60FFDE070E37C20F95C84AE38896E2BD7F2A1D013A29AB2728C16AEA5C1C3F556CD51612A64
                Malicious:false
                Preview:..\.P}|.o....%.......BG.vn,..&.,...EH.o...Pa....K]QW.a....O..h...lg.!.i.s..1...;l;.uv...k. .TS......t..OlO..b.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\nxJwP3G.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):283
                Entropy (8bit):7.237917871638949
                Encrypted:false
                SSDEEP:6:JDq3xZjMpe59RAU8ksN9Q7Yy9p0si4sJakyHDttjL45YM6yJ0H:UBZjp/spafit70t25YM6yJ0H
                MD5:682963DDB15FE5CE0173D1E278D29345
                SHA1:0553EA3441B7678FAA1FAC9D7214B6317A25F93B
                SHA-256:F8B8137B04898BD69269FF1B7ECD829554C0A17DEC784886AC0C482CDA0842BB
                SHA-512:AA2C3EC3A0A0D7C791A01E675139731271B55CE7729DA3DC5719DB0902B832ECD5981E6D5A30B9DC1F070E86250EDB60D4FD82A876465B96BFCE39817C6919D7
                Malicious:false
                Preview:.q......Rrp.....T....9=^1\.(...(T..G...$.........%.V[r....D.5y.m......a.....9....^..Q.E.(qVJ.......&. %rR;..?...+#)...`P....$4.4....t.No..|...Zl.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\vBkDO3R.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):568
                Entropy (8bit):7.6233930128022065
                Encrypted:false
                SSDEEP:12:8r3QdgdElc1kxbDulufiOgB8Jm9rHbMHTsI2it70t25YM6yJ0H:8rAdM9kNylx6MxbsN2+U2uD
                MD5:649E28E34F9A971BFCD3DF224099DCE7
                SHA1:1FED263C756D96B4E966E9716B9B77B095FB8554
                SHA-256:75173CBF214F9C0A8B3A97F7A576E35F2CB0BE6356670156DCB49C72CCB0CA32
                SHA-512:38566ADDCDF23435CDE952AE18EA5FA632ECC862A4A5BB4B0A87D0BFB1F750C7CCE1F78F579B481BBED23927F2D5BFEA1C960D4E93971A8C715177E05EB5E0B9
                Malicious:false
                Preview:...&..6..[z.....D.#..Ul*.p...S....u.Xq.H.t,}.{.>..%].W .,....2a......_D.....S.'..!...0.........i.G..=v..d.<..~9|wRK....N.wg.p.UJ3.y.)^B}p8b!....9..k........kqd-.R..4....il~..q4._. ...$I..\SI.K....:1....^...95-d.&O....+h]..J..1.:h....=o$.\..e.......Pi.DhL....i...."X..\.....'!..xb.=M...J.#(.....EK.)..d...K6=..GK....H8..n.J..Up.....i....aZ..<.....H.o...Sb...s..G.`..<YE.8.....W.7.5....K..h{..{.u@R./qS.i. ..jEKQE...Qo.c.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\S4qbKpV.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):763
                Entropy (8bit):7.701752524452756
                Encrypted:false
                SSDEEP:12:VsypjaLD4h6KZd/8aO/0FRxdISZ8ON6BVbGK1t70t25YM6yJ0H:XjkU/8aO/0tdIVtSKU2uD
                MD5:231CB9C94203EB8D7A1FBC281CAD14AA
                SHA1:54CCE7FC49F8CF35F2ACB7A48094890F923CB66F
                SHA-256:40D175D854EAB4D19BB66AF55C7F51A9C7F52EAF1447745B9085172173A4E8E9
                SHA-512:042BB512CB9DBEE155E9E4BF0D97B9895F121BC828A60DE3087B8150E8B4FD2069802F8CC357DBAE1C0DF84359B12F8F262FD15F61DDF0D7D7FCF156FA2C125D
                Malicious:false
                Preview:...u..<i$.....5.F!g..kC4l->E..s.rJ......`\....-t..+....|5..(A.i.jF4Z...E5.....P|....x..?.{.s.3....O..7....wD..I....k]...lG{..0.F...0W...P...4..z.2...B..Z.X.5.O...{..(....6n....G.....Q...).f......n.0....g.t.........l....T........!.G.i....4..k$.F..L".5R...3xvT.73"...y.3..lY.e-...{.....d.fm,...Jv...R.3.c..\.......p.....x.@B.0u.k.nc.e....3.9......@7.z.u...}.uwL..>7d5-..4!xqM#~....?........3......`.k\^M.C^ Z..U...k.....(.....Zi.$....%$..Ys.6HK.:U4......5.3......6.>.k.\.S..e.r,...xR.!...2.....0....n[..l.....!Bf...;..2.....;......m..k..r..S..g.@.....i@Av..@.....w.j.._QC.Z.@u..&.r.0.......F......!u.V .gcy.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\YseLsjc.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:DOS executable (COM)
                Category:dropped
                Size (bytes):37113
                Entropy (8bit):7.995328794751305
                Encrypted:true
                SSDEEP:768:M2m8i1UzwCn++N0g2morSSEAuwX+yFh9dECHlYW2lkHmJl67wKRab:nm8icGismoreiX+yj9dxYQGJcbcb
                MD5:8D34BA64FA5F21EA2636A7386E429B62
                SHA1:F8B16685161F9AE761A193F61F4397C0D6615EEA
                SHA-256:016CB6B9FE4018DC1B9AD75792510C9D16AE9A18E5EF05BCDD8D079EB6DB1612
                SHA-512:6D210A247E32AADF6343EDA11C9039FDBD14AAD0FCA823923265EF072A7C51FA28A94D5D7CE33CB799A2478DE980469F5D9ABC9DC521435D2AE7145DB0E92B80
                Malicious:false
                Preview:.Y..6Mu......(.z......H.@.y. ..D.0.Q..N.....Ns.Yg3...+...(..O.._".Syo.r.J.K...kT.9..JtA.?....!.1._.y.A........D">4 .C?S..\...b...al..::..n.M.>.p.oM{.h..........".....).O.Pz#.#G.y 8t...EQ..%.,=...M.p&.D....*.?.b.9m=..E!m#r...;@... .....\...............}.../DG*..K?.......[.b=.z.6O..........,;.1.F.n.^U....1H..G'P0.".Id.&g.2.E..'...c.vi..2...v.H..|...T....o...#J.......3....LV.....@.%..qz/.l.B...F..|..'P..W.Tm)y(nD../p.0Y.*...v...AJ...s~.~...u@.l......=L..../..`I!.......J..fNr.-=..Q.3._...@.5P...P.O...,5.qs..)_.p.R......b.VDYL.8AI.%.c.b.sq..js,R.P.k....k.H.........|.7@.B...}5."woq..R.tkc....4.....`~.V.V.b.b..p......e...=5a.T.6}.V-..D....,.M..u2A.M..P......%'....-i....W'..L.yt5.+4.5.Da.X..),+pqk..&..K.I..Q.'..zEW.s{^.p..80..k6.3.%.mH....b..w...J.....\!...n.d.,T......w../5..<BC$8..O.K..i..;*.f..a.:,...9...W...o-.V..Jc.............Lf..:.9....l....XeF!...)Vg.....'......>.S3..../..V.nw.F.$P.t.$D.s...<#S\....i..%K...'....on}.k..o....WS..q.{.=...@

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bxGTgqU.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):20712
                Entropy (8bit):7.991208713235258
                Encrypted:true
                SSDEEP:384:XwOowm4ThwNe/5nyJmYJrp3D4MI8jLg/cWuhcErnryddXu//AQv+HWy4slt9:Xwxwrlcew/D4MZjDeE7WDOAQv+HWy4sJ
                MD5:93A70C9473182552AEC7693D233F3511
                SHA1:4B0622691BD02AF54BCFD72855C27C9C5CD6B5E3
                SHA-256:6D8650A874B30E8FC285A0483713920477101EF4380FC6BAF6128B9C0CCAD330
                SHA-512:C8E70067C6F0E99AA80A5471250B0474FE49F4B0D6AF3DE295E70B5CBDB3B491D20829CD1F7B2CC1E39AF0723841C6F6977CA6DEFE854D3C8741FE0598D382DC
                Malicious:false
                Preview:..[.e........".H.T.uD..P.R?.54^..V.2.i.3wo.T4q.0...[.]\.<....n....7.F...N/n....s...[...R`3...o...@I...C.K.M&...@.*..w1...BE...d....K5.y.@..HV..W'...T.$O.i..Y[....*6Z....~ R.J._$..k.ju..........K.....d..jf..1r....|.W..9.F..E.W.V.i-|....8b.,..e.L..t:.5.42"e.Z/G.;ZQ.N.u...L.j.KTt..Jn..w}...,..O(...K=....rd.2f..!.>.gHRv.......M[..:.."..V.W..Z.,..............o.;..].)i...j.f.R......n.S...o.]N.u.&...r...$\$.....'z.0..?...Q.......'|.A(a..{u..L.e.y...?..a....M..qX.....3......anEJ6.v..7.F"..:.Y..Uxc.4$Q.v..-..........C(.-h...........&?...C!.{b(.....9h..8...M....y..-1...\.(.:.+.m.8..&.\P.8G..-......0.....g..e|..O...=....9......f.z.........o... .[.........]H2.*.#..H.Y...OM.-.ixi.*/..~.\.E.OC.......L/....B.p..7Y.}....GI|W.j.}......?.R.<c....=...9[..V....vX....Q.RO...x[......>J....]`..EgHW..~.k..$.w..H.G...m..A....k.C..........}.v....U.|..PH.5..0W.+.s.8$\O.B\.&.4...=.~.~N..(s...B...Y..}.Q..r.>...TEv..;.rV.bW...y.....dW..C...HC......S..Mp...a..

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Of2tgQd.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):283
                Entropy (8bit):7.282988145498182
                Encrypted:false
                SSDEEP:6:w338idsw0TAU8RzkNJ1aP2YSZ4sJakyHDttjL45YM6yJ0H:w338vw0W6ba0Zt70t25YM6yJ0H
                MD5:5FE11370313E5C4354E48A70EA374F13
                SHA1:7B7E90020484AEA9A959DC91D4B4966698ED4877
                SHA-256:2A1DC1296455A2F2B3ACC35207D1C1C2136774A59AC5C166B32C9967146C9EE8
                SHA-512:B96D374EB21BCD465EAFB6C0EC2D7E90D48D065FC9457FB7E3A143E8ED40D9B8A58A9F7241832BA49310929E16A067F8944423FB3BE21568E6D7E48F9005C8FB
                Malicious:false
                Preview:.`Y...&aFA.0\..0'D..H>..S&.....,. !.`U...........%.V[r....D.5y.m......a.....9....^I.........4.(.Mu.+.+F+&.U:.F...}......<0...~....g..w..%..-q.9...l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\JRNfHv0.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):283
                Entropy (8bit):7.189474387735958
                Encrypted:false
                SSDEEP:6:XpileMzcky1TAU8/U4dIqooT+qDIO4sJakyHDttjL45YM6yJ0H:XpileLh0KEiqDIOt70t25YM6yJ0H
                MD5:7E2216A8FE0F80D302A38305E8CD1BF5
                SHA1:88F38B68974FCE64C8F32A1A2BF23DC3D51224DD
                SHA-256:588E6923363A300C06155D28B70FFF8B3C34EC660BF2C78D4A827B22A6D200C0
                SHA-512:766D0BBA133C34F78C97B2D8653DE4AACD2CA6C0872D60D863B73E2E8F983D16C6BB14C0E7F92ACCB0E80BC7644C42757C30D43319E434B3A848ECBFCB037698
                Malicious:false
                Preview:.aW.......=...9.....kT...RY.*F9A.(....+f.........%.V[r....D.5y.m......a.....9....^Tc3+..0....Q.'K0..`........UjJ.R:(.r...X}..A..:.a...C$.n1j....l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\XKs9eQG.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):3846
                Entropy (8bit):7.955109500409233
                Encrypted:false
                SSDEEP:48:IkEpk39WZMB1DfDBQv34ohoW+1Nd4Wu1FawuuX70w+tkqGVa1ioI5QGL46kAoyJq:IkEBZ4fWAoqWtiq0FtkcWV46kXDSPSvT
                MD5:DB5F643ABD9ECBA92A99EEA4CCBCB1BA
                SHA1:A112DC56DC9DF8C92C3AD5C9006361AA996BAB5A
                SHA-256:AC0B03A558D15B271769454AB6DE75CC01C272E2F24987D2EC5145159C1DFABF
                SHA-512:49C323380B4F47D0D63581F75649943B31BF64A6AFBF537BB39FEE72F301741EE5E2A678C081701487A2D33D916D27D45F54C8B8172215EAC518ED1E4A77FEEA
                Malicious:false
                Preview:P'gI.o.Da!..].;r..zN..h..;.m.'.`.f.:...\..r ]MJ#t.4...H.C.....r.Ivn..E.....A.8...#.ns.BL1.2..X..._.p...b.$.....Cj.a....@......<R.\..]ps...m.)....8T.......$..}.........V.......7K,.#.Y.|B..5.L=...'.o.....(J........;S3...@..}...2...*.@.f<...n>.k.~?...3..C...rJ..jI....8T..?-.._...gq...&+:;.u..%.(...*........Y]...r....<.`.R...}.....r...8p.3.Z2..~.o....vR..P..A......IG~.=9.Q-$Y..#......X..#$.ft.0../..IlA.O.....w.u.8......z4..S4.<K..j1 .....I.r.Y....r.!}^.XM@.$.X.}b3h.....V.s.G.f..5...o......F9..@.......m.l0.^~../.......?||..v....z<...v..a.....N...C+R..KOM.;.......3.\.....n|VI..f|.w..%0.....\....@D...g.y,........@..|....F.w2..*]..J...v..u..."[.r.wv..2.6j/hb..1.X'..8*.uN.}e...v....RA....N...b/#....6..vp\..\7....Q.p...y7...@}h~:F<.6?..e..1./.+.a.W.8........-....k.+%...RH4h.B.........o07......f.....YB....4)B8.M..;.=....3<.^.<..4..|R....YH~........W...G.{.......,..\.YhUS.\]...(..R.......x.U...;1.k...f.?vSr,.............W.d.&TM...2G}rb..t;.n=k.x.0...u.

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\k0TbtYG.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):556
                Entropy (8bit):7.632856244953494
                Encrypted:false
                SSDEEP:12:N9HrEYaC5Xzf6H20KqjOyY/+RopleuUGiHX17lit70t25YM6yJ0H:N5x1zT0HjOyBuU7h+U2uD
                MD5:660287FE5DA292504495A44977A2463C
                SHA1:53CF80594014FB588E1543D8FCF803CB9379A9AB
                SHA-256:2BEDA20E785293E6A0BB27CE2138B604BAFC6A7558E5BCFD71682F1E7C841581
                SHA-512:F5651A51706C353D7943B712F010E62A68D41A1A6B1A72006A5C95D24F08E93F804EB0D0EE9DFDEB1ED0508791051895395899BF657DE977C596E28D8D7762B2
                Malicious:false
                Preview:T........1...'....t>+P..l...*.Mt..7.......b.(.*b......4{7..>.L.........l..a.....O.ZG...v.aA.."ps...l..i.*.....J.{`.?w.'.\.].......=..G....o..iG>V.d..!.=H(...O1.Z..+U.M....5..QN.Q.3.o.......b1.Nv.z5....~^E!.7.cH....f...[5'...cT..*i......M.0m..;e...{\.+.Fu...J.+.....AFQ.)..........T...P...Ip..6.I...A........i....aZ..<.....H.o...Sb...FFFNw?A.r..:..A...`..$-.....u.A..#b.F..7%B .....Vs.........'.u.Jc.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\psURUb7.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.176643538061156
                Encrypted:false
                SSDEEP:6:UeMzzxseVjZ5/AUp1g+34sJakyHDttjL45YM6yJ0H:F89ZZhAeg+3t70t25YM6yJ0H
                MD5:D6D34EB3FB36FA51D7D1028EB9DB3D48
                SHA1:EA92BB8E1623237B7EFBA068D9D3B7AC8313331A
                SHA-256:AEB47477FAECE890FB4D205A1B17EB916F3AAE6ADF9756905E05FE62F082FCC7
                SHA-512:52410D7B60B0A1214A72D3CD93C363BA286848701A709A5C3B326F1CB0AD50CAF922629F45ECEB10539877F459B571EB86D7B2BEB975B975B6461295AF434604
                Malicious:false
                Preview:.A..I.......h%........BG.vn,..&.,...EH.o...Pa.........>.....U....(..2....Mr......n..W...&.BX.^[......2...jb.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\yO1cwPG.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):548
                Entropy (8bit):7.642395064337655
                Encrypted:false
                SSDEEP:12:fZByOSgy0xzT4w8S7n+pHoCJ8Hlv4jQxk3jhVVCYt70t25YM6yJ0H:fZEOS1Skw8S7n+pLJY0QO3jhi4U2uD
                MD5:E9A63576A2F4615B16C5196B51E81283
                SHA1:73568318AF9D5D5B6183B8B967EE5BE1D7835BFC
                SHA-256:FCD3F3282A596FC84BCB4602EC27F646B6C5532E7E70D0EB4278FA5A319A065E
                SHA-512:DD1B4C26C147E8C9BAD19C1ECDF635B98ACDB068C70BB8F398A0C3EA9F26F4B4185FCA223133FCA9F8C85F0B52E486B1301C8C2ACC3BEF7B5773B1EAD975C69D
                Malicious:false
                Preview:Dq...*.!b..{.i...........|...TA.......V.fp.......^e....2?..Iw_..<2...0V...S.t.cw....4.3}.....mbs...../.JoKW.|.=....>....xp.&..G.5.E......../v4.va.Cl.#....N..<,S..he.D.X...T....aV.n_\s,..j`..f.7.do~a..5...]..D.Ta~...g.6...OB...\......C...+7.....y..L[^......z.zn. K..8...].UR6...9.!.-x..E..g..I..p...!........1`x..&.<....EH.o.....G.#TT.g0...Z......2.^.>F.{r.E..E2....E.]......._...3.]C.k.2.[.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Wrj26LN.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):519
                Entropy (8bit):7.565008829725644
                Encrypted:false
                SSDEEP:12:x00JbrqcnieLO91Kg06MyabXAQWOu99Kit70t25YM6yJ0H:x02ni8p9bXAQOZU2uD
                MD5:2FE8048A54122E74899E88938FA6E1EB
                SHA1:5CD1E1F835B067ABA40E815D1FF1A3C3295BA596
                SHA-256:64C149D57BA46110D4A4ADB86D1D6956FC319B0CD48DBB42CFE7007D28110881
                SHA-512:3A48CE8108403F08B09F2E9BA8C3965FA3D7049294014D91361747FF4765E186D392C8ABC00D7DFACB534CE7D630EF79891A66C0B7E0100904EE44E55381C61F
                Malicious:false
                Preview:6.T...........O..*x..,.<4p.....jP.Ow..Y....'}....|..].oYr...n..M.|........ '6.&.$......Y.DQ..H..M.Y.S.E6.....hzF.|......5j ..v...)...R.......n...%.'.....l.$L.R.yHE.0-..x*`.)/c....M...M.kCX....i.ztZ.62z........P...{..zW....:R)#....R.....5....>X.........4,.,.]dS.,q..d|.'........1`x..&.<....EH.o...;..(..D.?......LJ..j.w46..].%+.,.....J.......q.......f.N^..<g[.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\bQJhrk5.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):131313
                Entropy (8bit):7.998683696564175
                Encrypted:true
                SSDEEP:3072:xbd5STH8K9NLRiVEQleIHNDZPFT7NA49HAUHU4MpML:/5STc0ihnNDRHA4uU04RL
                MD5:934679EC1A7AB00C8724269D5F756838
                SHA1:F9C7B883456940045CCCE0E9F3CBC2E887598B85
                SHA-256:9EE5A19322083EE748130C7FFCDE8A51C374EF09071124F026291B1645FFF5BF
                SHA-512:482D3ABF65DD28AC8578CDEA45161C3978071C7C4318CC8694D77AFFBD60F0F4FAF846FBBFEE7690BC4A209049A99E2DDFF8528BB30F87F34D26B1408F2DB2E5
                Malicious:false
                Preview:.h..P.W.h.X.......k.....(..T.e...j.?].._..!2d.....@z..<!..).'..N~.....M.z!..7.....B..._...?.3.v.~.}u..$0Z.l.q.p.M.....Z.$......0....Q.U.=...(hO..D.zM...,.`...y${...@..X,...C.....0.q.H..#....W..LK.*4Za@..M.+!N?...@. ...$7.%.I..b..Wi.7^1/fw......&.J..|;..z..X:gJy U@J..hx.^.....g...nja.#i....;.......j"'...5.....;...t.l......"^2...h..o:U.....2D,S..M.<]..u......../..X...%s......-.{.msw.C.Z......D...4.u}.|....E...7m..@=...........D^..,r.....71...oiF.....-..Ha.......L..>......!..F........Ym).C.I...{..q.y&..0.........7..+..IA.s...c^..;.b.x;...n...+.X,G.....UU.H(.}.!.`7...i.'o..s^f.....^...L.,^.^...T.. .\...........m.l.=...........B@s.#T..{l.rk3.^.&..[.#x.^L4.l....1.,.Ws(....mD.*..vt.{.f.L..Z.A..".N[.T...i..^.e....al..7.......I...p3.'.&}.<"...0..&.b...s.L,dx.3E...Jn..=..........H@.-JC. ..B......aq.......l..O_3......{....!.f...:...b.#....kNF....]..>QUC....j.D&07..#.''...^..._CVj.N..y..Z.9........B"...=.Zo.N../0..a*...6}...n.0.l .....\g..

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CYKY404.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):287
                Entropy (8bit):7.310907797605055
                Encrypted:false
                SSDEEP:6:KlBIXd8Tp68KpPIKwvcwqoau7Iyi4sJakyHDttjL45YM6yJ0H:O28965uKqau7Iyit70t25YM6yJ0H
                MD5:F67681341EF6F226EF909C9192752655
                SHA1:C687EE724B0538EB90631E3CB0EFD60C85B770D7
                SHA-256:41BD319435D80FE7C374F73E606D409353CB8048198F8FCA4A7C30A1ACB9A7BE
                SHA-512:E999EAD1FF26259AFE5F063B183ED0583AB1F805EE91914E00F9DB1A6EA1508EDA31EBC18C1F9430638AE24640B449FB60A6EF73D268564D8C41437E56C9DAF6
                Malicious:false
                Preview:Y.%-..v......*......u..z.G.......4..._..n......>i........i....bZ..<.....H.o...Sb.....]..S......>..D..P....Z.r@.}..V..ox...p.....c.2.....%.N Kc.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\SkMauYs.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.129323628813134
                Encrypted:false
                SSDEEP:6:9oc5zxse6i4Sbpic5sRO4sJakyHDttjL45YM6yJ0H:9o+96O15sROt70t25YM6yJ0H
                MD5:B994E4A128600DE16BF21295D736C1A0
                SHA1:2301EF94273DCE9F3883064806129508486C0404
                SHA-256:9D0AB8C3F5DC2FD989A89AC55EB9538D9D093FA79FE03C43265C7E82017EB4ED
                SHA-512:74A6E4A480265179168A82FC127D688EF9F84FC12EB3F8E7DDF341E7BC12B44522F67EF232A25AD4A61E74281265E3739C52876B14CCBC5120F2599D46BA2C06
                Malicious:false
                Preview:........hU..W........BG.vn,..&.,...EH.o...Pa...B>.D....L..../.0......g.|._ c....u7L......Ru..y........C^c..b.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\hqZk38y.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):510
                Entropy (8bit):7.481490809729682
                Encrypted:false
                SSDEEP:12:7rTtGzxohokg6PUgolB0IUh6tVt70t25YM6yJ0H:7PtG7h6Ro/05QlU2uD
                MD5:625D172A0F857392942C73E4A4509107
                SHA1:A5CC9430ECD512EF6F3BA8C05C02AFF976BF26C0
                SHA-256:A7AE62EA88D120179E61818574ADD851D7216477B36D49594E5494A4C6B97E78
                SHA-512:989428A1467F75DEA3295D90AA99F96CF98146546D97E8EAA11E82A6E201ED308FE954D2BF0988B4224F8E741A691E393608DC61EC4D96937765A5FA2E44EBAF
                Malicious:false
                Preview:.C...NA%.s.}*.a.yxwf.....;....x........%OA..e&........O..%........E...S.|.B...Q....w&.`.../.DP....uf.....+.O.7).A.......%..w&..."u..h.!-.!...n...../Mi.d.....w..|..6...3...Aak...@..3..$.AAS..YYc&j.V.!.wp......}{.....U4M.w.K|4.W..A.p.q..a...?....J%.RjqE.%....A.Qv.:46...52........1`x..&.<....EH.o..d)C..X.....1.?...x..0..r...U...`...a.w..~.........h...XG.O..p~[.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\i6KsRbB.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):283
                Entropy (8bit):7.280903020177396
                Encrypted:false
                SSDEEP:6:xphL5iJAU8e6Fr1bd87xO4sJakyHDttjL45YM6yJ0H:xphLg2t87xOt70t25YM6yJ0H
                MD5:B8C2C48774D2208D0DB04858BDDB735F
                SHA1:146486C49A2076F959987E0B714413E6CE7A3C7D
                SHA-256:2B8485B3B613AA8AA359EB6766A490F8DA9090AC5E6969DF670F87B46944FB0B
                SHA-512:A8EE75494CC935D1A59E46A7E5A436DA34A7AE9A3FB9E34735A7511A6C3DD9326F6CEDFEC8E98944416CE569AC20B1D8F86AA844D41D7355B5F29D8E1BCFDA72
                Malicious:false
                Preview:.{...WD)o.X..$...R.!...]U.1.....>...t5.rJ.........%.V[r....D.5y.m......a.....9....^..R.k......@1...D..W.1....1. .....Sy...v.x.Q.i+m.Y........Hl.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\5pWAIgB.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):359
                Entropy (8bit):7.4921233819571205
                Encrypted:false
                SSDEEP:6:dhtCN1CobevcXPKCPZtYbUJ3kE3bWkA8Kp5Y4oAj/rFCzQk24sJakyHDttjL45YD:dPETXyEYbmkE3bWb5A4ZA2t70t25YM61
                MD5:D8378E6FFBF7EF3076F2045DF9921EF0
                SHA1:613666A86B8D83145B996B9049A6FEDE041719DF
                SHA-256:935A4EF6E9596341D04B8F51CE1210B143EC7741D561B8AF9C5FC95E68FD6B2F
                SHA-512:C74DA6708F3748920C68A1DE23EC602B5C442B9E6B786171555787144E45D2C9C2190B2E762880098A274FC2A1C9C7FA790C62CF00ED604FBF64791D51094BFA
                Malicious:false
                Preview:....gr.u8A.gy./..N..m.....RD.k$.1...{...]U.........s_......d._.gq.Y~gj.T....E..s.....:V....a....3o.J.R...t7X.........P.?.....i....bZ..<.....H.o...Sb.......(B...B.cj.~.....2..W...v...RBv.......p]......k..hN..K=.b.c.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\BYxCmgZ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):528
                Entropy (8bit):7.607238208748494
                Encrypted:false
                SSDEEP:12:CS+kI9sPU42SAwUFImUpxOoOn1+m7Zt70t25YM6yJ0H:CJkK8HrUFYpxO5D/U2uD
                MD5:D62D272B1602D804E985290467A94231
                SHA1:0CAD22AC981166146488D66BF8D3385FEF0BCE98
                SHA-256:517CCC6D7802D72DBC5195E3FEDD71CCA7196D3D1BC5B2A91555A18910E23851
                SHA-512:CFCB8788DECB1E37051FDDC835FAFBDBBB293B96A3754B58C04B1EF4E2D4EB0871DEE66643DC44540DDAE4C5A9E2EB1E66F9A8060294C2C3682869D092ABC2B0
                Malicious:false
                Preview:,R9\.sP.....d7I.8...-.].*...X.)....Lf.p......O2..^ZN......U...@:f.En..*.....v........!...$.r...w..&..).)5#.?}....8.k.:.k .R...c..g.`BD....s<,.%...lh.~u......o4..:...Q.o5,......xt..<..B..uY..IOH..=.4..=0....F..-..,......s+.L...#..o!P.u.1.P..=.....i.7.......,....m.f...Yw.9..?.G.^@..kAVsX.........1`x..&.<....EH.o...D.6O..\....X)...rz7T... ..L..!..m'....T..[.6.*.)...l..C....l[.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\DPwrzid.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):283
                Entropy (8bit):7.266630581953694
                Encrypted:false
                SSDEEP:6:3vvnQFywCTAU8Qp/nNvGHWkO4sJakyHDttjL45YM6yJ0H:/cyl7nBGCt70t25YM6yJ0H
                MD5:AB17F8762F3EE6B3DC156E8A30001896
                SHA1:F0E05BAC8765EB99C981B07A64C7B4F131519C76
                SHA-256:E540EFC6BF121063BF8C3ED6BE5E0411728700DA318C39F5B3EF9618C3A1B31C
                SHA-512:142F97A148297C5E0B5D5512464FCDEDF0A924A397AF8545D9B4EA0557C53E715526A6DDD86AAA5CCC56841E29220BFBDF60C2D1399521A1BFC4A03D6D4F906D
                Malicious:false
                Preview:..*..-5..I...Y.......Fw.)Q8.._..&..............%.V[r....D.5y.m......a.....9....^-.U..........s....->...}..%:...Q......<.G....$.&.....]..'l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\ob4LOcd.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.092655951676843
                Encrypted:false
                SSDEEP:6:UzzxseknX70M/MnVofXzx44sJakyHDttjL45YM6yJ0H:U9FM/MVofXqt70t25YM6yJ0H
                MD5:5F381EC6ED9199CBCEE5FFD10440FC0B
                SHA1:BA7D1C24E05C64AE9A7610ED666335CC517FDAD4
                SHA-256:6F6E78EB5DECD8B534D8A7CEE82CD37C784C8D19DA03F2D996B1CB965813C72B
                SHA-512:2DB0A82F3258843B07C101EAB6FEB9C7EF2FDBDACD648220F9A1163D642D28C6B04D7EF9C34FD49D40F55B9C8103E8D7C943A7E6FE182A0B2EC690F2345A320E
                Malicious:false
                Preview:.=`w.."pr.`x`.........BG.vn,..&.,...EH.o...Pa..2.jl....j...}[!.Z...,........2.E?o...#..../..........P.......Tb.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\tWvCfA2.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):527
                Entropy (8bit):7.584533924586518
                Encrypted:false
                SSDEEP:12:j8dsDfdq8AlDlVb3+iy3MkXEz+Tll3IxMmZzOmt70t25YM6yJ0H:wdgFPAlDr+R3xBw6mgSU2uD
                MD5:1EC32FF595E60A4A6BF9D8DDF32608FE
                SHA1:251FFEBF667869EC64856A70FD54BED9C2B71F9B
                SHA-256:DDE623B718DBA04046631640C2ECE4EDF42B3200F241DB191CC5F4C3B7AB4B6E
                SHA-512:5FDB757368A0D5A94E7DC992D956F15EC7B1717360828F9717C81EFD42237E847B22539CFA047742020300D168C528FDF928BF57C1EEA15E3C71345EB62CD0C4
                Malicious:false
                Preview:5.:.L......K.E.......o...,zWpA?...<....1.y.,.<..X...<..>.|..tq=u.....`..[...%7.QxR.p@^.M...Y........n.A..Tw<.?...s<K....<U..X.X.-....[..Z..%H..0..R.f..4+............4.....6.._T.7e..Y.B......=G.S.).U...P.?M-J. ....'..P.7....u......8.z.~...d.B...-..v.......,...`.....-..*A....I.......i....aZ..<.....H.o...Sb........#.n...;...rV`.N.R......-../..*MY...!...z.n.~...Y.c.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\utGRs1a.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):731
                Entropy (8bit):7.701080360675393
                Encrypted:false
                SSDEEP:12:QqYxu6gp80/17EPwOq9dHwDrfssrW5ftgBRZSqT5sP5lE9D2ZQfovzO5g6Zt70tL:LYxyp80/5E4Oq9dQDFK5mBrSqGnaAvz3
                MD5:F57A2A98C8CEDD927C109F0A603077C9
                SHA1:C0F3C34641E2F58E7C8B3BA8FCF05F908305F99E
                SHA-256:E279469409C028ED676A7CEFF12ED266750837776494BCB7F37F4A187F45B693
                SHA-512:9E9F37B78E24E4D0D0E1B11C986B3514F4BA6471EE3520BE44AF3AE25E2ACF1840291ABE354021703D43FF95D5F79C4662B2352E5D64D94EE3FE1FA7BBE072FA
                Malicious:false
                Preview:).7".\...m...0X.o#X.,,F./.....z....1,...A1.N.......Z.3.@x)>/...i.,mYS6j.:w.....D(4....e..yS)Bv..",...l...5...95.......JV_.).e.B3T..L..7......]......E........_L.?N...b.Ra.2bA...<.......ze.3.b"..++ %.e....7q......Q....vl..I./.......em.....i..M...Vos......V....V].....oBBBy...A...'.,...<~.Q.P}./9....0..^XH....0.C........et............|+$#Ue.J...bj....4 F...e-..q].\.....B..(1.J.fK..s..X..n..$*..5.?l5=..|../w......,.$.!..8..ys.1..L......`.....P....|.....&..0.w[C.Z....".b..j.S~...E.9....^m..k...Z.)......q..#.1.Rj.kF.sR.9.....".....k.M0.....^..\.1.[5....q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\Linguistics\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\Adobe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\LocalLow\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\ARM\Acrobat_23.006.20320\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\ARM\S\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\ARM\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\3ATHQFr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.20692488888506
                Encrypted:false
                SSDEEP:6:ruBzxseOlFYCQCPL3nPO4sJakyHDttjL45YM6yJ0H:y9OTmSX2t70t25YM6yJ0H
                MD5:5FBA45C9ECF527205267A8A1F087AD2A
                SHA1:155DC84A36376E8573C28E91A2986B32AD1E1DB2
                SHA-256:E90FF40314EF78BB85FD2C2130DEEF0CCD35677F3F43751B2A9EACBB9173D69E
                SHA-512:DDC4E1B007805B38174F888D88FE2948BF09BEF059A1A3FF7723973161CC38DB2F9A4B627F767588E4BA239B43271753E2E678D759A604397A57B4C6B5A8A5FD
                Malicious:false
                Preview:..e>/G....o.6,.s......BG.vn,..&.,...EH.o...Pa...\...k.t8v..]PX..../Duh.N.......gr...k.....q...js..8....b.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\6BrTpOp.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):731
                Entropy (8bit):7.728163158345874
                Encrypted:false
                SSDEEP:12:2JvK1WecE5ihLeqOUbnukrGo+3Ryez+2TeilE9D2yKzZt70t25YM6yJ0H:cvKCj56knk3Bzggdz7U2uD
                MD5:08A87592C4D4B2FD7FE184283CFB6A60
                SHA1:30836064C891C90C5AF4B2A832943682A3BD9FA1
                SHA-256:C15871B616146B6B120BAE8900FC39937A24EDF3F715C4BB5EA48C2A568A034B
                SHA-512:1D0A70570663C2D5BD1497AF4122C722C25BEAB9587D61C30BC97B5A65ADA94740548F2CF58A78E1822208A30F084CD3C575CDD9898A701D54E4BDA1299D0891
                Malicious:false
                Preview:....5....#..C..u.j.b.|.........g..8.....w.ie.h..~..(m..y.G8...}.......c..IAzR...P^X.cH.oED......4D..e/@....Z..&7.Y......Lh? ..Z..|...i..$..&.z......&..a.f.)..X..EK.f^.. .V...k..t...F.wb.(g.. f..=..v....|..P.b...8<.*..P.v]....;..&.....1J|.ky.....r.8.?......d(..F.K[;B....GGq..i....d_PVE.!..>.z6.J..LP..E=&.b..jp..;...J.M[X.........C.<f.....v.....I.v6.E....B/.|.. .4..I...x.j.y........f.`..&.#z.. ..b.=F.5.?.?.d....1.."..........Dl......t...e.]...p..c3A1%.D.'.}.F.......&..0.w[C.Z....".b..j.S~...E.9....^m..k.Q..m..H...!......}6....b...g...0..q+{/....Ox%.)...!*.A..o!w'.q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\9WY9hGn.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):283
                Entropy (8bit):7.295252014710265
                Encrypted:false
                SSDEEP:6:KF8ZJy1NLAU8stRzS4sJakyHDttjL45YM6yJ0H:KFq8rPR2t70t25YM6yJ0H
                MD5:C494CBB8786BE54F7A7A3CBDD57C4F62
                SHA1:3F1E2636E6EB07B4319C1F1D60411F89E4F44C39
                SHA-256:6B584798C62D8EF7924B73910E3C55E15E8B8797B6E9B603B03974EBE4A736DC
                SHA-512:1DE9AAF3C312D74A0D44A6C5B0FF5D0F94FFC3CC84F1BB3E302A1FB0D94836D3A2E9F4DEBCA1A19D7C1768D2CD9AEB35063E037872B015CE6B4A32BEAAB7DA65
                Malicious:false
                Preview:........].....6...uTDM...^9....v,.4.n.........%.V[r....D.5y.m......a.....9....^9..On.7.x..P.R.w....|.._..3D.......5X..N`..h.J.d.........s..~l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\DL1xvYn.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.975027203238447
                Encrypted:false
                SSDEEP:192:W6kYWuI/ZKI93PCnzNwKAxQvB+6GBiDWcoE6Uxnl9Y2sm6CU:c0I/1anzdAxQvBbGLbUxnyCU
                MD5:A67CC4DC29876242F277BC058B6D68C3
                SHA1:02AF3B588D9253F72EF84AE057815EA6803055C3
                SHA-256:3E0E613C8E1D1411991A8723AA15149F60D9E45D13EEA0B5840E549A02DEAE97
                SHA-512:6D08F26F7FB7F070566E3EF660FE6108985E51F8233B68200DCB172C880127F0C368296BFD31CDFE4D1F9061D52981E16EF5B6651504358D5226E95AF3D9F27D
                Malicious:false
                Preview:......R.:.~..\n.y........d|(.;.&....xI./$...s.+..c.n...WC.;..8...A..^......b.+.#...D.=,.#Z.R.$I.(.....).2.'.............#C.......d...|....OD]......Eq.........{C....$..6.;..N..v.O.ht..>....L..a!.3.....3..6ATGx.9..N.pU.~Y..D.+.m.W.?H..%\!N.G.R...mm.8iZ?d...9D.q.d.W.h.z.......m..+.....O.I]J.I...R....K...L.i/...q.C:......lT8.......)...+.......|u..t.u*|X..{.l.k.(@..}K..<.Y.p....#..).....P....8n....M..).....c@6N.\..g.b..zH>r.e.xT...`....^b.2.u..~L......}...+.GT..*.l%"....!....^..Vns.....]_..+Hu,.....@.w...7..+..t../.<$..5..n...3.|E.k.#>.....IS....t...!..t14...2Z...L.`vI..L...k..~T.V...u..0.32.'.x..1....6Y....|.^n3.....3..n...&z...?.......<....v.Z].g..P....A.7.P..|.!n\...$~.V.....1n....A.Kg..#z......p..F.....E.n./*TZp.........#.._a.....E.....s....lu.Sf_kk].GC.J..E...KOSkJX.}R.j.i.......H.....~M..T).. W._...E..%'...?..h-....;.u..z......`1_.......1..0......V3.s..{.Qm...W|.rTn...VP...;KT.Ku..rr...........7...#......../e.@a..........t...

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\LS1275w.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.977867252433118
                Encrypted:false
                SSDEEP:192:zf/fsXja7MDctfma9oWClEVEhv/ZyvtqECKDZKAZjTA:znEM2aeWGEVEhHsFqECBkj8
                MD5:235BAB6C5C931544C137EC0519E6E224
                SHA1:76724F26F857735EA03C8E3E2B945211AB286955
                SHA-256:216468689BEA6B39514EF02ACB42CC0C524042FB3D5907E4DB41FC81E6819817
                SHA-512:8C054F3CB0B3C0F2EFB59F193B39BD865B16905648B89A2D3D2B5D39D99100877C7A699B12FAE1588200D79CA8280121C65C0D1F31AB6149FBC5207D05D5E0A7
                Malicious:false
                Preview:.Y..V@.Aa.+^L..7H>l..&4...Qg.Z..`...c/.*v..k..Z..."...9.nwk.......&l....*.I|..I..'q.o1..Q..f].-..j.y.VY..WH..yBU.....R.I"reaV....-..N(....wL;..K...8..#.{4..zi..z...J|,....fxG..3.9..#....*.tl..L.8.F..j.n@..P+.....2.e.....=!..........@.!t.y.-.q0.Q.M.*...Q=:.....HX."W.Z.Y.5.......e>.<"..].l....E...rc......z...S..H%.x...^W^.L#..........>H..N.v....;...S5`c.......ac.....~.wv.D.Z......i.8.G.`.<..]7.0[..k..|Q.HA)..0.X&...)<;kg....,+'H..#j.^V.v ba[.n.~..#e.....}....|.....a....h!c..;/.>......f=.m..' ...M..d.[............%k. ...}1.a.n[.......F.8<t.{..../0m.0sT4.Q..... .0z..~<>...<...=Kj.........n..e. u...a..F..N...b......p..(.IGh.D(..:#.T.\V..~6..{.....:.D......da.ge.... ...`W@.+G.F&o/.Z..;..=?...&.4#.>.W....M...1.~....aH...U.7+Z.x..?L....&~...X...../.nV>.e.PIEAk.....}..!/..2&...8h...;w.^.......h.......K.l.G....l?....2)...Tp.....V.@+)^}>......AJ..>6Q}u.=l...m...2P.HIy.{.~.*..$.p.....f..V(A6.. "...~...3...}.4(9G1b.)U.......0?.0Y.K...vN.W..].#.a.B.....n.

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\QUXQIcW.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.979587207142469
                Encrypted:false
                SSDEEP:192:AmWE/pCqERGrDvDA27YmYqR16NwYeDodM1NHbr/Pk:AmWE0dIvDAQYmYqaheDEQHfE
                MD5:E6977762C2499C1250365167356EC18D
                SHA1:A2C4EFB782BC2194DA021C6E873648DA2187B43F
                SHA-256:1DBC8BC1E6A8088660E32060A8DD270312020D6AA86E7D6D476AF9C2B6FF3E9D
                SHA-512:EA59445C30625A634B6C6A1C2B8DAAE05E8A27AC4043DB7381912A6C5DA1D2E45B35E1376ACC51454B64761123F7DB0C537FD76E29834D2B65BF4FB301FFB384
                Malicious:false
                Preview:...(..Y@8..r..1..O....g... ~/.>......l..6er1.4..-T..:.].*..\n...2*._.2..L..P....!..(....".e{.L.,..._u..V.T7:...c...@..ex.<.|..i..&,.....wBd....5*...yN....1./..../..).#.Wm.u....;."W^[3..th.(i.47I.|.G`3...M........;...R...T.D..P(.....!.kY..0M.(sW.|*...d..q...E...5.zJ^fbW..~/.e...........;.2..(.9Z.\.|].]...X0+.....:..o..R..GC...1(.7.L........ .IG.....>s.KBh.Ej......]....Lw.#q.w..N..qL.0..9.0.7).Y..I...h.SJu%LcK{y. U..d.zQ<E.@..M<U&..f5X.^..kW...E..CN$Z.4.`..7N.B.:...yC..T3d.;.[.aW.#...`......|...G.P...C2....=.........&.L....._D....b./S3....f_Z..LVP.<....I...t....p..A....k.g..4.J...u.#r..tI.8O.y......g..u.m.P.|....ki.w(9....7.nT...Yh=..F.?..6[....{W...6..=.....u...B..sG..<b.y.?7......(fVl..6.vI0.Z.,+R.|..Y.!..@.'..q..4.cfQ..TW..l.{..;.nv..l.O3.9L.+..,..lRJ.u....e.uY..v^......z..^..Ys.i...Qo..!.$..{..1......?IO.u.......0.1.G.<N...d.Hi ....t}d..}J.9B...~..... ..V..:.U..%.{.Fu.I........Q.;.P.....J..o..+A.a0b_ju...6.....u..b......

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\Wylu6FF.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):270566
                Entropy (8bit):7.999423205733604
                Encrypted:true
                SSDEEP:6144:Nbogpn2ncP1+3UtVIgYqZnh0M2DGhN8iShpLgKa9nhu:togpn2cd+cI8ZnCM2DiN8iULgKa9nhu
                MD5:E88C1DC3A328446F315B59D5E660FAD7
                SHA1:ED3F912A84D0FAB8CB588616E7326CAFE2AEE8C8
                SHA-256:041C7ABCA9286C762275C728AF49E753B24B0C0F88A0AF0564A684CBB450B667
                SHA-512:B1ADFB0094B4B0932CC9F5D92375F822221E4E03FB1ED38F09D9CEB72DA234EF2AF75E4C97017AF370782135F936282148D9B6E222D0F52ED4B6A966CCEC91C7
                Malicious:false
                Preview:..k..a.OV.FuN....&.l).eEr'..v.V...C...bh.....I..s..i...i.S...7..*..#.l...*....f....ye[..]......N..>.!.E../......a.......Iy....O....W`.X...............x_baq#.. ..'K.p...>.=b...e.0...A....jp....$.lM..."..c8..'.....J..S.03..UZJ.|8nd.....3..2..W.4..C.-..]J.G6......3A.r..y..../....^PD...F.....qeZ.<....>C......5...#j+!q...iJ..#.....u.....B`<........*,..V...c..cpduH.A#Y.L^.......R*.....$.|.(.....oj.#G.`(.yt .!.."`.`..E'.|.1./N%./5..{...A..6..Ud.Y:................>N.{..L .F..>....G.k\F..1zV.o3.r.......H_..s8.....V.."6Ey..(.B.......b{.e.D...I...2..@z...P.l.;......Q.|.$......Z.^.{X.....}.SQ..l.C..N. ....X .5.(.a4..5..7Y...x_X...Dn...%..46%2.........a!...m.JB...!"{.l,C.7.......,......TdH.!.$.=C]P.K......gP..o.Q^....4i...rv..`V&Y.Jl.v)..!~s.,J..lK...,.aq..3.m.......N .."........@|..!..t....?BDn...'zzs.M.c.`..^7,.....V.6$6..v....~..H...W(.+..s.......p...+!&=N..YrpC.c.6...2...,.t.x&x.............@.......}..._...........F....u.l.a:........[g..w7?U.vy

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\zWIDFhg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):262741
                Entropy (8bit):7.999328031565006
                Encrypted:true
                SSDEEP:6144:NIg3PiLMsiEgtYbdsa6zo/Fs3faf7m4LEbfsMKuXds:N76Y6bKax/Fs3fKKIEb0MKya
                MD5:3661FD81CC32C9D92B351D4F7BBF29B3
                SHA1:4B5A0968B8F565CB153606DC3BC6C7BBB3E503C1
                SHA-256:7BFF0F1CAEAE4BA2988A69F76B5B890B40E47CF07951D2D2BFE414550988FD14
                SHA-512:E07C8DDB7A59B111CAFF1FD2A3927BAC264A31B5CC83B88E55EC6B154AA645E212B0BB952690FAD58EFC4785A9EA1BDEE496E25D82627C37B09973D9D71F8841
                Malicious:false
                Preview:.$2......~..b.t.s>.k.9i....z.>f.+Z;.5b......\"O...S.M8"..IYs.;.G[=P.lN<.].F.tQBQ...I.\..k.b..A..f....+.L.j.B..T5.....v|... ..]jS..$....>..X...?E.I......7..."....&X..R..=K7.....S...#..C2:$`...K..........%t...Lg'..~t.....".N.2mX8(...X...Jm...@.%.<...y.*B.H..........N....8.....r.{.. .sL..g.'}..m.4...RF.....$(.!...X,;.~.#m.R8=hz...>..J....f.n....}.....=.H.:B.....D.6.d....r.n.b.........>\$.lm.. ....[.....%..AJ..n.M.9...m....PQB.2....5....U...%w.P...).%....(..[..Ek.d$14....Sq.<....q.. ......0a/..Q.Z1.ot........C.[.A.J.W..z..-....4.2.oo.q+..#.......7x.pM.=hF.......!..".?l9.d8Q.Z. {....X.TO.m.r..a...+A...d6...`...r.J$i.&.u. ....J.w.z....+.2DH...{..Pwa.....H)..qeev?d.r..]...I...<..(u(h%\Y...f....va..(....\.....%L.G..N.3."c.S...........=.^.G......s..N...,j...A..?...h.....[.._7.OT.O...>q...e`...\.....6e.....L.d.6......w.y..A.E........4..z..r.c....1...;15..)..9..4..i..tM[;.;q...i{5...<..b.zn|,...^..DEl.`}...7....4.x.<WH.x...z......E...

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\1LH0HBs.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):457
                Entropy (8bit):7.49649704685102
                Encrypted:false
                SSDEEP:12:KQWQGAKhFbSEaRnz2I70lZ1tGbREzZt70t25YM6yJ0H:KfQPKhJQrStGG3U2uD
                MD5:8FF25B88361C8968051772683D7E1F62
                SHA1:DA77EA83A83A25EE8EE4D9F59D17CD974F00C60C
                SHA-256:9B9C2F55C6F9841F0A2F7CBBCF05F7F5D8D01CFAFE27AC67ACC03A1B6C50C3B2
                SHA-512:6E83D2692CB959C8087D5530FF0B38690631B5810866BDE58DA32567A7727CA6926ABFC1C691CD7DDA082EBF2B9899C86F25F202FCC98C188DED3C7F42ADDC77
                Malicious:false
                Preview:.....PF/.....S...l..q1.......{WT..^*|......#.:V.n.%.....Z..)?N.l.A.|...>Y....{../u.).\...Y.c}pe..~...;.{x...~.......<.....x..ire...U...!m.x\a....5...e.......8..)..!......cFZ0.....|l....*B.....b^.zr.<7TC......."...lH....|..PLq.0....Sa.L...9....]m.....o..`...:H##Q....r...&1|b...CR.,.5......|En.F.S..?....;.NQo.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2O9jQgB.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):467
                Entropy (8bit):7.603856598447266
                Encrypted:false
                SSDEEP:12:9xuzlfuZ34S1iJ4b0MgzW2sNauZEbit70t25YM6yJ0H:3uzlfuJ4Se4b5e4su6b+U2uD
                MD5:D0579757EC585762732268A9C039D0E4
                SHA1:86893C46615E3E347F6AD1A8D31C471CB98094EF
                SHA-256:830AF9CC203B1EA168622378148C52CC19C07C033CC4FA9B6C6ACE88BE07DA40
                SHA-512:E10F094B3ABFDD8C140C064C2F22F28C6E63EEE1710475EDA73C219754F54DC605E5FD43230772779A40ACB92668271703575ABB921FAF00F4101BDA163569DE
                Malicious:false
                Preview:{BnT,...I...F....CX....x...,..--f..f.~..5...`.....+@.E|xJ&.`...V.>2.W..7b....x.P..91..G!.gg4....K?x.u..OF.t.:.zs..y......5h.......'o...y..)rQc..KFZa/......3M.....e..d..\./O....s..Y..{..9..[Z.M.*...p1.s.S2H+F........."......./6....'A.......S~...E.9....^m..k...G...`EO3.SnX.._.....7...3...he..D.}..<.s.......V<Y...&...(q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2Vb4hrN.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):461
                Entropy (8bit):7.58771347210313
                Encrypted:false
                SSDEEP:12:ZEOCyNTFZdHYrjxXb2MpDDRqP71t70t25YM6yJ0H:ZRTFZVyxD9S3U2uD
                MD5:66B71313533BDDA90601FF24F7834786
                SHA1:68EA630381712260689195232EB346906620F845
                SHA-256:B2B0080B81C049D767D1B825EF3AB6DD831B7D30FCABF8A7246BF2B8232EB81C
                SHA-512:A311CA8E46DE6FAB7AFD729000166C14768697A18F8242031721F0D10303F4773C32ADDFC2C553F7A41E60EF9FA9E87F35B51EA6DA4E87F0CFC65184A583DBD4
                Malicious:false
                Preview:....W...2.z.....]..W....%.,....../.^..j..x.&.k.......-.....L..83.`S.l.l.h...c....A.b.J..(.0...`.2.,Ib{x...N./.U.UFvl.z.%...nR......%.oh.A.b.9d.2.&...Y..B}...zPZ..- ....HW...y3........`.|.>..9.bl.. ...qY[V......r.D(Td<.B.....'p......YS~...E.9....^m..k.7RL......D~.7..?..z.J...?.&......6.].9 .I/.!\e.....E.B._..[-.q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3QsAKsk.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):498
                Entropy (8bit):7.660067626744856
                Encrypted:false
                SSDEEP:12:88V2btmVBn/d5Qa1IEVyI3SXcALvdJt70t25YM6yJ0H:88VekBn/PQauOs5LlLU2uD
                MD5:402929B33DC06DEAD77D4BD4444DE44C
                SHA1:C84680048CF122CB2D75DE622B890F41AF06742E
                SHA-256:3B8B85D6D690FDFE9EB0351CB3F61C2DE715F1F2A1EB6112A2A64C4959BA7CA9
                SHA-512:A337C23049050C0AAA9E7D69C7799186271A2E9F259BDE400C05B67C836D3FB90BB96CAACC09B90C822D87126D371BB86B229C53532CD12715DD7371EF0ADDE1
                Malicious:false
                Preview:.2.....k4m....m.e.H..L.w...bD..*=".........}....."8V..v..*(._{..YM.d.......|yt. ..f.Z......c.pzYa....B.N...U.^.g.$..z..4.0.._M..[...._!@bG....H.,{...z.n...}...w&.%...O...zL....J......M.*nX&....A..b-k....T.....%..;W..#..~...."}.u2.>D1.[.... .HIf.ZnK../2....}|.^....a.....9....^m..k...iN....(..l.r......)..r......8...=.&.h../.9W/..V%.y9.?...r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\40PRn2v.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):458
                Entropy (8bit):7.574654908190242
                Encrypted:false
                SSDEEP:12:glUG3UCWP+P+L8/SSg1b4sAjl9t70t25YM6yJ0H:g6qqT1b4VjlfU2uD
                MD5:F4D37DA8A6D8B3C9D94D73F353D542F8
                SHA1:958748DABED28FA0DA256B04F8BA7CB7FB68B21D
                SHA-256:F9E5211BE472E2B82ECCB17C67A9CB51734C2874EB51AD99B0AECC5C81B71EE2
                SHA-512:C31B0813C3D3164566BB577A8743B42CBFE96A711AA963BBBB5DF67B9A1D564BCCD48A5BCB19A7588083B082E9A9E084B4A345DC6F998FAA2A4891633F689673
                Malicious:false
                Preview:L.<OB4...9.R?T.|....l.,L...t.'.g.R:..........z.\+..Vf.S...L.,x.^..9`..O..aU ...L8N(c........t..b.p...LP(..l....f...#Ny:+...1....{.:...-Km.@j..p...;....i.]sb.{)S4/.].o.v......O..;O...4...~k!I.....8..{.........s...W...D.Y..+..,yw..S.Qa.?...k....]m..h..r..|...6.\<.+...)..A.....r:..k.Wr...O-D..*...~r..=..2...Y.q.s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4GnQXOP.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):466
                Entropy (8bit):7.5520744237642266
                Encrypted:false
                SSDEEP:12:MSKiFLtv7YWZt/UrZuqURZt70t25YM6yJ0H:MuFF0WZt/UrZY7U2uD
                MD5:75B85F9282C839D818FEBCF59692361F
                SHA1:AC33EAB3E8858A33087869B92A05C886A8F8487D
                SHA-256:F3965FEC302A1D8ED277CBB7BF6769706380A4A21285AA7694E9083BD760ED06
                SHA-512:9F7CBE62F65911852B0C4314BC6E7E53F7B7215951028457F5862BF8C5FF72285BF0BFD5787DA4CE69B468FD754BA72BEBBCD628245704BA81BACE6E08BD8334
                Malicious:false
                Preview:....(....s...E..n.%_...9T!...UE~.v......)?.....!....:.....!...8..q..!.H.].^...!'......C..3......h.b..(,...r.v.%H=_s......t.......m..H......g.."{..r@g.\.>..}.f..}...-2yJE..O.c.g.of........$...ZR_1.......2..q..m.........r...q.c.#05~..`%.~.g...Sa.....9....^m.M|.....Fv?.\p.L.YK....d^=.'......'3.aa...0.USA.k....-..Z)n.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7d1FVlS.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):438
                Entropy (8bit):7.528318547264953
                Encrypted:false
                SSDEEP:12:1+zis5cKPemZ9Opa3Cz72RIsafA2/zjou9pt70t25YM6yJ0H:IiI3GOO3qIJfpzrrU2uD
                MD5:A8ADEF3AA9CE6CA8C4FC42253CF3532E
                SHA1:8EEA09CC6B204E220A6CFFDC1AAD58AA9DDD92E3
                SHA-256:0E523794891AC58CE8379F2AF3CDD33456E2F542F55118784830D386C760D351
                SHA-512:5770C95B4662EED2B725B405764687C39B138BDA9FC1D1B9F8784918185EF6B00EBC8035B262B3330F94C5F7C13BB9813E8EBF534EA74CA7077A036F438217BD
                Malicious:false
                Preview:@....#.k..S.U%E..Zg.Y`..)....J.%....f&..;TX&.M..pN)..!....x.".bsl...~.r.TP?........e.)G.;R.F[.../.7......,.F.+."tSNP...g...{./z(..L....^+..i.)....m|h...,.%a...M.2.`....;..C.#.e..:?..l.....".....=[D.Z....ST.....P.S~...E.9....^m..k..8.....(Z..hrG..x...(...=.Px.6{...tI|..b%.....a.b.3......y...q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\AtAIRHI.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):478
                Entropy (8bit):7.528843070940959
                Encrypted:false
                SSDEEP:6:ULHjtxvqF7Ysoo8aeGQ1g4HG4XhRtQMuXKtkc0ly2qVB4sJakyHDttjL45YM6yJm:ULxpg/1slZ3DuMVpBt70t25YM6yJ0H
                MD5:72D620478712B20DD9C5F4F93095E896
                SHA1:7F7B598DD6324C026D3FF154DBE627EC870A2E87
                SHA-256:CA014E6832B834AA542B9046956C8790A0D8019C101242704AB899D4739D7CF7
                SHA-512:D254C637CC13FA2062566456EC9643064474915D997598FF69A3151B63E3A2041AE4BDEF2EB4E17C06D9C71D6B9FE0D5640DEFBAE6CD802B5A385FBE397BFC46
                Malicious:false
                Preview:...?..bF..J.....6I...0.`..dm.!....n...~i.P./.ea....B......(...w...s.Ypj.o+.o...J..S._..%......I...@.V.J.&....A.4..c.!u.l.......'...D......o.lLh...X......A~H..0a...y.y.H.?.....>bx.;.......~.Q.B.N..........)...?............~..U...?.0}...&O.h......a.....9....^m..k...2N....T...l.^.b.....y..g....4...u.....0.%...._.|.z.j.:...z.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\BWNkCxq.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):463
                Entropy (8bit):7.533692231364385
                Encrypted:false
                SSDEEP:12:gV16Hvzsxt2vD13HtGbLqbBJfbGo+XKt70t25YM6yJ0H:Pw0v5XtGbLqbfz5+2U2uD
                MD5:A305B9B67BD322C75886118CA6D9D3F5
                SHA1:3D076D4F2ED13A2D0C0612699EE5DD0391599A05
                SHA-256:C78549E882339D3F7FB909A4BD9EC256D8B0FB622FE4352E6A691A5EB768C26E
                SHA-512:DC8AE4ED5B0C640B35C6A8BF5F746282783F190B60BC91B4592D06D6F3FDAD5A1A1ACEDB068102FE05B407749623E444E1E4969FD8DA96347907A66EF41BF6C0
                Malicious:false
                Preview:9t...a..Jk...8.N....9q.Tq.&......,b..:..#.....D.u.mk.q..9o.h~/.@2._.`T?M...........a.n.......~..HU&.|..>.s.K.oP........t.XPB.~...>.v.....g.....x.W..IH...4.V....`..R.ZJ,..0......h.Yy.fp..$....Qm?..$~[..$.....&...U....._....*Jf.....?c.?...k....]m..h..r...|.{~B.o&.;[+.P`....K$....I.Ivf&.........R.+|s..NVl\.5....s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\FwNMyrE.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):476
                Entropy (8bit):7.618161154281126
                Encrypted:false
                SSDEEP:12:4PndodL2GVifg04wfJ2mtYFKuBdUjK/Fdjt70t25YM6yJ0H:4cj0J2NtFdZU2uD
                MD5:564A1DB2B2ADC7F372BA47C53908A325
                SHA1:3C5E888C381B0AEFE79AFC137C7747B42D6A1A59
                SHA-256:D6C078AFAB1ED394D560F074E24EE1F9347BB65664341BEF53006798750BA0E9
                SHA-512:2E035C45305FD1808F8B07935557D746E0075FCE8666204DBB7A0FB16130C0E61E29C399D33FBC94886289579D4ACF558EFA5DE9ACAF3C11E787869714CA1F92
                Malicious:false
                Preview:1...K...q._...N...............;.9..).C..5.DE.Yd!......k..y!.wQVLvw.j.wM-._..9...<hU.|.z....P.....h.c.w...GU#_k..O.....g..8 c....Q.(k.g..%.....{MrE]..?.B.;...J?...7d..7.o.wS..>.v..|_.H.....,..*1.L...L7.J...(.+......v...W.3[D.....Rm,..)..cz...4.9.....^m..k..r..9].....Q.u....4.b.!.....a ..)O.Fvg.b0.>.H...x7.V...q.N.G<n.u.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\Hm0P0I5.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):464
                Entropy (8bit):7.575927346546084
                Encrypted:false
                SSDEEP:12:SPPzv67WEc5bDGNJzyW2GaMvhit70t25YM6yJ0H:SHzv8JJuCaMZ+U2uD
                MD5:8DF5A44C8AEE8AA4E0EDC8953F777F56
                SHA1:B27FEDF89325C8B9E83395F34F8984D8A7B5C6B6
                SHA-256:AFEAE0044FEEE587DB0DE57C9B033C9308DDB847FFD7F08EAEDBE4455E608E79
                SHA-512:FD22CC12E5A6CDC6A5046B3962EEB9DE96B8859F71BF0F63D18076EA0D181533E98B9EE6AA939E336CD2A97AF0A1D1F0676098237354713CDFB9A8A14AF9731A
                Malicious:false
                Preview:....&.x..~i.$5..)uU.p.*..(n..qm0...F.b.....^69o4I6H....."...._p..a.......,.B....k...JY*/...,.......L.O.e?.w....!......o.`d.8...\.....L..:.P..{|..z.?.`./.r....}al.N`.A.|%].{...$3.K.Q@(..E...fu"b..BM.`..........;.m....7.|~..HRGc.....S~...E.9....^m..k..k.....7...tb.4k<O6.G.'.!...r,..I...e...S..g...l...I... 7..q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\MFLH2az.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):438
                Entropy (8bit):7.537382479542506
                Encrypted:false
                SSDEEP:12:m8OLpGnK1zM+na60BapMEtWxt70t25YM6yJ0H:mjLpGnKqS3a5EuU2uD
                MD5:C01C8986019D26D6762306FF6AC74727
                SHA1:FA63D1BC30224003C4607173ECCEE4C0ED1FE535
                SHA-256:4C3E994BF68F790D9CA89D18E1B068FA7634DF9B1D4731851AA1C0A761D48D8F
                SHA-512:D41CA9CEA72A0F5C873F36962AD6B029A7E1CA039AA89031C0DD3F86DCDBA45C902D67E77468DA018F713607F2B2091CA6425D8F7C99B1570C34F79D3B50AEF4
                Malicious:false
                Preview:....P..6...:t~...z.LCT].(.P..JN="h6.{3...E..h.`D0.,.R"..Z_.8...[.A..7...+5.$..1G]..=.Xe.2...Jj*i.T+k:...t.e.?...no}.e.....+O..&..~#...V0...P !SB.=(;#....S..o0..+...~....x....1!........v...qp<zB.Z..+..E.J......a.....9....^m..k.. .V..H.G....B.wfO,.W..........Q>w....BCp..8..gK'P'.>..d.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\MhBbJLJ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):461
                Entropy (8bit):7.565209465390415
                Encrypted:false
                SSDEEP:12:rPyTQe4IfQiUxDdIIiVMZkTbt70t25YM6yJ0H:rPmr4iQ9zGSkdU2uD
                MD5:B9CF90DA0FE24B4BF976E5C91F26ABF2
                SHA1:D6328A353D42989780A9AE4DFF0FB006BCA76C88
                SHA-256:76DEBA02023D126F02857D0F1503871F2D29DF7C209ECEDCCA2F182A33CD9112
                SHA-512:17631F55130F7245147C4A2D88CDAB49359B4E5A344020E9AC29AC92CE7AEC2B2E4EF1F3E054BC7C6C8161260499CF33300EB4042D86C9D6CCD8E5B21BA425F4
                Malicious:false
                Preview:MG..M.....G:....D.9...8.....Qs..........H<.e..a..lxAT>.!..........j.h...%.N|D.e*..0.H.6.k..../.'..2`2..V.|.,.!.N.z.bx<..J.sD...?._..sztt.A........xy~EY..H.8.D<i.jz;g..;.[.8..#a:..).#...=g).......?.B..........V...(12-....l.~......a.....9....^m..k..g..._....m......L$H.#VA.}-.......-.Kk!&...$..A.?....B...a..v.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\NJPKbfv.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):253
                Entropy (8bit):7.240647576559412
                Encrypted:false
                SSDEEP:6:huYit01DzYCBCUQzUa4sJakyHDttjL45YM6yJ0H:h1JzYCat70t25YM6yJ0H
                MD5:917687CF548D1D560D81AA5FC23E8020
                SHA1:A79BD0A5EE944A46EE60FF13C18106DD8FEC3C9A
                SHA-256:F335E83D040F136D48013D2ACF9F72F0791C869F3734DB18B4E79BFB68FA308D
                SHA-512:483073A04CD9D527729C93628EA64371A7BB5174B10EA2E3D70FA231554CA7841AE138AECE952DAD0ED2F8102938E17073F1C5C8E79B1BC282DDA39CCDBDFC2B
                Malicious:false
                Preview:...!.J..FC"Q.q....}Gn)......."...z..&.<J...EH.o...S.zs.UM...6.]a\./........52.[5r.=.^.b!~....1.%.)..B..m....._.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\OULAynR.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):455
                Entropy (8bit):7.533914281151701
                Encrypted:false
                SSDEEP:12:C5RnW9+hNO05oStoGhpnRt70t25YM6yJ0H:qRnW9+rOSoSzpnzU2uD
                MD5:C84E256990B64F0B22C7AD156A737DBD
                SHA1:688773859095567B5D9E08F9CF72B6C1BD6F7498
                SHA-256:DE8024D0A68B9F66B2F756B7AFE49EFC44A3C388259BA1C575514D80DA66CE8C
                SHA-512:B130400D7B4143C552E05429B4E97C9CF32E19AE1229C73796D303B613DE05483E553B0C148C36513AC2C8A6564A68B272F96F08B401D1FD86536C9259863FB0
                Malicious:false
                Preview:\.f{.-i*.Z...K.$..D..n.....n&*..2....f.#..O<].B...cl.e.%.Aup.t..w."T.L5.z*5W^.0t_d&e..(.V9.Ib..R...+..........+.......MC........n.0..e8..4.1...B5......c.V^...0a(%....V......`...V.M+......N...w........).@d....7l..l......S3.....:....^mX@......... J...pp..u.x..rs.FlN.\..`.j.U..L..w..AA.ELH...C.m.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\P6R1Qmb.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):462
                Entropy (8bit):7.602261481962863
                Encrypted:false
                SSDEEP:12:7RqqF3WxZl538fOqTzfXL292BlZLK2t70t25YM6yJ0H:El5+OqfJlLKCU2uD
                MD5:39087E57AE7310C86AB9A4863650015B
                SHA1:F49E66993251090A9819AD599175FB05A9FD90D7
                SHA-256:337054017E0663B5250AD9B8DD172CFE9FCDFC6087FFD64C59844F6EDB336373
                SHA-512:9E091AF60398674894B6FC44FD7431A6A2870675AB0087267AC2929C45367EFD5BC93B2C75B884D198564C122BE15221F2BA383AF5ED367ECB40C964357FCCCB
                Malicious:false
                Preview:|3...:..Q.D.^8.N...Kia..%.(]^S.6......'4...*..t....H.....<......?.Fj.az.,c .3.gI...d.g.Yu.<LVs.ZyI.y....S.....A9.......)q.....;....&..d.:J../l&.AK..EdG.Z..C..H.!..j.H..&.....Kd......`.MAnM..@2e..-........&.....t..ZnM..37....z].X0J./.YS~...E.9....^m..k.B.C....a...>...Ue.F....1a.+..RE.2./....)..'....(..-.r....U.!p([q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\PlywCMh.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):497
                Entropy (8bit):7.587973868791112
                Encrypted:false
                SSDEEP:12:8C/p+eNBiQgkXyqSUCBbTbkpZFfC1t70t25YM6yJ0H:8C/pU3kXyqSVBbTqFq3U2uD
                MD5:90D9785BC252BB35DC549F5D47ED52D3
                SHA1:11698F0DB1956F240274EAB33E8C0A97CBFFF664
                SHA-256:13CF45007FE28FA0331C7A48F068A5A0DAA4A611AC0B29A1C514EF91685B5985
                SHA-512:375850ED416565324DAC7D7CDA81BD9501D181482187563F60F9AC6B1C2D7A302994B0A9C80C33DB6C0B27CA757D6FD9DCEE5C5C40106E275F97C080A7485132
                Malicious:false
                Preview:......P.bD..8.8c76q.>....f.7W."?=.....].'D.{..Wn.c.Y...&L.d.GJ7:...7.rH}f.l...ZnZ.5.......u.N.\...q.xup.g.FMtS......_..C..V.3z.F.....i.N......]...s...^7.mV=M.....;.&2Wc.......IUP...$N.....h...l-..^.D.1.Y. .q......).q&N.F.}.!V......O_...>-d.....s..\nJ..(86-.v.\-....h.Z3c.?...k....]m..h..r....(9.#.B.t...)"XC~..Y.M... '..>~.BWoc.8.e,._.X..4.....A..ks.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\QLzbcOT.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):431
                Entropy (8bit):7.447514137132718
                Encrypted:false
                SSDEEP:12:va0oSjc45+AChYloPJKzlcJTabdit70t25YM6yJ0H:log+vOIEydSd+U2uD
                MD5:AFE03CAE8AA86C8C88CA18E0D3924093
                SHA1:0ABB1499D4EF101F6AEBE8BFBA64E9A6C0AE9B4C
                SHA-256:5BCE9D71809178EC2A436F61E230768F60976048AA5C12858E551145A99FF65A
                SHA-512:C745C76414FB3FBD98AEDCC9EDDFBF321636768E55F83EE3B064339A6157736DF3C8732B1CE3719B0D689DD915DD62CFBE2906AACF85EBD8F27607BAF5C1BB78
                Malicious:false
                Preview:.=.a.'gM.F^uP0_...."..=x...Iu:..n.g..zC........4.#..GsF.......W...t....V.WK...x.dD.....q.e2.m.......V.I.U>\....In.W&E+..J.i..|...8.\....0. fo..b.WG..^..<+0......E.i=(.>.j........"....l0........L8.......nc7....9....^n..k..r.@z.:O...>.3....^.....6.z7.....U.RD......z..D..F.m...o..b..L..$t.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\RxLXeQl.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.561691214025864
                Encrypted:false
                SSDEEP:12:5u0S+PCsf9rJQGYvXfpBCKd9RA1bCdAZ1t70t25YM6yJ0H:5u0zf9NY5BCKBAbC2U2uD
                MD5:2DBBDC25C97B8FB9EB90CC6F7B775197
                SHA1:89F137AFFB604AD152C415397E48E260B023B771
                SHA-256:49EDA84154C23674EB84BE630497F59433503CEF76EE576BCC48F562EE7F17B9
                SHA-512:5D429B0E51A71169531CF12C9D555EF76E04F674B4BC8BCECA3501292C657F5EBB3CF52791C8B103C8A9FF7E325174E069CC845B0A93B24F57D31C3684478948
                Malicious:false
                Preview:...q.....3...q.0....d.X...F.g..DA..H.......O......8...?...b.Ta....(.t4.P..|vh1.=..7.s.8..........?BZn...).~e.Z.......t...>.p.(....E..<M..b....-.f|5..6.a..*~=..~...p...(.....)....l....KR...6).3.........."...nN..#2. ...\.......c.?...k....]m..h..r.g'.......$.'......Em+.FQ<.+..M)K9+....?.k...X.~..i5#;..#7Os.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\SYkH4vb.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):463
                Entropy (8bit):7.595517337994238
                Encrypted:false
                SSDEEP:12:TcaI+Le4j3czYyVOsXI1TBFhqQykdwt70t25YM6yJ0H:wvYjkY3s8/qgdQU2uD
                MD5:18110C88AD287AC16F554ED3A9F35961
                SHA1:5B3A37CDDCBA40A6F8F6247024D0DEBA9A3DE9CF
                SHA-256:A327EEA1817FAE102E0BC7D64A75E15F55A7126B2591060E0162780CC9FEA247
                SHA-512:F3AE84E870E2CF66A67E667D9EE37078DB69E72B434EFC6182498905E5514FA7DA0A56A67D40506E64F49498BF6E24A70767DB1536D4CADE1804D94F3994FD57
                Malicious:false
                Preview:)mAL....\..V......^1>....>p6.$#..t.-..<.@.....U.Go.D.M...p..'.%[.t.......H.B.5.....U=.)..M...w..H.3....].{..B....7.j "[7...}......}.x.4...........?..].+).L:.k.3..1.v..pY.....f..Ky..5Y.3n$U.X..2=[.b.1&...[x...........$Pa6.E...S."].h....AQa.....9....^m..k..,.......K.xM.!.*...... F.....1..d..2.........`.*Z!...s....;...r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\Sl120VA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):432
                Entropy (8bit):7.43179463793649
                Encrypted:false
                SSDEEP:12:Dt3/HT4S6x+aVn0BjB8EvKbVRm5+hh1t70t25YM6yJ0H:Dt3/7QfVnGjB8HbVg4hh3U2uD
                MD5:BB6BF86D97CEB1D357D98BC36343AABA
                SHA1:0F2BEB015DB98CFF93AF392FF313072B0029687F
                SHA-256:6807DFBF35646D092F5380C01222437EE9175FA1D174A9FF9F0313F82A31505A
                SHA-512:38290213D7397D6815A2AFA4D1E028A87AEF233570009C8EBF971211C6A4F9853ED4B420132E281CF27829FA3CB9420C00A37EAC677B10327FA56241A8ECB411
                Malicious:false
                Preview:.. qW#...y.hm....qT..}.-....*B."Wg.q0|............k.....K.m.?..F....aB.h.0.{.Q..Y..k.,.M....\.........D".e....Tj..q.))%r..Ra4.U0...5{H..ah....T.4y.......s......n3.6..*....}..........$.d4.bd. ..)'....*..Q..?...k....]m..h..r....k.x...*$d.e..^..DE.x..^.?9..ZV.2.i;.S....^5....F.....Gs.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\TXsrFaS.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):465
                Entropy (8bit):7.608726187624845
                Encrypted:false
                SSDEEP:12:oTWGbszGkNzBo36aFKK/o+UKNHCet70t25YM6yJ0H:opsCkNSljo+UeHRU2uD
                MD5:366295DE88AB7D801C5FBB3F02B379C0
                SHA1:603DBB7E7FE6E24BCC5FE2DBFFCD22FDBFE11221
                SHA-256:3651E0BDEB5F1213BF8BE0A4BAB367E553D2D491FD87E05901D1D20A3F776244
                SHA-512:2A34DBCB99724CC57192ADC87C6E7DC6BC7340EDA870FBDB821C318B333940B2956EA86C66BC7D256E41B594D52AD05D32921A4280F1103895599BD3389A1969
                Malicious:false
                Preview:..H..#/.0.d..3..w.......B./..]#*.I...n}..S..~.......X.).w..bB....Y.........Lf.@L5Q.{~...wG.8.$.9.|O.(HM<.P.............C..-...|L......n<.*H._>J...k9.d.<|,....=..P. .[.......:....?..Z.S'-..YN...4.^Q...I.......!...nM..+2......m.....AQa.....9....^m..k........... ....rp?...U...+....t.1...e7.jHA.C.....+.a...EV...lFr.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\UreDYla.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):457
                Entropy (8bit):7.595571745669062
                Encrypted:false
                SSDEEP:12:RTxhewZaJdV43PLVYLMG2c7E8w0/Zt70t25YM6yJ0H:bhtZ/2En4U2uD
                MD5:85DB61F8737B1B866B3EBD45DE9C8737
                SHA1:22384BC6949A398FA7FF438C9E08B05889667F83
                SHA-256:EF470F61630CDB2FB5366ADBE3ABC06F550EB146A4B57A2768135C309965F460
                SHA-512:30A68DD52706C52EB488C121827FBDF9533637F5554C4183C92B73328D0DB4700862624D0EA4EE2A7951D0457BFDE9018752CA8471F3266CAC7E470504D1C873
                Malicious:false
                Preview:EQ.7L#....3....]C...ya....%q{.:.l.k..D.0Q.lS...)...J.i.SR..c..S...."m"f..C.....Ns.%l.G.|^A]G(.B..H.H.8:._^P...b.......W..,OX.sb.s..-]....4Y..`.-...q.~yWU....EL .0.I.1s..Cw.....c...S2V0v}..(..57.5*a...S........#Tq=..8. ...)~._.<...S~...E.9....^m..k...........,..Y..~5..#O.7 ..S.O..l@5..../I...K..-.o...).!...q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\VXpwlyY.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):463
                Entropy (8bit):7.544670761438067
                Encrypted:false
                SSDEEP:12:NQtNqQtT+GJHx5ERgYMwyHypebHAu6GRt70t25YM6yJ0H:6tNq2Tzx22hwyHysbHlzU2uD
                MD5:04D72725B31A73C02C2E31074338E89C
                SHA1:CACD6B641CE5BC9FD27322FCE02B8A53753BE4ED
                SHA-256:C5DBB5B21BEAE80E1A7408018C10C376AF8EE1298141C5D1CE46620822414893
                SHA-512:F26523A5A1AD77D1FA1EC838EDE00E5C8BCB1C2AEA2C1BBDA7A96329C8C6000AA1389348A57BD2B75929375E21499C17534DE9AAAA371A9B7A010B5CE65CE1E0
                Malicious:false
                Preview:'..\.O]..sk[5 p8...SR..}..r..x .....R..:.k.0.....BM.8../TQ...n<..@.1^;.S..Q...D..#...(..]X5..>.....-x+G...N.....-.s.,.".o............jd.I.n...?=~..../~hj....zM.(tE.....,....2.z6..y.s...bV...f...XV......v..m...*a-~3..K}......c.?...k....]m..h..rU....Y.x.91.../2E.(}".Rh{.d..Y.!..............o.r.$.p".g..X.s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\XuZ65Lg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.518172178387466
                Encrypted:false
                SSDEEP:12:DUCzztFWDsabgNQ+9oYN1UkWln9DDRz1t70t25YM6yJ0H:ICaDsSYNvWlnl9U2uD
                MD5:C3319824C5E452BACA1B6B394894EBEF
                SHA1:533347892306CD89DA21C8560B003129F3A37AD6
                SHA-256:7B7A30F6F673730B3411F4E6749C4AE4530A8E2A7C8D4A87074E099A85D12B3E
                SHA-512:ED959820BCA0823D49D5E86C8FFED58013CE73286644C8C6C62FA014B3830FD9E15E8B25EA5E11E2934F9DE8309C14213B56A1205546F68A8D21113577CF196D
                Malicious:false
                Preview:.Q..F{(...o.1.9E..lK.}1.r6U.6.....&..f.....7e..TlF..%.X..1~..(....`4.li...D.3C..h.3...Nj.?|.....M...C.4.`.%.X...J.g.W...s..S....Q.>k.j..0...`F.p.;{..9Jr:.....4.2..Otm/!...;.zq..R.z...M.]..R.s{(I.Fd.........%.......+..~...q...d....a.....9....^m..k.........4......_.....cRt.o<^{.O...|..1..|...@.LX&.%.S#g..0.....r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\Y4hMRur.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):480
                Entropy (8bit):7.579258819634838
                Encrypted:false
                SSDEEP:12:nQYbmHw9jj2BrYyuaWg85OTKt70t25YM6yJ0H:nZ+8fWrzWh5OyU2uD
                MD5:2A0EF668BF258AE83EA85D7F74C2D43A
                SHA1:08CC58C68999E49D620655A7F120BB0A871CEAA9
                SHA-256:FAFA4D9EAA088147033A22CD1310B80BFF2F7B0A58CECFAFF274CAF7FAA93EFA
                SHA-512:B5709D6DC81294D353BCEA0E4E99C2B07A66700C8282E716C23C4EE5E8C098B54A05DF98C258268094E154EDF4A4E504CEDC1641C13450C2580DA06235D7EB28
                Malicious:false
                Preview:.b@}.....v.W~............l....t....+[.......:.%.z....&.,...t.i...E....h2qn....G..J..y,...N"...iW.v..7..*....\J.CI..T.{!..!A...".V2.G5..0k.!.:.....J.......2....0...L.....r).|n$...L.Mo..|3.g...)1..._....7.un../l(.i.Ua...T.......B6..n...7 Ly...sN.z...AQa.....9....^m..k..Yh..Z...nV...1..........u.h.KH.*".q.w....=....K..-."k..5...xr.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\ZRFCZjJ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):461
                Entropy (8bit):7.533959200842554
                Encrypted:false
                SSDEEP:12:s5ckqG7CLCxgyCU8wWOcNu6cwFIZF+TwsRIOt70t25YM6yJ0H:sGfexgm8ws8mQ+UuI6U2uD
                MD5:843A012F9BB74E5958ED26AA6879D5B1
                SHA1:910DE5F4B7410FE66295275EBA5128AA2766448C
                SHA-256:0C014174C6E2B921B03E5CF06570CF2EAAABC815D495431E7803AF8E03D55AC8
                SHA-512:2F4BD608D489CD71793B7B862327EFAF838C4DFB72377268E7CE88ED1F183B12216CB50CCB7FE5D2EB191D58A1405E72200B053D292F5F5C659B2734BF558929
                Malicious:false
                Preview:...H.og.....Od.UZ@...<r.......L.S7.$..y....O....B^Q.8...e...SL...................V.:.....=M...I.....S....2..y.....N......o|.......mB.p..U@.j>+..<b.?.S.3....7..._I0..T...l<..7..m..jM-.q.+7/-S..3.w._...3..V..s.\...."..i...#d....CP.0..q..Ma.....9....^n..k.i..#c..<A`Su......)Z.N..yY......b.z3"...j...6.?*.R.p.|....p.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\feLIl6L.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):456
                Entropy (8bit):7.533148206365482
                Encrypted:false
                SSDEEP:12:XskhgZG9Qiy6bBVtG0W404vn6Ht70t25YM6yJ0H:Xr/3nuGiU2uD
                MD5:853666070B7E65DDC65DCD5ED0589425
                SHA1:BB808540C58B45CE0B7FCDE6AFE9283BD8C6E72D
                SHA-256:DC572D5BDCA97A853704233B76360C190AE456310D844FEDFB06B166AAB8A0A5
                SHA-512:261F140FB5FD039B778596A266278582D80C0322A5B479D04CC3472D7B56862F44C53AF85B45E7932188A1D3686CF42B0FB3CAAB698949770CC1910D9865A67A
                Malicious:false
                Preview:g\...CiS...@...^.d..}I...6@.."....+..*..*.....G..XK.:y..e..E:D..=.........'...0r_....Z.._.a.G....~._.......ZR.(...2v..K&..l...r.LV..I....&..v....r..#&.....q...p:..J....3. .wb;.F.T.........u.Y..kR.......p..R...+39...|E.....Qa.....9....^m..k.../.T&.b..........JiM.Z5...)._._..>........#t..k.^.iZ./...M.T.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\iR8KEgJ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.528964075085662
                Encrypted:false
                SSDEEP:12:euTQfqGUEm8WpRjjVuZ1kEJVg1t70t25YM6yJ0H:ZsfqGUmWXjVtkV0U2uD
                MD5:859F3BDFF5B40199E5DBFB04A2A92F14
                SHA1:E23AB48E2AFA50A5283D19D49CB9D4C44F2C6198
                SHA-256:38AA7F2896E15BCB3A30C50D2820C6D4021E12B2109FC9A8F5B583EBCD9EE351
                SHA-512:E1041D10BE99744AAC60C0EF290FEC896B3BFAEB05C800129BB3882F16485849506687B1F81EE6387BE71935F2E3A46B718D16F0DB07EC7A112D46AA99334EB3
                Malicious:false
                Preview:.....X...0.`...a.`.e....M5.8..^.2.&R<.1.....Zb..|;.U.....j..i....Qc.}...OG0`.;..5..Si.gY.R1(.k;.....E...s.o...iS.L..%B..UePN....Qe.{a>....;.5pC'.A Y8{W..0.......H:.u]F.{KmQ.;.....A........(VK.....-.$E...?x"4.-d.4......i...X_O.i..Sa.L...9....]m.....6.#.Vj...f.H...g.....q......}....M9...B..q..y..\.Uq......8.o.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\SLgAjM7.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1155
                Entropy (8bit):7.835401638086397
                Encrypted:false
                SSDEEP:24:sVn8fxp2vxOMY5DnvakI73+i/e49nuaI+Y058t+Mk6XU2uD:ssX6MHDvNZyf9bFS0v6EL
                MD5:A9A163523FDED76853019AFAD25D1C37
                SHA1:BBBE8DACEC2AF0735E98733C8E9138B1828790B7
                SHA-256:AD2A308498D63A76AA3979AF38C1E2FF550BB99D5A12EDDF3B32F078F078C3C4
                SHA-512:747585D4F8954157EDD1C20BD856BA66C77C65601A38FBD36C7448E5C956BD9B58AAA2B760B02500FF57AA4ABF2B2C90FA975D134A3329BB6FF201C6794DE825
                Malicious:false
                Preview:7(...../.M.(p3=..J8.nvq..|?+.Y..G.:..z.=...x!.^?.w?#@........V.[.fZ..~.<`..o...x.o...G.s..pvKu'....N....'m..'z. ..GV....Gm...."p...B....8.0.j..\..RzB...K....L?iz.R.ML......P.s.c.{.L?.$..5.V.pKN....E.....B,.{F.&F.E..w.....c..$..}).*.@L.....#.w..pB.\.K..q.......U;.sX../TR.k.t......>..F.cdb'.3......$$.7....wa...]. .'......+.......]%.wBy...b.......-...Z4`.e..V...rV...B...s._;...I....5h.}y._..DLS..O...A..n9..B.......iDY..v,./.....vdQ^.H......@.......3.Tj..1.A.|...WF.L...H.>&|..p.+.qk^.g.d*R..x].$np.>..W(......e.m...(.p..x\........S...f=..Q.,..5...1..hG.;J....c. r8..A`...gH..&/.^q$.|0^.RoB.....B...P..Lu.]. !x.pl.n'U.q.........H..|z+.h.?.U&..Y..x.DgH..q....4a.....U..ZC.c./.......p...%IX..k.._....`..~G.,S.......gZR\.L..NW...M.....!.'.#=(..N..........q..#.\(.....Y...\].i...._...U.+.nk......B.........e..{..X...Sg8....#...Oj....1.2^......3....Z.......;.,M*.s-..........j..m...3i.v...X0.m...S3.....:....^m...Z....S...e...w..............'...PO...j

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\lZQxN58.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):464
                Entropy (8bit):7.540194003124045
                Encrypted:false
                SSDEEP:12:mwiMNRLWa9I0IGyv2tfGbfz+UaYTGbZt70t25YM6yJ0H:C6LWa9I5v2xGb7V6b7U2uD
                MD5:D5CD3C994109A99BC3A581D877D9CA15
                SHA1:313A4E16B43A31C0461583E30F7963BFD46BBB1C
                SHA-256:0F6169DDAA08B9B9A5F09863C28F8058E12065FDB14F170AEC03D22D9FD14E8B
                SHA-512:5A7747D97190B17A289AB4E0A4921F9164DBA54EAB5707505504A941C22584106675FF215713EFC19E108E8D61CE71C55DCB5FB7B741B7C92CA0F8C818B73F2E
                Malicious:false
                Preview:.&...^..e.Lb....z...T..sbvu./!.UT..........Q.b.C.(@..C...t,..4.....Ea.&vs.....\.P....s..=.:.%V..[....\~..C...JZ.^w.QP.[c.xW\P...p8(.7.......sp.o'.-..8..?..."(.X>...p..!Q..D...`..y.?|.(....oE.h.....!z..b_.....lu..!.u`z.......}T.W.....?c.?...k....]m..h..rj,...U...^.fo.`.C.xB....!..]1.*.rD....D..Z.O.g@.D..6..R..".#.s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\odNcSQ4.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):481
                Entropy (8bit):7.61320705366903
                Encrypted:false
                SSDEEP:12:3hrHbDJ9RbajvX7Iebe/8WHD892CEmFEa1Pt70t25YM6yJ0H:3hb9ovX7b6/8ccEraDU2uD
                MD5:E6DD26DB0217AE651DBBFFD240671746
                SHA1:2704FCC00C30BE622C9CE43D125CD8BC0C5EC091
                SHA-256:432B2ADF90D5DFCABFC3D7EFEB9DD0B34C2AEBD0556D20FAD1BBC8F17B8F4196
                SHA-512:1099B9D3C21C66644219CC7F89E940C1FFF7E39D2EFB1BD5C4C6ED21835BE6106DF89FB588C85A2CE434B3B14DAA4AB6B58629DF818C698428FB4255D2626637
                Malicious:false
                Preview:.....mdY.h'..C..%...`...r2.......... V&..3p.n.:..-..X..k..:....a....F..4b/...w.x..==..~-.....Fq.....,.......y...^.KA..#..z.n.....j..Fw......)^.......Z4'..L.9.q.c...8Ip..........c[..@5............L./...p1!N.G;-g\..k..c.".....2xs..$Yd7.G......{.f...P.S~...E.9....^m..k.....F../\._...]3{e..A....ah,j..=T.p..h...b.p^J.|]I5}.I[...a.dq.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\otk5zqJ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):440
                Entropy (8bit):7.502984083118057
                Encrypted:false
                SSDEEP:12:SJTtswWfvqfJvVB7LuPUC4RA7ilbAqiGt70t25YM6yJ0H:ShtamFVhyPUC428bAqnU2uD
                MD5:2B1B939E462AB6DA583FDAD6AEF53EB6
                SHA1:4215601BE6578C77734C36F7C47E1A19DC38468F
                SHA-256:EC8F9F6518BDB808845CE4CC83E44D7ECE1B3569E6FD7ED31C7B2C2F0E037576
                SHA-512:E6D3F19BC38FA7EE210180DA6D8C883B66F7A73404C3EDDCB760A92737ABDDB3B12A67EAC592F8AA8900042C12CF683924B354DA422A66ED8F2BB0C094D7F9EC
                Malicious:false
                Preview:..lb 7.4.O.....q..s.UxU!4....i3.....v}N.).nv.8..,|&.h....$-.0AN.F.........6...SV.F.t..F'.]....|.......0......].......Z.-....u7.#.p..2x....c'...[.L......AB.&...8....i.P.......|0.-.....cb....2xq..$Qd5.@.X.....i........a.....9....^m..k...Y.uw&..y......9.U<..~.L...!RI.........+.0q............%.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\p7htjsc.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):455
                Entropy (8bit):7.600614315317847
                Encrypted:false
                SSDEEP:12:0BYFU0zZYuk/GSvtAFUuNbRgS3NbvK2t70t25YM6yJ0H:RU0quk9u1NbWUNDKCU2uD
                MD5:24062C806D99784DFBBBBD8F3FA82E8D
                SHA1:1CE552A1211F38FC5D24F558487C18B56B1B83EC
                SHA-256:7F501818DC82642551509B6AB8DB0C46AA086FF7BA87A6ED386D92ABB516BEBE
                SHA-512:F863B9234E4C07F4878870BBC9FBA33C46A0295036B7A98440D2624A12461C89B8BE44F8D7C0FEED264527E91A2ABA9FAC315C7FD5E5CD808884067E20BB216D
                Malicious:false
                Preview:.x/...$b...2v...Q+..xZ.V8......%..'.....v&..7l.....&s...(sL.)..".._G..`.4..9..)....b.C...&...Y.WrSV1B....T..~.WRI.R..B.".?.{q8W.6.^4...6....{...+q,.1w.......".w.K.19.d..P...n..|.nU7.ph..P[.W....;......w..S.0[D.5..Y.I.X.J.*..Fc.?...k....]m..h..r.P.Q.... ....].p:.F..^eM&P(.u.}.XH[2.q.......i....=.1NF... ..s.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\rn6xrWc.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):469
                Entropy (8bit):7.56394068936622
                Encrypted:false
                SSDEEP:12:N/zNgEgMexnIYiKGZ4LuBdU65ALlTB9Mlit70t25YM6yJ0H:lE8yLJ0+U2uD
                MD5:9AADAFF34BCF3CE6E6B4140BF9457E0A
                SHA1:8D678F5130FC3C411C8689B06D4DBB975C22EC96
                SHA-256:2A78B4C676A28E3D3CA2341A8EAA81A79CD3C9AC64F9CA2A6C864A542ACC9560
                SHA-512:C873492431D32E00D87639444855DE21E239BBEED14CBD69728F0F4220B285E06E7C559083B2BDEA31EC3228F43E1022781DC3D157DD989179E91C23D7DD71EC
                Malicious:false
                Preview:...t...J .~%h..Ow{.b..nPxLB.......4.yr.U.W.i..3i...u...\..eq!..d....T1..!..$....*..v...40/.0.2..#..{_..<.....WSOq"......(v.P.N.Rx...D....8......9=.t...r./&..b&..3f...-.X.....;&!v......|..=........]....c..{s......r..]y`1z.....+..+h^..*..c..4.9.....^m..k..r.._...R.?CA.B.p.h:.[.#..@mB.......u.;..%.......9#..Kq,s.j..Xu.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\soTITpB.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):420
                Entropy (8bit):7.472728489431276
                Encrypted:false
                SSDEEP:12:aIAHnvVhRflUx+zAg8k3Nct70t25YM6yJ0H:tInvVXNUl6d8U2uD
                MD5:359C30BF260A3C29D87C60B4E748D6D5
                SHA1:74133CA030F4B82CAB148C99A6954363EA5AC503
                SHA-256:4368EEB2C32902AD3D2ED2890E3649996056C301DCE940A0B01C527FFE3A817C
                SHA-512:34408129A99225C3B8E6120CF2717F43AF87117994AE272AD61EBC5FB20B86BAD08DC0F3F6AC29065F56C442F83EA59096615B53BD6FCE90A924B23356B409CD
                Malicious:false
                Preview:..ab....?_....6..&e..q ....=...D$..w.<-...\b.?.t..5s.'.....y.7.q.......wb{.........O. .]~\..#b.z....Z+.rS?.r.3z. U P.i...Y.......)..@p+R....S..u9..8f..w.x.V.p.....'.<..-~.....q.;_mlf..P8.`...e........a.....9....^Fy.j...,.tm@&f...e.o.........[.*.?.d..`.4VW!N......?J......<.l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\vWWqX2B.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):475
                Entropy (8bit):7.471366278402562
                Encrypted:false
                SSDEEP:12:jA4DS/XScovprgWWvRhsNf3BPEOt70t25YM6yJ0H:jA4ICcovFrWTsN/y6U2uD
                MD5:899F2E9CC3C4E291C2BA5879D887A1F7
                SHA1:55A78423C43026589DBA3F1B47A09BEB565EE86E
                SHA-256:6A0CD0E445B4FD24F048CA1E223776914B29670437F15D7732E3147FEF205361
                SHA-512:E5E5EA2F66AAA5768B13BBBB5A8BCA5902DE6C787AC6BAB4C3947BBB19DB0C99487E0F534824F6579D7F81BEBE3D9B2DFDB29743FE3DE9167B466910F51D9C4F
                Malicious:false
                Preview:`"M.....G.9I.P.+.......N.l.A.G.S.OD]P....=...F.l..0a.4.p..ctI.A,.....0h.I....Q..,....f.O.8..D...g-u.E.N...&0.|...........'.N...yR.fI.9n.p....'g.Q.@.U....X. ...<...s.......... .yQ.....RiyL.sHv9.r......wS.....D.{..]D....r.....df?6)8..!a.r...AQa.....9....^m..k..nn.t.F..nV..2Z`pY<v..`qh.B..Q.^.*.[....*Mg.x...FPS.U+..`V...4.r.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\y04pYRR.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):460
                Entropy (8bit):7.577602401893222
                Encrypted:false
                SSDEEP:6:ftLHIIxDkVa5LNb5iy5c4uWVsB3YHWmd2Qvb1Xz/Y4sJakyHDttjL45YM6yJ0H:tzUa5J7c4uWqc2Qvb1Mt70t25YM6yJ0H
                MD5:F582240DFE64DE06722DCC5AE5871B85
                SHA1:62EB5B4EDFDE5FA16E1839492D9E6805B4AA99FD
                SHA-256:D1D9B1A721BBED9F4307333FBA6DBBFAFA1B8E9669BBD260EB77754C2FBED83F
                SHA-512:7749C5A6B83E184F8DBF88010F8835F4E41A4917CF358548BEB9B759935E8FC1E7A8B96590952808B8E350DC84DF47DD85C0728E6C265BA89B7723582DCC3294
                Malicious:false
                Preview:.....g...`.n..a....[.:,..^.kg.psZA.t-.~G.-{..W.S......$.g...:.V......1nQ..e.8.<.....h.mC/..9.1.H...(.A.H.....R..l%&..a.. ..."..N...,...G:lH..[{'C....=.;..\W..?....?.6'u74$.<.....m.9...QR;R.+..-.r...CF........"..iK..+c)....t..0J./.YS~...E.9....^m..k....;53i.1.&.DiB-dH.".8..Q...D...L!.....v....g........e..W..q.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\R6mbe1H.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):253
                Entropy (8bit):7.166619687416329
                Encrypted:false
                SSDEEP:6:61DzYCVB8V+rHQjj2OJ6Y4sJakyHDttjL45YM6yJ0H:6JzY4KV+rHQWaHt70t25YM6yJ0H
                MD5:370764AE23FDF571FE4B3CE6CED98B49
                SHA1:A967FE657CEB5573EDD0D7C436AFBACD100BD60A
                SHA-256:9EC1F19CF9540AF1D10E918930322ED6AD3719B66571D4EB89C47FFCB4AF4A56
                SHA-512:C88F924EDCB04065E0DFA18AC062621076A3A2F90EBC39C9C538832234D0D0CABA6A27A4135875B0023044CEE80CC6F950921EE7EB5E59D0641C8923BA1B3D62
                Malicious:false
                Preview:6(I...7.5..&}.w8.2p.B......."...z..&.<J...EH.o...S.......N9K......^...8.<b.t.F.c5.RO[.m...;.w.#b..Q...|...1...+_.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\p8F1T88.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):291
                Entropy (8bit):7.286379542152722
                Encrypted:false
                SSDEEP:6:0KPtLVBrgw+sMZ5/OU7gf2ZeJmr14sJakyHDttjL45YM6yJ0H:hPljrghhONeZt70t25YM6yJ0H
                MD5:8BC44C81E909CA5EA3EE2ADF640CDC06
                SHA1:0FB401F1B558F62D2265609CE56AA8016084B505
                SHA-256:F7674BB5FE66BB6481B417BB4F3DEACDD12AF9B3ADC242B1BDAE4251517C7FCB
                SHA-512:B5E9D2307C7E7C5850319781A97AFF127477FB91C0633E93FE5CAAA67EFEA5FE7D1C3FBDF62F9542D5DFD02D1EF4131F34DABCEB4C2CCA942C632C972B68466D
                Malicious:false
                Preview:.Z.(..*..6tm.'......2|z.%=f_.D.m.~..c.4..H?".K.....j..m...3i.v...X0.m...S3.....:....^m......K....>-..473Ru}B.. ..........<a..T...K{1..#.z...(.T.RCm.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\AY3BO3s.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):283
                Entropy (8bit):7.217298779894711
                Encrypted:false
                SSDEEP:6:arR/LAU8v6FxJ7SUkbia4sJakyHDttjL45YM6yJ0H:2RxFx+iat70t25YM6yJ0H
                MD5:C96C4436B410EA8803816493620C5889
                SHA1:2929DCA14E435154DA84501E67CCB78B658089EB
                SHA-256:D0BB79A79ACC20FEFF665490FEFE1604A03823288400A8EC12503D159540D7D7
                SHA-512:0534DDCBA29027BF6246377F3770860360AB77A395C0074BA874D6D5E0AD3FCAE468971244F5F314AE3D525B519E30696AA219B574C8843B38EE3F202C4F5868
                Malicious:false
                Preview:...R......ad."..W..8..x}Z...f...t..r..........%.V[r....D.5y.m......a.....9....^Bx$......^.."B.+.P...w5..o..hz..%;...w?.Mk...._.`..\.^.~.e~.W.l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\O9ILHoz.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.240250140927354
                Encrypted:false
                SSDEEP:6:AFbzzxseVqbC4SnFxMOXO4sJakyHDttjL45YM6yJ0H:obH9VAMzMqOt70t25YM6yJ0H
                MD5:FE97C17451DCB57E54F5B2C51DAA037F
                SHA1:CE50B53D6EBBA6B1EA45C0CCB00047992CBAC6B4
                SHA-256:8FF2C94B2B0538572657630D4A39F94341218214A4EE95D7BF08EE9AE63E7EE6
                SHA-512:769DB92FDF703780313ABEB413F19F102F245B0225E0F801039E23392F3269AEAF5CC9E51B267347449F9B208229AED8E4AB435211260148B224965E515B11C9
                Malicious:false
                Preview:...yy./p.....hz.......BG.vn,..&.,...EH.o...Pa.....O.X.=.s.5....{.tHF!.].&_.`f%.q.C.Y.L..."....J...Y+.&.m-...b.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\j0wgNb0.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):557
                Entropy (8bit):7.624714511554311
                Encrypted:false
                SSDEEP:12:0M9xl4YRly520vsAr3X8HgfNZB/yr1od0KeECtAht2t70t25YM6yJ0H:0If4Yu2Z83sHmNZB6r1+PeECKhtCU2uD
                MD5:1AF6FBFBC07653ABC8DA4C6F993BE7A3
                SHA1:565B53B00877D2BE92A70FA9FE0BA06CBAAE9333
                SHA-256:ED2A8F785216C95CB6E410B848EAE850E8B1102D65DA4C4993985E97A1155AB1
                SHA-512:EF94AFB7ECB310574B43158E9F39F752A3E0BD8746A57A4B324D41A0882B44D8327E18BF78930D535894886249E62E651A26B20714714175D8158F959B0DF9E5
                Malicious:false
                Preview:v..../.....a.R.....IJ.E...+1...e.._.y.l..].8......Fnc...N<..U...f;.tR.<...c...|X.).8...iX..s.6.F.n..."...Q....b),.........i?...oF............t..LFv....A.P..>...9J.Q.a{.v.+$.rC>U..A%.....yC.D.z.5..|3.U.&..H.{...e..=.i.Q.z...4: ..7.#...[.z.F.=.?.............. .p....6...r....z..../......RAa....9...0..Tjz.....Jk........1`x..&.<....EH.o...m..1.r%...wD..Z.)..M..Z..L6gaiS. .P.. ..Fy{...'![.._.g*&!..[.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\tejIfFM.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):524
                Entropy (8bit):7.551752735027151
                Encrypted:false
                SSDEEP:12:odGAhdDy4BmFbp6RjeIjAXiCDdJJJt70t25YM6yJ0H:+/hdLmFF2jmiCDdjLU2uD
                MD5:D39551C1CCAFADA3F474E1980BF99360
                SHA1:F6AA0964AF5B7DD7A587D0BC95338AB65865B326
                SHA-256:1ADD5608FBF46563100EF1888436A482C5CA2C60D85B69EEEFBA1FA393BB02C0
                SHA-512:75BB78986894055730C491E69C6AB85714C1CA908EF288462273DCC3980B83625430A485616F10DF01366CCC1AD3F5964D52031C2D92EF8B0719A09DCC902591
                Malicious:false
                Preview:....wg=..;..q...xE._.... .9..`0?u5..j..o..+Ny..[....VY..+\.V.I..;W...j...u.<..Ht\...&.R...aWC.B.....y=..(.PT...E.Y.f..mg..`...,_\.n.f}bp.......i.Gn.6..P..B._.......cn..Sle..f.}.....YQ.#.5X0..&!...k...&.7....o.>`+p.d...r....2..+!3='.9u...q}......S....Tn....Go ~".m...........i....aZ..<.....H.o...Sb...K..M&............M.}..d...%?5..9N.6g...Q...r!...}.....$+.n.'c.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\CyVgT4y.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37113
                Entropy (8bit):7.995298940170248
                Encrypted:true
                SSDEEP:768:LbsRfK84kKFBUackJ7ZANEJ5GeIEa8J1ml55KhvJKbQAA+mw:fi4kKDUaLTYEaL5eUzoJYQAA+b
                MD5:45B7BA7C1D9B44AF4D95AC0DC992BB4C
                SHA1:26D50D95215FE62C1CC46F61F964324EAC9989DF
                SHA-256:64044BDD848896B6791D3F1B1535F86FB2A60C073C26C2E9AC17BCEFE66D1852
                SHA-512:1AFAA4F86A4B85D9CEDAC18297D2AB22E78AFEEFB5B0D8845E7E44EFA410BB3E83E664C62A702D7DFD2C54265E96D40B83B9966815144D7847533C1A1C7D324D
                Malicious:false
                Preview:..t?e.:2.$..h.&X...<B....... .#.RC..<..0.......R.=.B......a.`'Y..u..UX..D7.>.. `..\.<Z|...#.Q.'A.......!......H..S.X/...4#.N.t..dI....:3..w.,...?dBl.....-a....W...$4*..h.@M"S.g.....4w..'L.!Q...1c.n.......R.YY....T..d.-]=h...c..2j..d(.I~.z.........}....~...y..........n,..4.............C.puQ.......L.YGp..`..p.w...../i....i>A{(....F...(F...P...W.m#(.........,.....?.C4....%^...C......y......%-...:.n.rR,....Q./D ._.Y.Sw.....Ti.4..\.....h..0.TP...wV+.5.@6..(v.f&XE...t.W.b..p2..):..:..h..5S..rB.x.....I......x.~.m.z..9..).C..a..,A...../.@&.W..1.^........io.0F3. ..{....eV{g..D....%..+9e6..+...~ht3Q...efuBo.0..Z...n....k#!m....G.....Ix*9..O....Y.~..".L$._c.\.B..J]......k.8..2.t-X...S.<$UQ1./h..G3.&C.R~L&/.G)~.S.c.*3.....c..d.(.....wuL....M...c...iJ[\.+.C.(.Q/..V..x...:..^..'*.......m.W+.....u...'....|....u..@vt.\t...............].......Y.G.L.3..$w...o.5......q%.hSEo.. :......U..R.kM....>+..1...)....$....[Q.V..3...P...p.........Z89..:.L.O.jh,..c

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\QVxc7bN.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):347
                Entropy (8bit):7.363906199861997
                Encrypted:false
                SSDEEP:6:qou1/Y4JTnTaXEYcb1Rp+qO2EwBo5R1t4sJakyHDttjL45YM6yJ0H:EbJ/7b7n6R1tt70t25YM6yJ0H
                MD5:8A162C3451E0B47596E3497F7C2491EB
                SHA1:CB2C58F09BDDD8CDFE6C4C6A9734AE4C88DA84B7
                SHA-256:E229AD94BBBA006060986AED2EA81FB2288A43980DDD2815C59AD172702317F9
                SHA-512:05350467A828637F92EA528C3FF4533295A4DEB1FC176D9ABFD538E2BE87C6FFCD82B91CCA6B63D1335CE17EA8CDBD8AF9366071C7BE206DA5A0898361D90CFA
                Malicious:false
                Preview:h.......1S.S*VgY..xD...U.....S+4.......NIR"2g]Gl.b..[...6...F~.r....._....0.o.N.hf..3..).....0....n[..l.....!Bf...;..2.....;......m..k..r..S..g....%.x{.<.4D.-..a....."d4...|.S.P}[.. ..t...c..Qw..\...V?....y.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\VCPe3o9.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):20712
                Entropy (8bit):7.9903765567247165
                Encrypted:true
                SSDEEP:384:91P9oDT3lqucdnLSsc98WisSfC4WGV8/354ysFCaI93YE1e9Fy1:91YVqu+HTpWGa2ysFCaIhYYwy1
                MD5:542BFA2C7C59EA9E89A2453A46C0F45F
                SHA1:E65CEA81C0CA1F844342EC6F500B3A1E6FEFB1E2
                SHA-256:83C2FEF237E18606720D85A101D2AFF57262B6140248F97579920581987EFC44
                SHA-512:776E9658F1E32798600B7DF2FD9FFBE4C9BA718B8A39EDF25C86F9DF3A0DC31E4813FCB2B78AACAD910B9C84243862B56FD29009741802318A55792697A7D08F
                Malicious:false
                Preview:.KF.b2.....X...m..x......]...f.o....?.&0.duA.$..'..1U...f.U.....,..M.........;.,.h0K..jR..9g.x..C.B...cG.O.1.J..oz.pp...x.......)]..,iws.YOh....m....$u.... s....Hv..PGe..d:D.....a..FF..?9p]..........)s`.+s..iZTV...s....<D...........f{./(.X.h'.....Z.....O..%fE..9?....<....W..>Vhz...$..Pc.evW}.P..:..b.\_6c..L...rD...B...I.g....q...u......tk.m@;gOy..x8.)..XWyRr..t@....s..;..m.T.B..W.g......<..v.[.@....u...yt...=`B.F...U....,.H..b.23d...(:/......#g.c.......1...i...h..5..8..."Tn...j..G..".:3.....w.....<.bz...h..e..7uq..Cc...E....)-..f...\'..c.Y..:....T.te..E.1.0..,.....L....j..+...K..$'P.5X..-a. K.c.ic.=7.H._...#'...4Dl.a...e.g...xYF.|...>.?<.....R."y.xV.)q.u....^E.tn#v]sRI..z..i.BN2..W..,>......X2.n..C.-.C.D..$....[8.M?{....,..5.1".f.'..c......S`$.L]...j....1.wKo...lH.. V.B....w.V..lZst.t...*.a..u.J-.I....D.K..Z...=._.{7..$Cq......Z...3.C..0...".d.>.a.4...>.u@.....Q.`...-....3j.4.......$.`.....6?.H....v.....l....|.g...#H.r%.&.^.'

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Qh6ZH6N.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):510
                Entropy (8bit):7.609195191291881
                Encrypted:false
                SSDEEP:12:QwNK5ARO2QtstLix87o0AmliW5YmmZa6l6SQ1t70t25YM6yJ0H:LCgHMb1T6SkU2uD
                MD5:A7EBB2D60D18A8ECBF67D70CDF870C84
                SHA1:91EBEC5D899C3345FFE8F835BDBDF0A40143E2EE
                SHA-256:90FD175933DBC35A17CE8398E76F74AB6E05D215DB0E6FB85011E0FD4381B5CA
                SHA-512:EB40AFCDD41FDAEA0C1FE29E3A34E085D461558189B860A9C296EAC2E7C82CE9AFCDF394728C07024BAAE61CB1A106C4DF4B3A81E9A69472CD565185D41E60B5
                Malicious:false
                Preview:......w..Yz...........D.7.:.ViS...aX.........~. ......q.".w..<.j*4~.....O...U..f...'.am...wY.x.. ...........C..8H@.,........8....Hd|?z..c(......l.........*.=N..D!*..H.O.2.Vm...d.{.K3.R.6b..e.+.....9ve*?...?.~.."...m:..B.S?.~....A.R+......*Q......G...X)V..Rg....U..c.ny..}pm........1`x..&.<....EH.o..-.>i.J..{....Z.<.4....h.......q.h..q....!P....RJ....v.......[.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\EUz4eco.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):512
                Entropy (8bit):7.635360287451535
                Encrypted:false
                SSDEEP:12:fkXXJXlQFNFH8htfOlkNHKP1cLuXZ2t70t25YM6yJ0H:m5VUNFH2tPNW1cLUZCU2uD
                MD5:05FFA624BC8403307FE0DC54C9F159C2
                SHA1:3A5D7A18BED4C1895364FA6BDFF0036C9E9D0FD8
                SHA-256:FECAA3B1426B4FB68B38BC56C0E505EA2CABECE7181844517BEEFF1185432AB5
                SHA-512:C51B2E94E74AEA5E8DC86E5A519C158AEB87F4B3EC84B4460AA83C4B2B236EDD891F56C8EB130832DDF75F9C70FF0D5CCEBDC6C61A4F59729F681C7FAA628476
                Malicious:false
                Preview:..h.Pc....NA..x..C....1.#..&jPS.`B.p.....y!..mX."..U.#..!!..@..=(N..G;x.....}...]E.i.n..W,......?4&..OU.p.1...b.&OTh)..{...nH%Z.....p|.n...)7..rn9.[...m.."*...J...?...YpE#.A.Y<zu...Vu.C.%....l_..k..O4t..]...z.......#....]I%...u2.t.oCJ~..i....t..`.5!]..0Eq;......&.w..E.....i....aZ..<.....H.o...Sb.....bD..i...]...#....88C..7<..+:5.{....'.....u..j..\.Z..5.4.V....c.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\F8Wgvab.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):283
                Entropy (8bit):7.2661864228757
                Encrypted:false
                SSDEEP:6:VBtAB5sEfBAU8oZWvoEyKZ5YAgUt6VPO4sJakyHDttjL45YM6yJ0H:VBtAByqBZWv06wk6V2t70t25YM6yJ0H
                MD5:A491DFCF75B7DE6DE79B122F06AD5808
                SHA1:311B3767B2156F60A18FE474CF12DFB6A1AC3086
                SHA-256:65B7EAD5A53EE928D09F8013CC15A1721B48A8054594C6D9AC6E3C0B724AC295
                SHA-512:0DAB2C3494148F8872227D4F6F83F1DADA03771B69938777B17801103A98D912E3415ABB64A402128B90173AB74B9C0CEE8DA3B61EDAA319866D6DF6E3AE167E
                Malicious:false
                Preview:)...i3Ya..ue...e.b=r!....Ud...J.w"7E.j.........%.V[r....D.5y.m......a.....9....^..r..c....uX..Jl.DYA.&.Kc2Q...%.Db....G?I|=.W\..8.S.*.]`2.C~3.l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\S6yyM4W.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):511
                Entropy (8bit):7.626365424642837
                Encrypted:false
                SSDEEP:12:EWcNU708qb98YW04dUbQed75kwU8qqUyJt70t25YM6yJ0H:3cNU4zbRWXed75kwU8qNyLU2uD
                MD5:3DF7AEE24B421510DE85CD63673AB7B2
                SHA1:7E7CF2FB3D75B935F7B5633E67D9CB42A6E48B21
                SHA-256:F549E54EBBC87DEA2BD5A4BF65F50E7CB60203A693F041E772D79FD638C4D760
                SHA-512:8BFDE7DCEBBDD033021536204BA371AE0CAE17D3C48B719A432477F60793E703001556CD7A57C4C87B9439ACD99774BFCEEF54B3FA956E131EDC42330DF3C5B1
                Malicious:false
                Preview:..hk%bdX>!o.T...{..8.Fg...:s...J......B.I....ha..=..Q. .i..=u.f.3K.J:.Eqo-.....).;]*.D.]..:N.........sY...e1Q..`..P..9$..kP$F.2.\....X..]....K...#..e...|b.E...5$.n.r.K6uy....(.r.=t.'E..37.r..~Er.E...e.J..DiG.....9....n.z{......#-4...3T>.#...FE.I.....m..T%.-.ecd....i....bZ..<.....H.o...Sb...y..'.].A..2..j.b.......G..u.j.cw8Uq.?...K}Z6.8.3r.+..7_........c.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\VSefgay.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):545
                Entropy (8bit):7.615914516459952
                Encrypted:false
                SSDEEP:12:DiPS4g9f81GAqCMQIYsOmpyJnLjIQYZeWnit70t25YM6yJ0H:+PS4r1GetgppeLsNeNU2uD
                MD5:72F6349386607EE9121B37A0630B92F5
                SHA1:D818769845F91A312876571536D22F1EBD72CC89
                SHA-256:A6F5E058ACDBC0687300EC3C923E9BBA7209C3DAB65DC8BAA013029E8CF8A08F
                SHA-512:7A4269598221C90BDA63ADA4A290D8A4A32BB9FB682AB1424D93475662B6765016C160E27E1CE08D571D53862928DA5437DF1036CF7006FEC3459ADE667FDBB9
                Malicious:false
                Preview:..&|CE ...g.....A.S.Vw._.+b...l........Dj.lH......+x"M....=.!..]..{.b.@b.e..T.|..'...c.o....e.I....9..5>.~.nl..........Y-.@.1.Q...+.....K.\.Pqn.w....h.@\..PM.._...L..S......o..kw...g.+.....(....w...t......'..@..*....JHR.W.J....}......v.Y.......V...........8.......C.nf>F...Ch^....A_..,..-gw...06*(...o........1`x..&.<....EH.o..B..M..Q...#.d.0.1..Y|.\.Rf.r.H'.K...$.D.s..A.....Z.R..........[.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\wqD3zgm.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.149563749815771
                Encrypted:false
                SSDEEP:6:x7G3zxseDij/F6r+GIdqZ4sJakyHDttjL45YM6yJ0H:x7Gj9I/F6qdqZt70t25YM6yJ0H
                MD5:DF62D055A6F0183EA8834285657D6F46
                SHA1:D7E51005E547A58ABB29AA30508EEE4CA980538C
                SHA-256:C75421F1678F2463C4336EBF47F82B9FCA2D08304D7674531CCE48283B283CA1
                SHA-512:53C6569ABC1BCF46E4DD8E336618641251788182A3E6518DBED51C04972120279914D6E4B659E2A453C582560AA817E6F1BF1A74EC706F992ED72F0F9FA07AE9
                Malicious:false
                Preview:.g..bz.lP..h...1......BG.vn,..&.,...EH.o...Pa...;.<4.KfUgw.SN@...~;..?.......t\>....LU......oowml......s6g..#b.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\336a045b-df12-4067-9f71-93ee2edb038d\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\irHiut0.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):480
                Entropy (8bit):7.552962746035277
                Encrypted:false
                SSDEEP:12:qxqW6sfJQ7Z+uuvT9NBF9m9CJrjFu361cWbpFVZt70t25YM6yJ0H:qxNNQRur97NjFILWbpFRU2uD
                MD5:114A0D281587DFDDB6DA488D7CE54B82
                SHA1:6F627FE1F71F663D68FDFF908BB127662073CF8A
                SHA-256:519F22278DCBE7F1F8F8D7E571E46C7D82BBF3508FBF8FAF438610E32969E067
                SHA-512:2EA665BAC8737DC6D11677A1D4AFA1C32B90E184690FDD25889D2FBD61F7DDCB099385011879E2536A3D4707AC839A33F3B4C5929B2434391BCE72EA520CC1FC
                Malicious:false
                Preview:.L_w=........o..]LP_P....>bZ.....@.]>MBY.x.W...E..n>...YS...'.U....2iE.R.Gfi.....s...0..YC.{.o_..9g....`..L.O....Mr<.[..J.K..1p.s..)G...z..c...8......\.<9........J..w.2n...l0y..f,Vu.k.....^j.n.F...>..x..r.....x....(...@...{.;.....{.c.......i....aZ..<.....H.o...Sb...K..#h...F0O6..W.....0...l....,@....%..%...U........_+....p#>)c.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\xQChVUx.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):131313
                Entropy (8bit):7.998731085761507
                Encrypted:true
                SSDEEP:3072:zq73OmNwQ43ojI1MYBAtRD8Nd30Obaz/5DA33/FXsfiY/qmwjoIzBaqJ+:zqqmNt4YSWRMzaNWxs9qmwjo6YqJ+
                MD5:AF3B85481730F6325783D9A3198BCBE5
                SHA1:EB4190CED04F01811A76ACA860E333ABF45CB715
                SHA-256:E789491F0DFE2684B5B92599FC8050E84AE27BABF6B6E27E3D746585E585DA8A
                SHA-512:85AC8FE18066A18317DC691A791B9DDD8FC5DCE014033C2255D44253F7E3A84E8F7A28B1076925B2A69E11ACCFE2681607C405558C146AEBEFC90F06D1AF3278
                Malicious:false
                Preview:..}.C...N.Be................}&...&N*.9...:a?6.gk .?~...!....L.9....+.aX..BE..X5.S.g:..2....Ac...C..>....lo........=]1..K!...'.3..$j.L.-[u..o.I..=.........^.]:N..+..&;.lC.....@.../....:&@.5.R\..t$.{mJ.....?.U.N.v..b.......c..:AD..R}.7K.....^*@*......|.S.....i...S.%.%..........-..M...%.c.cC.........8........WF.7....)...@..&..W.1...)\o........XTY`.++..a5S..2....g.9...m...-......`..&.u|..HL...9|.A$...7.:h6....M....U.Nodj.I fe.%.M@.....V/O,.Q!p8..ax...Q..+.......N....`p.B-......%..qCXZY^cPs..9.{-E..l&Fu+....z.RKq..3.qhGK.5.lL.r*.....q.../...Z.......L....R.DM_'....p.g..%......#....e../..."...b.......k/..w.W....@.}.d!.....a.G(..[.G....s..P.....Wdga..h=...V.%".J..S..Q...V......G...........d"":.......+..OU:}g.}.M.k.R.I......G...~......fP......mbI..~v.$...g2...mt.]E..}.g..4%w..".*~.2..H.^k/'N.".@.....eKac..$.E....G.q...<}..p............n.~..H.b<q ....PJ.f.....f.@...y.Bx.x.u...r.Q_..J....4....G..'.u.0%,Y..B&...C.g.V}9F....7.um$...\6.9../.7a#_I....

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\DC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\AcroCef\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\HtS8a65.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1487
                Entropy (8bit):7.873339219289962
                Encrypted:false
                SSDEEP:24:ew28hTjGq2rnG4u6jQACIHWXj1NAE1vec8h/cOmG3/5dyWi+NqnereylrhRqElie:emhuprnRsACI2XhNAE1Wc/Obje+N6e1r
                MD5:00B82826B0586F10613CDAC0C0385751
                SHA1:B1EC380DF8606BE8A587C72D9189823C4B5B0265
                SHA-256:5F36F3B5EC113DF5DC10BD47CFC96403013CB6DAB651E5642B817BE966CCAB90
                SHA-512:DEEB4342A28D78E45FE8B87F265182663E181810D3120AF34EB766E92202D9DEDC8483A89F65E4927449299D0A14CA4C28B5C659A7BD917AC2CE66EC86E32F35
                Malicious:false
                Preview:.ko,..T.'.Q.7...-.......^...a..qg...E)Y...H..JY......+.&.o&oh..u...e;...J..pl..H....W.`..H..xu....C...l.3.!.D2Z...q.TO[.l6.#,%[..iX~.B.*......../.....Z..>.p[.Gb/K0*-"t...op.2...S.T9...\8.o}.^._.'[.?..{.....y...@z..G......4u.D.~..;..(E....B....9...pN.S...}.E...D..Wy>.V&......L.z....mp..J.k. N]3../ ......Nc....@Rt.o".m...GU.....C..A...C3.5...I.....0Wk......o^.G..6s..f..x.....{%....,...v.V.jy...L..?....d.V...H.M.}.[u...[?R...B.X.'v@|O...w...-Bf..Y.....G.M.5.{B...........G\(....E......(v......I.X..'.h(*).#.r..k...K.P..O..s.....J.....Q.9...`I..h......M..d.2...#...:...h.....6.G..i. B...}.y3..h..lZ..\..(....@X..&.k..Rk..z.wg).&.....R.}|...."d.A....;..~...4..t.._7...%...(lU7~VlT.T-...,b].x<)...tm*....P4..I.>..%.V.BF.J}W..........F..D..+....P.K......J.W..S.-.'..jw.....6J,..e%.k$..6...Y..`.p.sC...b......5..}............"<</.<....;......S/..g...g.h.[..V.U]..~.#.r..J.3?w&..#.M.a([;......p.#%}}.....p.....vx.......Z...*.....^jC.].M....;?.

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\S6p5hhH.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):227256
                Entropy (8bit):7.999187716574589
                Encrypted:true
                SSDEEP:6144:eTO9QLsPkpx4FdE6K2ESZSOAhelT8L2eFPhTJ+Ol:eT48sPkr4j51eklQLtFPtwK
                MD5:22969B065228067CF9D728DB55918DBA
                SHA1:BAB809DABC1D630CDDA756C700C8ED86CA01C4B4
                SHA-256:4C37055E9ABDA4475BDDD852F29926FC6EF30A032C9ECAB12B7BD13A483807E7
                SHA-512:9ECDCBB0D516B998818C95DEC2760CC1B51C4E2D884AD8902ED2EDF5BEF738AB928099E873C39F2AE3E7E6029F9231719B61E7FC79028C9CBD41F0D2D1D5D90D
                Malicious:true
                Preview:\R$..f.k..\N.O.{.....DP.K/Z..+.4Ev.D..O.Z.....+..a..N.Y...l....|..[..df...3Z.MI.`v....t.%..M.JET.FJ..t.l.....=......"..3(..&R.}..m..?rx.s ..u7..0.|....?R...k...$k.?..+.....w..t...j...!.h\ci.W..Lq.v.2.}r...UQ.y....s*.2..h..A...Y*.^.8.P.T.X..2....M...u.b...m#......9...i....[5.g..8.P.I....^*..K......\T.....1ZGI.....P...s......u8.)5@.....6.o.D......F....g`.X_...V..]gVP....4...4..!.nv&m.Z....+.|e.A... ..M.^L;.,.d...PM..Q....U,...mb..U.8.l.._O...Iig...`!.g.sX..Ren...8....X..A.....5.......-.-..t......G+S.S^d.;k....}:n~.....p..:..UR..........2..(D..C_V.-[........u.AV"}..S.. ..g.+...u...J..{h.........!....e..V..jr...g..."y..x..w0.y...h._............2C.b...... >y ...*_.^....h..........!....C.&R^.l}.DH...P........v........$.U...%.pZ.....g.!S..GO"..{.t..<.2.P.Hs.........hk.:.Y..v..[...no.-......H..qd....F-.?...>h......@.5@3x....#...5.@.:.Z...,ei..k.|D .M..v....s...u!}.`&....=n.._....].O.......#."-.+....y.\d%.L>.#..m..f.........a...6k..p

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\F9orqif.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:MPEG-4 LOAS, 8 or more streams
                Category:dropped
                Size (bytes):556
                Entropy (8bit):7.624709976944539
                Encrypted:false
                SSDEEP:12:m4icpnFvZGyZMfBd5+F51/+XQMLwi1LAKZt70t25YM6yJ0H:m4iYdZGNfBde51GgfiRl7U2uD
                MD5:C320A3E6C0F256CC9F35AEDB736FC91A
                SHA1:6F9C9248B18B30C230F9148C33BC0D352C404DDF
                SHA-256:815FB0F7ABB880726BC773A081A5B738D81280ECC632995F02470ECC3A61E4D5
                SHA-512:D3B6573883C71D6F71DBBB0E7371EFAADD97FF2D78A2656143537C2161F231730899478C2AEBD6500252959320E576D4C1C0DC76C016A3D17BDABBD33644F560
                Malicious:false
                Preview:V..........W....[k....o..........lXt..)Deb....F..}..Ga........[L..T....P.U.].=...............d..4c.......-.q:._..;.....8.>3 ...k..<1.>..AZ....).]..l.3t...7.m...X3&.E.. .U.r.<......<.I.e..a..=<....8.E..06..8..l+...L...v.EC....1.-......g.T!...3.Q.+.WluG....]....I...Q..p..hf..............lQ.y.y......".....u.&.Q.....^.\m..k..r..P..gJ.if.......J.'...5g..!...tE....MK......~...;.U\....}...Y...bxj-e......#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\UDz9RlO.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1507
                Entropy (8bit):7.862697843762464
                Encrypted:false
                SSDEEP:24:KFBoAlUZ7nIEotD4G5VW5a1rPtju0hyesG9SQuBLJ8T7es7y2LI2I15YU2uD:KFBoaUZ7ytsqW4LqScG49WTy7ZB3L
                MD5:0B8AE16D5FD35EED111FD31B43A3F6C5
                SHA1:AAC235E492F97B7BC7FD0E37E3DDC6AC7DD5532F
                SHA-256:98027764BB2E0F1BA0DD60E686B3841B2BEA05EF98ECE2A7CAEB4FADED11FDDF
                SHA-512:F527AFF917ED2D03F276CE14D05A6EB2405FB1740D961DD0344DE25860F321389BA02148F96A229D9E43BB4F99F71887E99F839B2351FBC75DA0BAAC468F61E0
                Malicious:false
                Preview:.....'M.....D.a....A....'~s.....mrQ...tV. .jzq....^.!....-..k...v..2..........k.....ZL.......e<....X\..y'.r^..;R~`.U.o....y....0.G.:H....gq..3|wh..........9.>p^e.9.-.S~...m.~.5....j...V..M.&;....<..2U.......B...q~Ci......s+5.}......R...T..R.d.....Q..nOfG..u...~.)>..w.'...r.S....oZe|....Z.9..#i..U.._et.!EZ..ET.K`.=...G...... .>..i.'.......'..._/~....|.2!0E6....\M..:....&...W*..m...R.T.&{.s....B.@U......S....e.$k.|..m..9.9...........<.Q.T..U...FN..a|P......z..<....U.&$Zu......q..,.).U..._.....|.1;.v.#e.8"..2..{.........9.d...}.@C._...d..@.......'..t..... T..aA.. "..xh..1.:..&..,......r..j...0..z......,./.('.'..)..c....wz.U...{...V.U....<.1.:...5+'lY.y..F..{.,........}...H..g."/..f..+M..i.xR_F..F;.W.........O...Kr6...D]L+-p2..ko.y#.........p...u..(.2..,.i.+`..r.J.{K...OC9eM.D.xg...@[.l..'.Zc.z.7..s...q....sG...C ...q..p.....c...@N......Z.Y]....H.,v.S.......'.)u...T.....L.A...G..o`....%.s<FF..2.....7..i6._.....%..4.....?......t<..c."`...*Q..

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\WU9Ht0l.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):560
                Entropy (8bit):7.626823924456454
                Encrypted:false
                SSDEEP:12:PAGRP9fl8ubemXUIDm1RgChBvbONx04M1t70t25YM6yJ0H:oGRFfO0XGMChBjiPoU2uD
                MD5:B0D296ABB7E678EE1F6104FFB04F6531
                SHA1:2CC270C5087FCB9F19AE9E98F9B2CAEA2448FD15
                SHA-256:6789FBF1B2E98C4825259D5CB305DC564120B6EEE8BE3BBDB9A64068EA6ECECA
                SHA-512:05A000B80CFDB2D97B787FD8978C4F38DFC8076566DB3D8347FA861B329E8AC324D5625248E2A07263CF8AAC39F897F251A5F4C11A666A3370A664133BF5B0A3
                Malicious:false
                Preview:g)...x..I~.b.....VIMt7.=k;.M3]s(.A.j....T.P......:.?f.a{..0G... ..h..s..4.o...5.}....;.q......in-...I.....@.f..$.0.....3.....k...C:....`.......!.^......IQx....\..L...@$Q.).8......Q...........(.W..G.4.F..B.fv....JMc.9qd.9...$.c.=...............u{C..\_.m.i.-../+.9.J.:..>g.kp.............v[R.q... a.....!...../.j...u.?...N..@..P.gJ.je..Y..AM.....uWs......)...(.!..^.*..7|s....x.D....a..x:......Z.u.a.)./4..#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\rHMyVEe.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1514
                Entropy (8bit):7.8993716458612875
                Encrypted:false
                SSDEEP:24:ykhRm5GWF1BzyF5qPwgtqZrzp3867tWsQST+oP/7iwYU+pbkCybFEHlReVYR9m1c:ykhRkG2fyF4Igt8Hi037TYU+pb3tlRec
                MD5:8154A10D73C682CD41F6C2248B0F4F12
                SHA1:4544BAED9FB85951A719BE30B7618926FA69E402
                SHA-256:E2E10652A5883087865AF2883FCBE78C5E39C2AF47237CEBCD15451D214F16C1
                SHA-512:EF94CF2748DF684A5C49A5774F159E1C29D448FCDADB9E0BE1E65781B2BF9CB61533CA218FE3D77609E78901054569BAF1AF2C79F29641553DB2B7F139920AB1
                Malicious:false
                Preview:..E....).`Z....C1....}..qz...L`+.......S."..moo..y....V^?.g..R.5_...G.....z2`.l....'t.iV0,Y..|..,^..-).C6...'p..^..b.....^S.kQ.~.G...S;..5........*../...N_.-..X.M.Et..._.....|..AB.{.....*.*........r....mJ.g..e.T....1.-........)..Y....L....hu..d..Q..z.07.S}.!%.....*..FE@[....>..AQk....i..-..2f....'.MkR..F..?..2{..+..s.....zLW....&\|j..x+..d[..7......*......_.l.SJ.<.X.?.(6.-:.H>...c>Z........+..d.hn..U.Y..W....u..&.'#..=...D.p..$.H.{b..........a.............6..."...C....}.L..{..0....vJs...C..7.,..;;....\..Yim.p....a.f...+....&..0[[<.4~.w.].5G+....+..(...#+4....5Gf.%.A.IJ]X...I..dA.=.VzB.q..T.f.mXa.(.,,!)21...4.a/..^..W#..w.yr.Lw...V.kz7.8.....Zx.ZFy.&....J..cV.......6...g...\.....<l&.4G..2.0v..S.#.#.........A)].I..\{....q5..uc....3...y...X.}.BE.~GU..g.2....'..)s.vD.....T.'_m..=.....60......B...W*.0._{HR5k.. q..K....E.w-..'I./.....H....m^....8.9......>.._..uw...I,..KN.k.wj..?...T,.....?.gy..TI.....x`..#O....F.!1O..d..T

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ybT39R4.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):557
                Entropy (8bit):7.621790701954181
                Encrypted:false
                SSDEEP:12:ElTKrRNL9rmuErq4RNY2L7RdWJOSWlS8wNIrsWZt70t25YM6yJ0H:EJ0g7rq4vYu7RdAlRTNOs+U2uD
                MD5:3B2F2CB714E5ECCB8732B738AA288DC9
                SHA1:CE3172BE7341793A2EA734D82C268705CD605687
                SHA-256:70B5060512C72A7874DFAF391EFF6F4ACCD5BB791C87EC9DCB19F0BBFEB7593E
                SHA-512:BC4B6E5FF6E588A390480577DE9473EF849E53A3BF86B13F57186D879608F9F5CEA109B722B12E3C6610D8F31CAA81EEC3DA01A50A0629617D51A43751141E15
                Malicious:false
                Preview:}..w....#.l.4...rI.a.].'.....4..\..Yocrp#(x_EW(....C#.s.V..P.FW...7.076..@.+<.."...D.9.<Z6?rM3..|H..y...4.H..z..[.O..6/$2r.,.q..l&aE:.;(..t\.h...Y+..I....\.......?Ww..C..h.2p...F"/...`u..Hl....nq..9...1e.w..S...b..}1....+kl.......6...l.<d..4..E...N....5._WM.)$$%.+a:..y.Kf:..ya..............v[R.q... a..&...62.}...h.<..z...D..r..P..gI.jf..Y....Wp.I.R.@....h.w6.<..pOn.:...y?.&n...b!..k5....[&.o].<...rV.....#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\l1aXAMb.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):3059
                Entropy (8bit):7.927868258237828
                Encrypted:false
                SSDEEP:48:pABGlZUWFpofU7ShSJkvwhWyqAzSZbm8nia4edXOe+4nOU7idATGxoikcGTZBuIs:p80FCfU7yvwhWWzSzcedq4nO9dpxoifv
                MD5:28DC518EFB1F76ABC8331EB5B7EC1493
                SHA1:EA044A7C9460A405E4171321B80D3A38E6398F80
                SHA-256:4FE6D9A4383D8F76AD42EE722795CA6F99388CA84A46111396DD399183CFD57D
                SHA-512:FC3C4EC3B0BA41DBD015DBA96FD446AB4CF96E8F0414D67A5394809CB52538DC1F64C24E6888E156E491885437160552FD5E3DB6394E21D0F5FB9122B3955FAE
                Malicious:false
                Preview:....%S0>...*'...........9ZE.&..]...o......z\......IW..i*..!.ygi.w`...D...x..y..M........1..zy..F....-*.aW..w.i5.\y.E..H.kt.%|.)X.H.,..=.kr.n..6*.A..B...X..........es....V..2|K.S.@.x....Gv.^...?.C...z.....b..\..q.;..r}..Z.m..V...N..}.f.P.qv......r!.6.N...W.....9.}....4 ..m....m.!..y.....x.....KT..E[X.Y......mM....fT....x<.Q..t........0....ta.Ta../\2.#.r(I........."\,.t0!..E..t.u.Q}.|6.....7...R.....[v..|".|.Bl..._4.:.]..C~..B..1.K..-s.45..G.(.<l.....}f..#.P.Y..TAK.T&Fwp'......j.Q..B...~.P=K..VoLU..........7}..@.JX..?b............m...IS..u..Q.C..^.#B..#.?5.^..F..........+...vVy....=g.....x{=H..vx........Z.cq?.5..K.}8.....I`.....FK...l.w-7....M..z .F.O..1...Ze...r../.h..P.g....(e... .Y3.Z..i....H.|l...+.X....rox.../..Ux.v.....@.:2.1S.o...^)...@-=|.*..-.8....z.....[..}......L...7y.Z.G....:........+.;n{...x;...B.....k...2...C...\z..P.3L&...n......j.z..O9...)hv...=.._..:...{.A....V.D..~...{.8..y4...U..6.2WH.s..#zZ4+....P.E.....G.[..D:P..}.._....(.

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Z2IlIpO.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):12533
                Entropy (8bit):7.98547554199782
                Encrypted:false
                SSDEEP:192:NfJ9tTSa76Q/m9BieIWn0a+vsRMe6su+4N0TBuNg:h1T5Bu9HIWnxMe6sxT6g
                MD5:84B4AE8096EF4DA823E50F59A2A5D910
                SHA1:B4AD9D223C785F2166FD8EDAAE390788D948CBC3
                SHA-256:00B0FC52890C0CAB962BDB8E7849F4C223E27683A9E02E202018298FF1EFF01E
                SHA-512:9A328EC9EC52133D45B5CEB4DD15B6AC6C3EE8A3A44FA5580530CCA1D1B3CD7BC96088A7D27FD6CE06D75EA7FB91D0E019A6E41F89404A285872411948529AAC
                Malicious:false
                Preview:.+...@&..3.....z.\./.zd.<h..5...h67.r.....)."..X.$u....I...rL....c...<.3..t.F.%..+..h..E*..!...o2.XLJ....*..3A..S....H7k3.<..Y.u[..F..pK..").NW..()d..l.*oK.....#..ZZ..K..G..'...x..n....M-..s.I6...{..).......=J.z...........~[...1....Z......}....1...fB.BY.....r.XK}...T<..:.T......[0...uZ...y....ph..Q6..1)..'.%F.;b{..j..^.jAx...3.w..&..D...;mL...c.n.+O.0......!.SN...1..4.OE...U.b1V.6.]..p.......=...|...u.#l.7..81.Kc...i._........p:...6(j6............>!Y..}.PZ..;A..F}....R...DOHf.'..&?...n.....Q...............@.H.S.._Ww.9:.Lt....y.f..2..oq...-fw.2_......w9{:...L.t5.......4...Mq...,?.'15.....v...hq.qN`f.y.rF<..(.-....!6.......A..?_g.\g.....%.......z...n..(....#.......P....|.[.$.....$.1.X.{..y.{o.;=t.M..........'.c....o..1......2.=..5.E.++:%.g.kC...2!.~.....+.../Jf.P...:........y.55F{`.T...[....T.N.O...2.M.O.f.....9.X..G.*.......f..,..Ic....9...u.L.V.`GNW....../.B..4....})....]x.1{,..N.-....&0\qv.2....S.&.9..o.0.0..5.p..^h.7.B

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\ilT5g4B.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):185350
                Entropy (8bit):7.998857262883816
                Encrypted:true
                SSDEEP:3072:ZtrUzJj+VkH4sBrTCtGu0l4+mG5i1Z9zlBnPmnhJ17MDgWiKjOEBazyDZp:7rUEVBsBreLWPzU3zlh03VMMWiKjO7g7
                MD5:A6CCF51241E0860929347BE539A0F6CF
                SHA1:FD541141D87984FECD93FF702E1955CDBDBE53B7
                SHA-256:F39311DF37190B2C89601D624F6880847A41E8D291AA779E9FBA486D84CED607
                SHA-512:8F7485B8981BC22477DEB953FBBB9676C695ACFBB54C1C028B0AA769A743318D22B1B87BB0922A7103EB526582CF19A704FE211C3E980CD36D6BFF3320028903
                Malicious:true
                Preview:...dj..|..l..z..wWZOF....a..C< .....F.(...K..#..>....Os.._eV..f*y..L>.k.....vo.*.../..]........t...P/X......1V@....-}.'560.AP...4.[.........&.u0...4.J........jq.)gk.e%r.F..9....da.....<.:.......U...]..f.h$o...yJ..u.u.f..=3..x."...\f..a}&.2.w.t.e!.(v.$l.7~<.F...J..p.#.....h.).f....V....^y..^..........O.aJ.<tTF..m.A.={..g8...Fj&;....!.r......o..m..dn...O.$.$) .b..{..zc..V|....JWP2..e...Ck.h............w...F..M..S....).kb.)....FAp..cms..n...e.5f./..iai..G.hy...;..# .n...+.^.q!1.ZRn.^..a..^%..B.^........9.i.k.h(...i..#...8~..U..p.Y....._.>.B.Pd.u.".CC1.1;yV....Mi.U.g.R.D.t.....1.]+...#\.....A..w^..X..I..H.h..m8.id^..3.....U\.Vb.c....,.;..9;.[Y..*.OQ.]L.qX..J&.Gs.@.%9...U~..~..=1B69..[..s%....b....c.i...F~.HC...z.Z..4.;t[..8...Ko.J.....nw.K-..J...1......2<..b.4.P.....u........k...'.. .}#.<V8.4Y"..#X+..Y.v....6G..C.D6dL.l2....{.=/..K.Q..x... ..].......,.....$..y.v2_L..a~=..a..q...#.\=..s.&tQtoJM............?^.L.W......M......~..H.....G

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\Acrobat\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\Color\3Bqvgtb.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):842
                Entropy (8bit):7.717358955604552
                Encrypted:false
                SSDEEP:24:7jzQ1rOOFqe3EJfgqmVZBgGt8HanCwvspku8z4aFU2uD:MhFqe0JZmnBgC82CIB+L
                MD5:0B9C95223EF7D031B75214CBEBD33816
                SHA1:84056E418D36A4819F306CEB3EB9F8CD18075891
                SHA-256:BB615E01B91E136031A2DEB0DC6309B8633A4DCF2A2D6113F352394787DBAF4F
                SHA-512:E659D6CA8B81DD3E6AB335E3D715D50F7BE5305DAF3E8267D9B0AB5B0ABC89BC64E94346E3B1523794BB41D818D80E65CC29EE8DE39CBD03BECC7BC900A4B4AC
                Malicious:false
                Preview:.". !......)..G...B.M...J..*.^3G..e.C..o.7....%....gQ._6..mY../e....y..&.......:..F.`...h`..e."O..~r+....\&w...j..;...*$".WB.}...\!`./.(.....A.1.Eh.G..',..YP...2....~fk /...V.gK.6.y|...|H......$...Ki.].6.... ...9..._)...W..k............m..V.?..+..G..#U)...jy..6...e.P.....*}.A.k...G?aZ|/Z\.9]........+..0..6...r..xY.f$........9.k..>...w...4....I..&..j...r..#..U."k.m..x&...0;.Ug4>....Q.4..[Qs1...QS..(...J...p....#.....s.@P7...V....z...{..:.Y3...FT.#..U...*e....j..v..7+cu.~.o.....M..{{.p....."K3...gj..1..Xq.$.^.vK.{.....u(l.. ...^..9.F....z..W.{....i.P.wx W........Nc.[n...*196..)6...y..Sa.....9....^m...l$_.`3..,.T5+..lK.oQ...7....'.i/...t..EM^./.dl/F...k..f/.Zn.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Adobe\Color\Profiles\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\Color\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Adobe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\CEF\User Data\Dictionaries\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\CEF\User Data\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\CEF\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Comms\UnistoreDB\78Al4tc.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:DOS executable (COM, 0x8C-variant)
                Category:dropped
                Size (bytes):3145968
                Entropy (8bit):1.9762128667339125
                Encrypted:false
                SSDEEP:12288:0NOrg+yVtAhi+8O5nuv4af9jeT/a1V2MuoJ/4:aesAhh44aFM/M2JoJ/4
                MD5:41360F093DD3AD658BAF347D463B3353
                SHA1:D6BB25E9624B575126FE6DEA38F6330DF27E17C9
                SHA-256:04DA4A61813410F1D5884570DE471DBF6BCEE4DE6492E0A16A32E2DEB353E688
                SHA-512:0F320CDCEF01698C715E8E33F2BA46522B52BBBA3AA8A7CA5586D5163D95D23B5618B5BBD528AAABCFEEF928DDC418CED663353094A80CADCF7E905CB34C3EF0
                Malicious:false
                Preview:.D..+..O]`..^...>._..&...l.?^).).Q...W....p.F..fBQ..F....R".w.>R.^....v...HcH.hN.....~.;4..'.%.2p=2......+.X...\.1............M....1.Ms..6..R.,..Qt.S.......g...s$....o?.e..@F..Y.T8.Q&..24....Z.J.\N.....[T@#8.e...s..i'.rG.......4|..a.?.b.6......]..8.f......)Qc...DK.*5Q>.N..(Q..aY.......9.."....,..x.I.>..l....sFJ.....C.%(s>..*?...;jZ.U....4j...C...2h..=H..........8.t.....:.....].j...3.<+.%..p.......{I8.!..q...*Vd.^-.....q1O...#..W.@..l.6H....#...4.CD......5.....G..h................U..z.d.0.....+I.:.0.p.S.?*.."....@.).....wd.(.~.I2..+Ap@...G.%.vD ](D..z.&x(".$~.9.>.p%....=.I.,Y..........G..lgy......a....w(.>....:76(.z....,.#.:\..........vQM./G..j...'I......e[......!..H...s.~...y.c.P6...Pk.ql..VOVS....'..#8iB..1.U...1...e..5.....L0>A.v...4..A..._....,..zs..S9.7."..j...<.eJ....).,AH..}b..L.ki...).l.$YfQa.P. .m.5..C~.._.a.=U.~.a6...L..rF.Z.^.Y;G..S*.fJM9..N6...!)..*;M.r...R#|../.b....ND.....e...=f1&...5.M...bcjQ.2Z 3........dj.j.P.m.?.../.b..

                C:\Users\user\AppData\Local\Comms\UnistoreDB\BEvzT1U.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):16621
                Entropy (8bit):7.988530721502527
                Encrypted:false
                SSDEEP:384:ZQJBUCqHLUS40jgEu18mTy0L+ousydIBT5xIb:cEUS40jgEJmT8ouHqBTEb
                MD5:685A598D32FBDC72B52A57935942A31D
                SHA1:4B01EC0EED26905215747533312AE92B29D8F367
                SHA-256:B5475228FA05B6B7DC7BF2AAD34C5F80D304729D570131971410A6F418DF540E
                SHA-512:941585EB08F26033BCE3056D1555CDD53D88D6CC24799D90CF0F83C1FEC16FC9E9789925A34C6B7D92AA59C32839D68B66F2F5A16D00AC38D5D60199EF100920
                Malicious:false
                Preview:.0.oN..1th......=/.\W=.6..3.....Xj5J..g..{./}.w.k....).p...../..;......Z.......F.B2...T...v....x.....hY.!......,......r.i....l4<.1rE..u.2......@=...b....N5.1bVw3.<...p.#................UJCO...cN.x....F.Z.e...&.}....y4..._..j_9n.U.i...p.".....h=....S....)l.P{...1...y..N'<.....]..7.t...OV>g.wdR..k...f`-S.JN....(..}.#...;..w.u.91C*JC.A..MO.N'..U+.7.........b,T....Q!Q.u...g........nH..>r.}..0.&F...7..J.....-.KZr..B...4,.......H..:..('M...<.FBm..:}fKHN.D...=.fe.!.../8l...:.DZ....f.K..u.x/......"<.8|..Q;Y...."..i.,...1.x:.A..p8..z'9..$.KB..N]...W.t.a.._..DY....=.....q....|..r....$.....0.x..e.U.zT..j....ua.....Jg..t.....(.O..0r........D.r.P.9.6.....o...b...s.!_....d.&.E......\..a.......{1..!...... ....Y.:&8..3..q^s.^Y..AR>.~...X...D..?......,.........<.4..5.y......y..o....I.t-.......1...{......v.@......^......y.jH..8.c.0B........h..W........3..`...{...}.k..").!`.Fb....L@..z*....H.....8......^.B.i.y.i...QE;........g.....w.F...S... R....|..m[.

                C:\Users\user\AppData\Local\Comms\UnistoreDB\QRbyazA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):3145968
                Entropy (8bit):1.97606394962885
                Encrypted:false
                SSDEEP:12288:5uJXw8XVLDycYrhtuc7jqmbddn1ZRCv0oKoGgsRMHwdI:AF3ycsh1igdHn9oGgsRKWI
                MD5:90FFB038C8D294889FE3A4AAAD55A03C
                SHA1:F327B102EB375CB0386921185D1CCF0B7308A2CE
                SHA-256:B81710A3EC7C0B5770D7821C721E3345CE104DB0A3395F1A52799345876ACE44
                SHA-512:067445DD644A5BDF0C70FDF82385D70D33A0EA1FE3979DF911D3A9C21608F814142872A9AEC5D75E0B2061FF9A9A87F9B0073727746665BCF78F05D4FABADAEC
                Malicious:false
                Preview:.&.Sk..%\.c.'.{..VQ....iO).....Z_..V.<.^..C..,.X..Oi...~.P.3*...t"XAm.....t....cG.{.)..#E.A.....q0.....;...d.....t.....9.t...uL.......b;e..w...a.r......P......a8..$......+;A.t..Y?.....Zp7.$...|...a....wA..4.x..y.....Y...........=.on..`..J..)/.}=P.k......e.X..7...9...u. ..ay.i.....f...I..N..=.e..01.I...l{.N.c%.4_;h..*. ..\..p.Q.i$..[@?-..J.$S......l".s..Bi@....z..fh..)YH...O4~.(..s..ib.T*uWN#.1...e..?.I..v.^B3...$.. ..:..2..bF..A.h.yH...x.....M.<\9.Y.f..q..*.N...E:M...,|..}mG.,....%.^n..z......p.T...(\.._.kt.B......S!0..|....w.>.3F...,.^.3s.\2y.........V..........rV...D,....).T.F...x.g..P,2.k$......;.g...&.W<.r..."k#?....<j.....v......za<..W...67Z.Jef.1.o.G..k.6>.s..*.6..'..5.q...#...o....._....0+..v.J.n,J.)...|.g....F3."...Z...'..T....7b..!.{p.7....sy.s#.[2....b6}.gg4.X..h..@C..L.!$J.V...A..u..:\..D.....@...Q-ZJ.y..'..QJj...[@..iK...}>.`.."..[.E...K......$a..@.s..iP^P.Rt.......|.......t...|.. .|.....A......W._U..^,..`E.....7...M.F.S._'...

                C:\Users\user\AppData\Local\Comms\UnistoreDB\YArxGNM.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8424
                Entropy (8bit):7.978254558689796
                Encrypted:false
                SSDEEP:192:2M7vMgl10fbmqars8LRu5CPSbhuI7ENcVxPbd:22vMglufKqxEXRN2xjd
                MD5:192B99DC4F5FD87D119CA9626E8DE728
                SHA1:E6D9ABA140DD42FB8F2717AE9BB4D6D0306E3BB1
                SHA-256:4A61DC7AA3991F43F5C6601B248893C6E58F712C00B2364743A8CFD5AA58C729
                SHA-512:6F7E8C382CA390BAC7010F35C0864D2D75AFC377EA96420C8E440047FC46E0B7124CBEB2B74F70565AAFFE6DA735BD4FCC1CA197363B089FF44AFDB862E16F04
                Malicious:false
                Preview:.`.}..mf.u..}...G.l:Aw......6.o}..ZV_..F9.E[....'.CD...._.j...:.#Jh....=.g(...AhPx...'..w....0wL.vx./?....1..L%lH{.a...|.{Iwi.^.c!...F...c...-[.s#.........x.(.Gd.:|.fEl.T.s.x...=...E.g.A...O..[]...al.Fs.....~.#..b......|......../)...0..E.6...Z.......;...@k..D...W.f...<V5*....T...7.].$~T...x....I)...?..,'.5t..*p..@?...]6....$..yB.....=.(oo....N..8.^D.MF...&.T.hZ....E..~.2..^.+.#.XjoLB0.|.3K.@.....Lb..x....%e.../.c..1.T...........b$...n..b../s...k.:/.}b..j........W.!.Y...[X.[Z.Z...C.$.d..s.w..9.2.<.[......e.....y8R0.}....l._.?(...i...,....G.l.h..vp./...~*..,~..e.S....S......@.=H...+..vJ{S'.PSltG.Y..k.".>.Xa...G)..G.aa\...[Z....t....W.b|....J-....Y.m}T.K..r3K....U...u..A.S..O.w..u.GAU=F......@.k^Q.p....J....N....Zd]`m6.i..C..d....(...Y..'\..[C9...v..=..k..8U0...t.3.S...1....JVr....*...>.d....C...y.....b.....s.,7>..C.r....9.#.8....y..Y.....$i...H%......|2.fH.):K.Hqk[.F..D..r.p.8..S..};|\zH.../=E~4.].m.........T..U..2....]..{i...Gu..s..4V.)"h.

                C:\Users\user\AppData\Local\Comms\UnistoreDB\cUaJ9Sj.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):5767404
                Entropy (8bit):1.396670245467462
                Encrypted:false
                SSDEEP:12288:OEJ+zsSTUOUNYuWzpj/tPxub8X07Dn8L9SBEv7N7LxRdb0v:OE8gSIt3WdLfuz7LC9NzNZRS
                MD5:17A7C4D25AEC935B74337CD56BBCB8B4
                SHA1:1CDFB67EFF78DFD03421DB6F14EB5A58A6A65019
                SHA-256:2F0808FD86A301563AA954CC927FB854831A4E2868BCCB637CD129485F4A758B
                SHA-512:F568602EEA453E0F6C417E97CFEFB5FFA1C71724AEF63D8087CF96965225167EF630FF940AD0050E2ECE8AA18252E3DC4B1D6BC30BE5F08C656F185A842BCEC3
                Malicious:false
                Preview:"....r.....'......b.$.....P......$....y.......o.)..}t3.L.....`......y4t.av..X..|o...!....N~.E....yao...!'...>.]k.*......k. ....Xa.z..B.......a.9.....b....jT.i..p.6i....<..P..mF_O5O.....A..W.2....wJb&j..M........,P<1...V.....]l.....?..&Q^/.w..F......zvP.w..Ae.....G3..8.F.vN.._s.....%ZS....[e...#.U.....f...~......W.5...dX.,..i....t..P.\......l..G_.....2.C!`~|......4.......#w9.`jF...9..B?...R9..n7.6..l..|.D"by.@.D]..Z<.|.U..\\73?.$.Ux.A.`H>...*..]u<......+..'w3.D.Bj.P..t.....f..K..`..`=_..n......'0.r/.G.d{..A...-.6.Q._...8.ha9.. ..]H).P..!E.~.Z......p......!!M..QO]..F.u?..-..0...YEq#.Q..o......y2..6.5OaN...Z%. ..0@.>g2..]..l(...z.Fmc.L.|6..G..1vfM).%.....5%=.K>...9x...._...%i..|.[UuQ..@ef...k9.h.X......hG+,y.4'.i.,..);.`g...t^P.N...P..&..qn..Wj..O.-J-.|{..9.f....`"a........8.R..u.L/s.......X...[.K..+.*<.....w.S"..|.$n.l}....RV.........?.xB......?.vo.v.)_...-..'....jM4.=.$R.....I.S.'...'..l9^_..4.[....j..9..f.~h.?........'G...|.WI..<u.Jk..

                C:\Users\user\AppData\Local\Comms\UnistoreDB\lzDkaUT.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):3145960
                Entropy (8bit):2.4504842145991037
                Encrypted:false
                SSDEEP:12288:t16N+BgtpT0pEyYKoAGU779kra6T5aOWeB9Bxl5E2K:tqz0WyJopU7RkZdv72n
                MD5:B74B444FB6E29DDDED84B30FA6B25E29
                SHA1:D91D1EE806D2A753687D0EC66C83D6E42C9834E4
                SHA-256:E002CAE8BA940C89D875377CD1121CF0E5064EDDA31599589E2607F6B561EDF6
                SHA-512:2DA11D17E45F373E8517FA7C1363EBF4850AECFC1C2310ACE9FF21DFAA44DF796C0CB9B328E24D12686924F84E7D5F39EF1D7312E389DA4D65B9CAB432DBB222
                Malicious:false
                Preview:....5...5||O&S6.lL...PX....M.dP...#.b..QSUSi....fV......'."..............Ev...(V^.e;.kv \'.Q....$o9M.....k...:k.fl...i-...2.`..v...l[3.M....5j^..-...1.H.&.k..g..(....H1P.B.dgck..t2.-..i.E.GvJ.p.fl...b....49K.............k.<.b..Z....yCU.........\.....,o..8..IkyV.b/.#N....XB..e....?....x.p"<...Z..3F...6.....z# ..pO..j..).W ....m&...<.T.........).{..q.JC...'=.BXZ>.z.....`...5..y.b..`G(..Z........A...q[.cAd..;.L...4....qy./..w...V..j... ZJ0*{a....;.:...B.(...t..%...i0~...E0i..T...........7-w0hx...N..b.........(6O>)[.4.....n[.8...c`0..V..4...-.%1.j....*.$....SWP:.a......o..V..?...Z4%m~.O....l.... w..!.Z...H%...:m.......)..$.....R;.wj....L..a...oQd....-.B.....a..m.H0.g..X..&.$..D..._...=E..O.......$5..|.).\.?N.E-.s.c...w....GS..xKY.jk.5.....B6K.x...9,.U.&PN..p.Mj..3C_..*Xt.z..^@.._...=..J,|F...%...|*..\q.:.=.dU'.a..|..!..O.......S..8....X5..-..3l.......)..F<.]#...C;W+.!...a;@8....x.k..n!|.p.F.2.......h.......%U.I......7-.O.'...b....%..U....N

                C:\Users\user\AppData\Local\Comms\UnistoreDB\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Comms\UnistoreDB\sztPcRC.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):3145964
                Entropy (8bit):1.9763720120376524
                Encrypted:false
                SSDEEP:12288:mSnend0mXjMCVg6+I1FTHHdV5QcIjKCErGMYrCY1ZhJWCthbd:mSendNTHVg6RHjQKCIY1ZhJTd
                MD5:9EEE9F90F5845048161E948D9C6B3B28
                SHA1:C049242692C8BA65B841B3202E95B3F30C1896B9
                SHA-256:C22BFA1502803FE009023EC4A0D543EC806E659D8B09A3844F0C04BA4245315F
                SHA-512:D80EA7FED882AB19216DBE8F8AF123E17CB79E45105BE81EB8C995F015021E867C64B52BA391A1FDD9B739C1C88AC4D5F9ADC9EB3E102470984E2B098893D26C
                Malicious:false
                Preview:.)....[\...uY.Z.g....oS..kw..w..@{rac>...Y.Z.].R..Q...87e.T.]....7....Lrh.n6St..Z*...'.(.V..)=B.m...=%.J[.h+..e.#.L,.m..W.\...x.]..Ha.x......G..|..r......>.QA.0...L..w_...Q~c(. ."D....l.........C.g..b...E..@*.".!.....Gr..]_...j...j.....50i.....PdE..w.....l..B...R....S..f.#.....j($.....K)...G....K.Os.5..1......_q..D...Fr..(F.?.~gfX.c..1...H/.U.. .'....%..T..f...].^.....R<..>O`z..6..<.....S.=....S.j...|.....>2.n...wT.}..........J.n.+O..).r..}{.%.....P.w...\..M..E....s.=.6".x7..y....qm4..^.9B.;...nH.lf7...y.I.a.....Q............U.......j........n.m.v... .C..H7...LX|......[b[..?....lXS.~..w.(.HE..}..I...A...(72.jV._p...C}..hPL.k.....q.g.S.t..4I.Z>......<....Nm...Z.Mu.q....p..r.....u#......=...+Yz.M..V...1....w..._.z..R}..io....0......,.\...a..b...}..N..W.>$EH.p.Y..W......8.c>...B.!. g...L ..v.y..w*.K;..v/..y."?.b....H.._V..CV,.....&b..s.xt.$..\....V........("....-.NLV........Y6.3%..........[....U..0~?B.0......h.Q.2.%ej.DNRV-....bY/.]

                C:\Users\user\AppData\Local\Comms\Unistore\data\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Comms\Unistore\data\y3I6G4w.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):248
                Entropy (8bit):7.1716229231505215
                Encrypted:false
                SSDEEP:6:4Z0BuKCQfmRILK6i14sJakyHDttjL45YM6yJ0H:vu6mRb6Wt70t25YM6yJ0H
                MD5:C048EF727607C143383015286608D293
                SHA1:F2E29F1AC4036182677ED99E45A096A8AA034E13
                SHA-256:262CFDB507547A218887EF480253B91C6E963965B94ABB0A7903F65CD1134B32
                SHA-512:622975FFE535099F3F0CA69E56E764204B6E48ACC4D063FC45A05B59215F2C99D1FE2AECD2FEE945BBF4BA1BC63437A92E43EFA982D8610410CA6B1149871266
                Malicious:false
                Preview:<~.t... ..Kg.Y...e._....=.s...Sa.....9....^m.O.:....K...TAZ/...i..). X.E..M..YP.._....m*V.....,$.Y..g\R.n.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Comms\Unistore\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Comms\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\7E6w2d8.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):933
                Entropy (8bit):7.807749825403499
                Encrypted:false
                SSDEEP:24:pwbvInggxCF4VjSLs7k76OC535dcn9u0OEOU2uD:p8InggW4VVZ53EUIL
                MD5:33EF3853166FB5AE41644B97212A31A1
                SHA1:DEA2501A8621EEA368BCCDEEE328CFD2EFA825A3
                SHA-256:5D54F089BA3438D76DCC7B39E10B83CADED70672E262393C355355A350DFF309
                SHA-512:2BCE810598F8162EF390A1081D8156A0133A3559FC4C5C515479FDEA1DE954CD5A95C5C4E469F9408D22D64271E636409CFE8A6A074D80CF39C1C4587B327855
                Malicious:false
                Preview:.~._....5..p.5SuT..]..uYa.[.o+}...,W........NN-.m.,.P6.1...C7F+.....U1...D. 3..^.hi]Sq.......R..e.W.C..z..^.]T.K...W.......V..C..]m.u|K...r.k.....!.>d,*$!.".G.....wZ....Q"a..&......2C^...c.........X2..'.p..^.`.&b.....<.fC..z$.#..1.qw..D&.i...'B*.^|...J..m./.....z{....uL..c.?.B.c......<.du.O.....+....Osk.......XW..pJP.C.f...x.-.C.A..a..2....v!2...Q.}...}...<.%.i[u....d....K6..s....&.....RK1.......Q...n....;B.&.g.{.M.RS&...!z........`.g.v....0..rb')q4.O~..YPV.....6?....w.CU..<L[...O..R(U._...h...b......@(.Q.A...1<.-.c.{..y.."..Fmb.....j.Fk.....u...(E.;.Q.o5l..MoveV.,E...0.2J(....2.T.......)...]..&......m..KY..../.......Bg.[l.... .\3..H!.....X?...q.KI.27............<n'.h...Y...M..(E.`@...s.o..~.t....^@.......D.(...V.g....9S[..n..8.../HA...d.,-....h..#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\HzTMOxA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):5121
                Entropy (8bit):7.96817932187769
                Encrypted:false
                SSDEEP:96:NBiBYe8k7JNzczUXyog2zYsd6QzLalJo4i/h2jwE4Vda8CIeuSpJOu+:N48mJNznp62a7onJewza8peLJOj
                MD5:3E3F577B909F165FA0F3B411040DB09D
                SHA1:55EA665D04F25E38B99527B2C1BC9B43BD73B396
                SHA-256:AD390DB26D0299E8A84E18EEF591096864F2429E3401E4CC06C2995EA339153C
                SHA-512:826A5FDDD79CC430D6D7BCB88F6FECD92406EA5CEE2BAD60E0D3BBAB21433DC6B3AD1A992E93BECF9BC6F8B3ECFBE73A83927D32FEF5C7783DBC08078430C132
                Malicious:false
                Preview:..{......#....u..........L...s}.TzQ...^....*.]{9K.cg....$.g<.b...l.. K..A.%./.AOj.L....g.G,......u..u.%.q2-.g.f3.:....Ng....zzz.?r+.T"..GQ...........pM.v.2.........G..;....B..2kH.f.F=..u........G7..a{!..8.-....&,...k. ........l.bk..8yd.d...).!.K..n7..Fn.5.P..b....q ..9*>.=i."..{U=..>...p..[.z..I..3.... ..jS.\..7.D.I~...?&.V>...`Ylj..6.w),BHJPZ......DqJ....~..].L.A.........a.v....,.!.?..s./7$.,...,&w....q5..>..z.\j..p...a.~.._.U..s.buaEu..]co......Z.%p..C..S.......K....z.......}.s......]e&Y..S....x....a..?...-.....Z...9.iy$..x6Z.F......*.......t}mVq.fZ..trP.....+..p....F...s}L.[..i.w...%.P[F.|..G.'.6..V...).D{.. B.yI.U.T&8...W.......F_(.....T....,...=}..5Fn......JN.....gw.i...c.<..h'.Q.+K..B..~.Ma.O.(v..u7.....cqc.;.rF.(i.h...1..S...<f.2.G.(.CPS. ...^.?......:.......Ed2.x.J|..IB!."Zq...g..h.n+/..U.HQ.vl.VA.<.......PN..=.\..p....0RMaE......?.5.W...A0~..~3....W..za....B.jQ.,..v....f....8.D6+.`2.A3Rtwu.m...[Q.h...C..|..'...f.ken.

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\UYwekms.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):33022
                Entropy (8bit):7.994412756863025
                Encrypted:true
                SSDEEP:768:hqcUQBYg9G2epRNxFfuVHY2KAEsSTd+R9gvAox69Ea:hqcUQB10JRNHud97EsGKgvAb9Ea
                MD5:2CE2680DC9F37067825FEF217E129A17
                SHA1:4DB79A16845DD1DB45ABC6AFA038699A059C8DD3
                SHA-256:B48D04D22C88DC5FF77E0F81B00EEB5F6661ABB7A009E93BBD9020427FC68ED4
                SHA-512:8278369D205F1C9A313852FC0BE25291866DA841D77066D18B108FFD4654004F55348BBCC56B27F8E7CA5896B413D69B14A1A230FC59D82F77CFC0B6862F10E1
                Malicious:true
                Preview:..._.*.B~.z.J.e.....r.9...?...L.....ih[.s..I..}&g.e.R.A.C.>F.........h.p@MS,.E.q.z..}.....H....U..-..<...Q.,.6|.Af..A:....D..cJc&..."..H.!..B>....\.csw..:._...<.k/N...0.n.^.mvFL...5.b.8..j.)...G..6..Qb [!.5x..K..hP..zF6h...K..+s....\..._..{.........s..;.Z.....{EE.|...cgR.!..i...(!.m..b.w.HD..E:f.8L.a?T.@....b.0.....r8*+.,1.l......u]..@2....#W.]W'...k....P6.J.A.^..IJA.@....'...R.eQTG(..r.C.}..)....#..]OM.!..bC3.5}.U..>..I._...g.W..i.....v.....|...E...K..+..j.-...._...=.m%..(..M..f.\L.L....b*C..n..5.l.~I.`..Y+..G+........f.U.UBL....<2Wl&.....k@...+....3b.)n.x.e.o..8.s..<Pi].!....>....e....5....m>.....j.I....S....Qz.$k....'.HV4..Jl.'..>.*"|.W.MZ.z..$..;)......*,._.bT.t..$\vX.]).........=6B72....l.L..p(9-7.........Be.V..Y.:'..z'm...;.t..V~.|..LhHp..}.wt|.+..c)..B..9.Nr\..+.=..A...<<-..X..}.T...}q.53..p.S......e...9.J.}u...$..E}.r....kV.(.AVX...-.Hq'f....Y...7..........).?.U.u,il><..3...u........fa.....O.:X...P....H..Z.Cx5....L....)1....s.bv

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\lQDCvma.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):255
                Entropy (8bit):7.215262101563188
                Encrypted:false
                SSDEEP:6:zBHQ3Vb8cq01Rj1L+sEwcAxRaV3Y4sJakyHDttjL45YM6yJ0H:zBwN/Nn1nEwcwXt70t25YM6yJ0H
                MD5:B8ACC06A0A30286A42BC95DF155B2455
                SHA1:435627BB9E8AB4AAD662A6414773372B1976236B
                SHA-256:3D18CA120BC258B014A5707E3DB9EC3DD5E306D6067397138ED853DB192BE197
                SHA-512:A627D83D8AE5E15BBB7BABCF36598A494321DD5DB5EBA28C7B8EAF4777082EE89E62E7F3B562A7A6C06226B54A7A17402D647CCA57241B322BEFF3FF9839E5F0
                Malicious:false
                Preview:........hp=..s.[..-p.A..~R.;.........m..k..r..S..g/e...........+.t...D.#...a....".....eB.~*....n..b.A.s.9.....*_y.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\t6HcBeU.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1048824
                Entropy (8bit):4.982845153494724
                Encrypted:false
                SSDEEP:12288:sRm9O0yy1IOIX6GkscQEBr3EQSQRL2d4L4+bZ5sIE7Y+cjLMvRL+WO:qm9O7KscV3Pid4pbTTEc+c/0LBO
                MD5:2D4514D20082302B209E41A689BDB467
                SHA1:F2CE65FAD9CFD43326A0B087C4D6C97076A94CF1
                SHA-256:477655D551B17F90600CE620E81A200BE5D350B801540439E64F2188B0D0168D
                SHA-512:F5640138083B2A3342EE2F7D59B4E0CA724858913A086C99510DDD298BCB67DA31931BE2D84B454270E4759B9ADE5F37A3F7FEC340DBBD826C96C96889B419C6
                Malicious:false
                Preview:tZpx7....'.K.iu!I..x.....MZT.....c=.m.|.\t..u ..g.r_.5.F..5........&zv.P.iy.......s.....lE.uE......3.:..')M...P].A.Y.]...]..g@.%.X...e.,..J...............n.....cq.H..;L... .g.C...A"......G+$HV.L............+..Z.....=.sWSS..(.n....^5.TCy.0..kUEd}.J.9,..O.RG.. .....<.{B!.9...*.....p...Y.lO..H..=......m%/........=.@u.eM!.._.C..........0.6^.(. .6N.e...".U....W%.....H.:........lD.n.U...+....|.....V..++.\....-)W.e...6B...0.)....P.j`|.o..b.....|<p:.>[*.0..|....i..'qGY)%.1...#"t@u..~......#. .n<.)..c.p.2*......7*..r[|...h..B......[.'.\1...&...O........-.9..f|.>`.3.....U+.....w.~....m!..K..3.!.(..9F.kO.f[..RgJ...a7`[z..I.....|..^.............?K!.9...F.jW..c..l+zS.E.'..q[P..y>.d.G^.. ...>}.Ki...H.X;....A.%0..W...7m..C?..M..eF..t.....@.A.N..J..r.|.w.hS&............-._f........08..F..v.x..r......{7.X)..Y.h..l.~.j.........\...m.....+.B...s..7..EoL~.....h.....~..]~.g!...'V+...%bk`..rgK..`.....pno]o.G4.5.@W../.tE]>[l...i{Wa.o..S..#...>...#s..H.

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\W64O5bd.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):306
                Entropy (8bit):7.368852752618343
                Encrypted:false
                SSDEEP:6:g7e4zDUUrwRc05u3pnFzODmlwEK56kO4sJakyHDttjL45YM6yJ0H:g7e4nUvRc0w3JdO8XkOt70t25YM6yJ0H
                MD5:353BB87772187395755D4A82362064D9
                SHA1:0CAC1ADDA36F6A898D821E299E2183E695912F99
                SHA-256:535B029660FFD71B3930D579606E47443D635A4F177631ACC6A2BD1963006B40
                SHA-512:BC299448A425463D3FB457C2235353E7A0F81242FAF5F223B559EAA16F1E6086DD95C63599BDE0D8BE5C4F801169D3D8E948C0DA3332B2A01BD8E0D32E9550A4
                Malicious:false
                Preview:.^.H.......{E....Hk..f..8L..?..2...|..2......d ..-....+....k[U.!{..5F.g.T...F...f..9.....^m..k..q..P..o1.ze.iy....R.e.D.Oa......Z.p..2....sA..IN.^..F.H.....X....v.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\gzWC4GC.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1211
                Entropy (8bit):7.864834676743529
                Encrypted:false
                SSDEEP:24:g3QEIP4uYHZnbJYjqqBcBkJvAB6Nj/NdFreo4yM0k3eQe9sJB6wTB1cbDypr7U2K:g3DIP45ZnRq2BEvAB6NrxrLNwuRsJ3Ts
                MD5:3A4FA79820A7092CA698E5939995179E
                SHA1:B6519A747A1FB07ECA1B5FC16B3315F3D5E736A5
                SHA-256:00F710A445EC74134DFBBCAD04BCB7A7BD5357DC89611D45FC7298FE26BA9410
                SHA-512:0BDC8A3A8FEF0A2729CF2651FA7B537F514B9D24B58EC3983674A4E50B421FA83AC55982586B6ACFCA80BEA277E9DAE8ECDE64B308B968CE93B0BF9197AA4B14
                Malicious:false
                Preview:.FS.r..D...Xz...o..k..R..L.;.,R.C.0.EW..5......xiJ......E.4.m...A.2-.y....@...>`...:.)..N...#.w.....sq..._.....s`..4...[d$.K.9.$&sK.eT(.Z.Aj.v....[.....c@M!../..2.._"_-..cj".&....X.rP.......|zd....*.;c5|.X~..}.UW..........l`2x......3..i.E...:...)....l/f.`O*..*.|.L........G....7S....hx..LRO..~]I..D....(.VPlV......n...{h....W....B..+..A[D..[....Sk.p....H..'_......h.....qQ.ny..$.....Q.$..+....}..2.Fb.Ac".7.b.l.L....'....d"..5.*MkI.../...h..g?...k.`Y..M.......I[...y..u.<Q......{b.^.M.f...B/......<...>"....@..Q....!....].$46.......R...........!....8.#D...`X-......8....T..(.kIRW..V%8.....S#..Z.&~6.]...........r..Z.j..H.....N...Mo...*S.u.N_.l...}.j....D..4....?...-.{...v(...<A.....d...3gRA[..iqzF1u...g..b.v,v.X..8..oh."..p...T.(&.d.o'..~F.E..KB...i..s...*.;.%.a.?..vi.c.,#.....%\._.v...d4.7.<kR#..S..X.K.W.7....v.K3.~......k^...o...2...l.....F.79W...b.....U..v.1..n..4B[;06o.....4HM._.&."..:..!.znQ..Y..P......+....k[U.!{..5S.o......

                C:\Users\user\AppData\Local\ConnectedDevicesPlatform\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\LzUMrsA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):65536
                Entropy (8bit):0.2911766036019926
                Encrypted:false
                SSDEEP:24:fHK8x9Tm81U/r4cIWI0OCQFq5E4l/4LoyfyYtf3lU2u:C8xBl16JIUOw1dCTfyma
                MD5:34512F4BA972D278A52C06EF03ADBE17
                SHA1:592599850F42304885989DCB5AF8DEE051BA8001
                SHA-256:F1F4AB22DECA5E7190E2739E907ED925FA2F65DB8D33B2BDEB6634265C41AE01
                SHA-512:2D1C7ABC6AE1689425FF3FA5C764734CA7E1162C25F5360AD283F0A7AF021522053C71629A66E9619DF7BE8B497D429D5AE8B23D3A63F9439E2D211A178647A0
                Malicious:false
                Preview:.........>'.....A.UJS...G.p..)..%G...L..M.T]y.Ml_.k.Y......e#`.2.,....6R.`X.A.sFR.....X....n.xZ....A1H@>6.N.a........#.....lW..2...1....kZD...V85P..+Z.AJ...$..I.Dbd..q.....v.|P....).c...X...U..J(..7n"...^..L~...Ug..V.x.....$.r...v.Unr...B.X0..j.....k%.VlN..z.Ff...2./.I0..d.K....KY5..g...KJ0.....$y..wL..R....pI..y.z....r.Z..9.58..g.b.0...........8.....:...g9..;..uu2..2 ..._.,4y....l.....pJz9..p..w....-w..bP...c.K.y...b.0....;/.0...&Y....P...6.l...'_..D.X{$.. #.c...t.s#L.....!....*.W..,.....1..k~..;D;.Z...g.O.MH..D.H.)..ag...@.5&.:....`..."9a.5..h..,..e...1.....G..p....q..g..| ..dx7.Ag..1......l.jC#..e.)...1..f.8x...P.w..!R...aE.;../^..*G-v;y0 .CC.Bzj,..L..)+q..CZO.4`.....W..@....6Z".x.......i..`.O.5....gbl...{v.....S\l.`..y...../*...o......u.&.~..}..n....4.w..v.....C.....8..v.\..e.......0.'..B!v.I.|}w-..."e..L...Q9...gF...\a....6...o...`X....."..{5..........k.N..$....`...Hm(@. .-I...,..8..}<..r..U........].dV.~q..,.1..k

                C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\D3DSCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\eoz1WDs.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):4194576
                Entropy (8bit):1.5382371196143867
                Encrypted:false
                SSDEEP:12288:LuqRIcqyyvQ9rdes24SLVOUJWvRNRrk/8+JM:LuqRIcqNvqx24SXJcRNl88D
                MD5:A86C09F6CF8AFD881128533AB1D759B5
                SHA1:E20E9C92133A3EBAAFA7712608D4E497044C5159
                SHA-256:8CF94B4E73B9D02B84D11B1F31CA46C73544104587DE10394B108DA8CA3E3E78
                SHA-512:E040BF06826BD0C92E65E28BE43D6519572769DE1A06FCC278630E6D78B2E1BBFF9BBD8A0346CCA2E8E4768907B03F283C2E8132B70A2063F204420E86216015
                Malicious:false
                Preview:...s.0.wt.]k..q ......<.Z...d.Y...D..<.-...O..*=>...^f.i..U.!....(Uw.....Zu6..f'..3.#..81..?.5.G.>!>....,......K3..e.bF..W..e].H.uV.........U....@...W......})....bg!.......~..'.N....].....A..5.BDKXT.%..A.z....$.9c.^...n...2]0...O...G:G.G.h.5.L...b..LY......D!....xbJi.bu.T....~u...{_...w..V=R.....,...:p..$.pXG.D.N)..|a.9.>)...p...&..M..b.s.;..W"...e.p*..DQk.&|.0...qs[.....\..87~..5..".)W......dW^Q....Ri..n.....w._......b3....~.'.S.S...&.!|u.fG.f...o&rt..%W..e.>o,........f .r....>..).c..6M..e..@h.J...z.;....J@..x_......(.d]..\.@b.0;..V...Sr...#..o...<s....g|k.h.fJ.?.{.7......j.'.. ...?H...I(.q.........Y. ..s.&3.".D..........wnp )....8......j.+....q#.E.>{....}u="C..p._..P...D.1g...T..7.^..._.n.@.&.+ ..0./b../.MV@..{.).I.k./....\,...`..F....f.@.[..4.+..9..2a..3........&...@....(*.."t6z......V..N./.U2<.'.rO5T.r....Zt..................`..V.O.K....+-....3.?.{..g.&..^.j.Y;....H^s.../?.B.!v..`r. .~..n.h(`.UMK...N?...N.4...."..#.~.A.BL,N....q....P*

                C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\O5Mdu2U.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):279
                Entropy (8bit):7.150687709539064
                Encrypted:false
                SSDEEP:6:iXH4nIPhjUsnmj1czZ4sJakyHDttjL45YM6yJ0H:m40jUe1t70t25YM6yJ0H
                MD5:5B9D3504495B419EB9E35283EE76C8D7
                SHA1:E894DB3489303E81AF379F1223D2AD7EF2D5C4A1
                SHA-256:E28D6FAF0FF12CAF8725374D68420B02DC0BEDB94E583B044509CCCEC9A04E10
                SHA-512:559622BA9B0FA8CB2D5B49F93846A362046B6955BB03660B8F19AA55B7923567B0567799A2192A4AA11207A70670FE32994E6775446794B038E7D7B289ADB407
                Malicious:false
                Preview:..4*T..q...9I....L.8.i$..H.......|a7......Bk.Vn.....X.\.GH.o.....Sa.....:..{....$||.u..'....dk.../.x..y.AU.y.Sdu..O1.......h!uFD....#1Mi.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\Cl9nV1f.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):262741
                Entropy (8bit):7.999273317652283
                Encrypted:true
                SSDEEP:6144:dYBvR23HgsrvOJDbeg8sJkjLvOyPK9SNCkV9+38aoKNK:dYP23AsrS2gCLJWSkK9JaokK
                MD5:B29AA4C7BAF6E5F01000E27917F605B4
                SHA1:02E8407D45C5DE61C20B1D451EE8EB8CE68BFA92
                SHA-256:42E1B69221E18AF8DCEECC4DDD87AA19FAF3DA63F37B8F73AF3601CF05432F51
                SHA-512:1AF1D8984D78D6E9B79609CA057FEFEDF25F870AF188EDB51C6A850AB20B2261CB457C4A585EE9C23E79658553EE4D0420AF081B3E752FCD5F966F3190023889
                Malicious:true
                Preview:=...%...].3....C.N.bZ.:#\:..9R*......D.%.0/....qh....O..o%..u0..v%.|.S..tD.xe.&a....3mB(=\2..x(..H.....c..3.)o!...y..1._.-...5..S.o./'Dq^X;1.=r|..f....(9....>#v.g.Id..=...-{... .R;.%."M......]P..\.....pAp...!dO....p..#..>N=u(..I`e(.d.S~r..(..0..H.W.*.q....>.9...% .}.VF..FUB.....q.p.......-..f.e.U..*,|.+E......q.y...D...[zv.s|..~...4.a....lk.C.O....<..:k.k.%.2|*.~..`)m...."H.Y_G;V.y..a,..}....3".,.m..)L.4UR.....(....K.W...T...d....X.`[.(.'.Fg............8..........&.C ....F.....[.P.k.).p<....e.l.n..#.~.L..y.&.`...../|...1..%b.<v.yD..h...{z.x1.B]'.Mdul.I.....`..*...e!.G.4..... .+.m.....'.#NqX..e.suK9...T.H.....Q..o.l..Nm)..%..5.wC,.1...l....9;3i..#.....6..;.....v5.~PC....}...qq..8cw>.jG.q.......i~sS..t...._...Eb.zF..'#u.^.7"..3..'..w|,b`8i...O..X.Q.:9.v.=.=bT..8.....d...... .l...V_J0v.p.r..S.. f.o.......G.&.Y...B...s2..+..0....u.B........#lr..2I..;...;........D...)L7./.d..t..a...4.TW..{@V...=h...b.&..|.h.....*..d...V....4k.N.(K.d?

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\Seo1wjc.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.979285609556638
                Encrypted:false
                SSDEEP:192:LwPNKX9PSnAKw9ibtQFaFQ3aooDdZSQCd:LwPtlaz1oDdMQCd
                MD5:C11EC3D4E41BD7E1B4192D2D1E8AC861
                SHA1:D886EDF2DF3168A67BCD4DC28E30F216EE8C32C1
                SHA-256:87C2B6E7B9E29F4166E054AD318A436FFFA88B9D48D82E30745EAAECBC490690
                SHA-512:C48F56F099B51ED8CBD214689504568676C403D8B610AF16B82D43B5CDA536F97AB03A5B765661801FF5B7C408102ECCFE9E7FB075B7F55D7ADFD76B0B0FAA67
                Malicious:false
                Preview:.s....;&..c..........?..\=t|T..0q..t.3...`M..&[@K......h.Br......&x......1.%.?..I)q..*..IJCA._<.-....n.dF...C.WG~..w+2.$.IL.g.Y.s.....KrD.....p$..-..M...~...z...H....A..h....RWX0.....G..y_Tk.....WOS..............a...4H.p..w..fA.s."......./..2.Q......t..8.....|2"....P.....K.u...l./..A..l+...,.6..m..Q.={_...'&....C...I..$"+U..J....bR.?s2....M=.._...O....5.....^.B.n...k.2?/J...`?.X..A...]G.y.sN..%.....M.O...-.....t[7....&..}.d..vm....Uw.k.^*..t..vJ.A.p./.+..3.ne}.....j..G.NM.H.:@.X.d$...`Q...8.....1j.+..U".y...2B...&./.....zj.D@....B-..f.._..-.bVf.tX...iTZ..Y..Wb.$.h..._....i.........'..{..H..\XTob..............d.\ .7Z.d....8...x..z.&.Z=..x..*.._.0x...m.'..J..]..3...Y_...fsZ.TE.f..{..k..0.p..;~.3....<.'l.f./.~..$V3.+....#..x<.H.zC.J...%o......D.L.2.OH....... =RS..L....i.....A8........G._. .&...5hM..^R.$..cM...j...V.*...).cMa1. ..~<tz[...v=[x.....d..N.6Y...4..3.Wj~.......B...@.bBoxf.'....*....%v...\..9qw..._.X.p*.......oc.E...j@...b... .gG..(...

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\jJSy7g6.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.9763019222984575
                Encrypted:false
                SSDEEP:192:JQb30MUMTJLXK/GoBk9KKU4q53bCxPfNiuG5jhYW7JYuYCL:OLXP1a/1BWK7bCBfNiuGZhYYJqCL
                MD5:9ABA3D2EB37E56D84D7FED6B3DB271EC
                SHA1:C1F2881F50855273AEB9BA7EAF0380DF505DABD4
                SHA-256:8B7F2ACA04043CFD3807E9B906747022804C412E54FD4515B4C4B1B0B51A0B59
                SHA-512:6E1470E87351A69BAED464F11DA407EB339AC6EF1025A2C91C7EEED135C6A7A00A684543F28D9A478A65DC618738D04AAE65DC0EE493E9F836BF2CA1061F4B4C
                Malicious:false
                Preview:.T`..@.O.`C..T.u.....X..j.&>..J=...K..m......../!}C.....b.F+`F...4.......p..R....../)H.^..........o.....!&...j.............;..t .yF-.ps(5....x.V.:... T......".G...4...q..#.(N..:.5;}.$~?.zG.T.OL.j...W....mx[.O..1Y. ._8....7....Y..Y...'(..t...i;.....&.q.%........K...5...J.Y..$P^>..k...+.L....v..5.H..er....tu...p..Y.Dt...pO.m34..&.o.V[&.....;..C.5:..).6.7._.LR/......H.V.x.........?W...1#...>z?gb....ZV........'...p.....g...$+.......%..t.z|A.d...`F...>........w_.6kR....CGP......^...:..$...(..n.z]0W&...~J.%`xYH......{.y....McC."$i..5...b.2..WB..i.rG...,@......Ee.}`...Z....J..m.O.[Yw..Mb^....>....i.u.:&...Z...Sv.4K.)o8"....1h..(.RJB.Y..{(.....H ....].'d.....@.....v.o.S.-........#{U...<J....r.!..)...8...n...$.>G..B31...B.6a..h....|!.o.....Y..U.._....).u*o7.m..k.h..^..oW.[.0...~a.m.......H...m..s.%K.u.7o...og..$.a..z..:. ...#[K.\.....4.>..FQK..r..Vag0.4..5.'.7..I.W..7..<..G./...'......a....7)c..a7K..WD..Y.zo.H........&.$t..U.K.jw....>

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\mNyPT8r.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.979453806031741
                Encrypted:false
                SSDEEP:192:0xht7ndVZjYPIQ5pBs5Xc8yJzBl5O/i9Hz4NVuLaqSNTE1:i77nZjYPzBs5X09HA69TeVImlE1
                MD5:3C62DD6F7EBD595F61C7E35D62FFAB2D
                SHA1:579857821D1865FFF00679AE6DCF501B81682402
                SHA-256:C57E68F5FE043F507C4DB1ED97893D3B3E9EDD38A2CD18038782865FA09E8A78
                SHA-512:4B46126714F5CD44706BC7EB5145415583A6833722F7749C6133968CECD3C87C8AFDDC722621AE77091C8192619B5DD7C634E16CD2CEE20DA5717C37E65F61AD
                Malicious:false
                Preview:y{!..Dd........noo.-D...VG...^.c..;.....`L.W.1..O...)..2.....}.,.....O...>..y....42..H...S...+.)~.....+.>.sN.S.bGg....wJ..k...m.2..._9.....C.AH.!.v.X.v..$y!5.z O.x.X}.....l.o.F..Sl. V..BJFv#...'..a.q..K..4.......crC.G.%.!.r........A..}.v....F.;.*.V...:8.Z.j...*D.n.."...D.ja\Z....ij...H.....c@(..`..j..J.!.#.?...F.O]x..%..............f)6Z>>..Y ...;....1S.>_}..?.8p,.|~.r..vu.............\..,Tr.....X..E_.t...%.G..oG.......4..._.....-5.;e.!....h..kKw....h.".Ue...?..o.7(D....cv.l..R.!.$.{.5Rv......L...u.."%z.>..n.k.....rx{.p"7.V.<.P..u~..2.AZ.;..0.r#..H.*....&..y.h.D..!I;d.m~w..AE..\w...Ag'.r...#).....)WZ..e...O.<.H.@..4}UHF.h.....t#..-.......hSE..2..?.<....g.2z....L... ......E.$.(.@................[.X...$p.]O ?...a`X...w...y.gne./...R.?.$P..(.Us.y.i.....+..r._....Hf...=...\/xH.gt.;.i:.^m.......W..P..}.99.>.uYyF......$..X(0K....B9.Z.....>.[.."E..0....<.$.dpEH...=...~<.|.5...)......T.<.4.>.....%....\...Ke..Fy. ..`.f.I..Z.......F.t..F..n..,.&.D.e`6.;....

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\oEobBy0.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):270566
                Entropy (8bit):7.999394791063252
                Encrypted:true
                SSDEEP:6144:Au4YLT4Y6KDr6Qwk+jytvu5XWcmrHvBUAHEP7pYmfRMw+SGCtRFLKT/ecYD:L4YX6KDrYHGZu5XWcmdbEP+mpMZSXtRj
                MD5:C80C9D86C482CA8C4EBC0A5F76CD1C53
                SHA1:66013D83613318E0A07EF803A2682CD6DEE3AFAD
                SHA-256:28436C6AA897FF0AE23DF5D373A3AB775448E58C9F91773417B282EDE9C064B7
                SHA-512:CCE74352A652F9997F3975E231DD015F8496E1FFF68D48DF55F1759B2A755C5233040BC12F55ABA5612D50689185B0A8C9093AA522A6D166818D2021B2EF36A4
                Malicious:true
                Preview:..a..3#.N5Zh..g5*l.....QI].v.6.W.B.H...|0>_....... X.v../J.._....\.o.S.,..i.!...A).....~&rW...:.|#hj7.vTL7.^x.X...i[5&.Yu..J.>o....e.".1..LyN.}............%..:..J.p.##......\}P'..Cp...L...M.....L..$.k...;....:........QU.pY.<.....~q.}.P..phx8US ;.e.x^d....C^...m.~.x0...!...Zl}$4.j.Z......3..OW..X.._..J..:.....e...\O.~Wb...I.|....).2"+...W.......}`n.:....*.Swo....C..#u.4..M..5..D7.0.......+.F.....s.?%..%w.~.Av..6pyT..A:>...E8...zbT.....*W/.. .g...p......]kj..W......g.<.M..m6...:..}..B.../..V..:...R..,.L..J.C.&T.x....yW.x{.....Ny....W.....=.[n.9.53........c..@I...>.x.Rm../..gz..+..f.Xv..{.f2..Q.~.F...PR.....2w..%0%...lNe&.8._3.T.B.;?{mT..@......tv!MD...sG....5.<.4.........M}..]..@>@.1....9..6..)....6,.W3..?P..J1.j...........a.9z4.%...}.|....%.q.(......T.....-.....t.B....`.....w..4"...6...F]..(4.u.mn..SE./..B.~'...Q....;..,K.!.(DZ.o9tu.>..L.Uy...`...Y.X=....'......N.E.{h1*QK.....d....2;v...i.Z..n..l(.?.v..@!rY.6.'..........u:.mO....D.m....$L.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\6cHaWQ6.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.978403934914017
                Encrypted:false
                SSDEEP:192:18jOHeiBtTR/kazhUCH6wMOLTUWEZW0HTxl9jWNn16PFH:yS+Ct9kWaCH+OLTQdHTTJFH
                MD5:D16AC9FCC8356E68559DB691BF36218B
                SHA1:BF259453A5BEC46C347867B2DF8BDCE7A808A447
                SHA-256:CAED1C3A462D78A4F79DF008F2AAC44484BF70855FFB7A3E989357A9913DAF0E
                SHA-512:FF9B472A49DE9E40909654F3CEDB319AC9AFA28F0B460FAEA54FE2D5B4FF5EA77807E3EB04A2D646145BCA55F226E387E6EC6364DDC9F5943F5B9C7342D847EA
                Malicious:false
                Preview:......5.VT.@.e..b.m..........E}pj...2..?..U.......d........2E...0.f.V1.*.g....@n.v....W"/.......O..>6.{.e.A....C#..O.5...;.....C....WZ.......$.....'.C.eR?.............0.^..2.Dl...r.v..s.y\q..Q.....e..L9y..D.5i...7M......Pq...o'..|..%...?(.g$....$...u.k....O.....4.6.g......m. ^.\..N.........-.|.....,......p.9.A..O.(...,./.G....n...A...vF4.0..../N.~.F..Zn...W>..]...#..Q.#+.]$..;..v!h3...;2.tc0k...w.;.S...wm..x.}..M8.KE..R...EU......o.......W.PP.E.e........1....H7...V...'S3U?........&s.1G.8y%.E...t.O..Wbs.x.........Z.~7u.p?...;.{.;..sV}.....9.)....,*.b.y_....)..0Eb.....mc.."b.i.%..y...?.x^Z.S....r.,J..fj(l..\5.y....7..K....#.."...L.4....Wi.)bC7..[r.K........1.Ez..ru..J..].7DAY.._<b..Q..?^.kB.o..50..H+...'.jZ.*...8...Zv..;....L....{.L..C.....$.(=.h.....fF..E#.K.5..=^irb.K+DvT......B...<..5.I...V..B.).n.Y.L...!r..rVB.]..&...\..#..6...E...J3...!......q.....x.Sl.|...e.....j.W....{.1......Vl..K..4./A.(.c....=).li............@..o.z.8..$.(,M

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\KttuJGG.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.980635261692544
                Encrypted:false
                SSDEEP:192:/lGCLOZqoglZ+yAjeE+lTQsUQ58AP9lM6bVRXzSE:dGFQksQTaV1ljXzR
                MD5:C125CEADC452D576AACB20532C7DFC34
                SHA1:DAC9E0715EAA4593912CFB7539140E16FB3A9B0F
                SHA-256:7D49FA531C8065396E1A46D755C6E94FA0E48E97474CF644D49285A05DEEDC04
                SHA-512:D48CAA98726EA633D2679D20CD1345BDDB9B1394E3C39F35ED9A984D02BA88BE5E3B8F0AD48459CF5B3432F25221FFF21BA351E43E680C9B3CCE4C300E2EDA96
                Malicious:false
                Preview::h..t.W..;M.L..Tl...i.........R29.}.C.aIr7..v..?..>K!.A........j.Q.............F..]O.'H......#..hB<.Q,.....3...@.U....3.K.rdm..xI......X.....>......2.J9.D..w8r...I..[9h1...e....T#..6..2.."....R...0..).....#G.!?J..vT.f...c..E..^..X........l.]w".<.W.6..)..V..j..q.....]....L..@.....oD...Q...]...UIZ..$r8Z.L..O.]..&.I....'..n+.ZM\.f}?.9..0.*........Y,.JY..)......W=.0...l../..@.20ziT,Rx...,.../;...q.(D..N....>.E .I.CbJ.N.uy.B.B.^....?h..T947.G=R..........`..X.H..b.*.n*8..q......;k.|un.R.}..~.[...7(.R.5.2g....%......2.Xb5.....0.ms...{ .{.[..pJ.Z.>.y.........k..9..d..Q.....i...>...]A/T....(J&Q.Z....d. ...Y}<..afC. -/-...hs.G.....@..l.>..v...k..O..t........h...fr}3....N_.....K2Tt`.[.H`U.....^<..P..-V.Z9_).. (...Rg.5....a3M...Y......,.......),.........`x.b.......mi......0'.....T...!...U,T...3....L.-.\gx......L..q.%.#Zr..(...?....q..G..n.._.1|e...O...@J.#..........2.f]%.B.0^1ns...).p2.6........<}..M..Bt..0@ds%...~R.......E..7I;....0p....

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\Rq4oObY.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.979294906300732
                Encrypted:false
                SSDEEP:192:hjicIQXsulDI6KqoUG/vva8DsdgfmMd9CZ22:hqu1nKLUYna8D8k9C02
                MD5:B5B1F82F09B8C121CCF7C4B9CED2C604
                SHA1:76E760C77BDA6D3E68BC6A2C0A8E53B93E727236
                SHA-256:596879B6C31657E73040F7AECEC27075CEA067660FA600FBE2E8071CEA2919B4
                SHA-512:37041C20699E418BBEAB861462856190F54256263209A741A0CEF28CE3D78BA26988BE372CF0D7462F79F0AF0B0AA9D8F6430B6434542B23271B8EEF6E354FE9
                Malicious:false
                Preview:.<..../....g.v.D....~6./...FZ.(.W.\..8.#?(..p....Iq5.....l}..0/...|._..#Za..O.b-..[.G.i.4....f........v..*..0.]...~.B.....V.~!.&..........^X68!.e.....fS.Q..yOx..n....U.O...Zk...\.x...6...M...._.C......+'.X.@j...dj|ArZ...#i.9..;lEI....5.d._.~..W.X.z.G......5..].Z.P]A|...,E.a...a...fg.N...HH...e..T.B.ppm..|k......;..5 ..1..;......"5.%g...#$JP.6X.Y....O.G...... w.(......)....t.x.l.v.v..7..G....T.......+...`.Hf.|.....1.*.v.r..5..~..s5.....<}882..D_M...Wn.h....../b|..A......t...u..1.l.A....B..........5.nJ..=.O.D!whO..4..??ax_...@.!.[.a.L.0&)....&..8...v...FM."Kh.H......z...X. .........+..d......Km.{.j......D)..V...t...$I.C..ep1u..$..(.5.\X.;]...A.]....-..0...6. .=./(.J.^.4HT....u7R.....{....Ov.S.f.c....K....=......k..{..-2u......I..2./B.?..U..lc:Q.;..Z..d{.n]..P.....v.t.RV..2.>."].|.Z...IG...c]..{....,i.H...LER.'..4..t;...'....v.(s:.G%8...M.f....#>.V.Y`5U!I#.$.8F.`....2..%.vA..Nj....]... 5.b\.)......W=.P.[&.. ....w..E6tD... .f....Y..\B..r..^.T..!G..e.s.+

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\cwd6j1h.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):262741
                Entropy (8bit):7.999271546358361
                Encrypted:true
                SSDEEP:6144:vlQaj2CCkYJUnnqk1xePMrGTJmTfuQSWf7uKO8XA45kXy:vmaNCkBnakAmimf7uKO8Xj
                MD5:02F4E786971619D6F2EF9C1E21D4B8F6
                SHA1:4A8F3639999F4A3F3BAE81729BCB3F48C66DA016
                SHA-256:77FCFFBE61DD69CD7F639CC2B613BC55BBC93538B31E966621999789EEE046F3
                SHA-512:28288752B613E7A43AC08784D75D57D935FBF8AF3FEB69A340B3D7A540C218B8B215CD380B41EFC2C3B212EA954BD156D16141FC851E95BAE4E61251A875C173
                Malicious:true
                Preview:.....2Re.t...-....57..r7.9.0....Hy......2 )I.\...=w.....s.....qPO........S..3.N........H......O...c.....1.l"`E.~..C..si.....v..N.j..G!.>..~...UP...._.._.P7.L\5.9.fB.W....xXyX.p...&..#kt....IM..n...xIE..jyB.......RC.mlvbH.nL`s%...g].....oEihG.U...%@.3..g{...d.....W..h.,.........gs<.kM..h)[..6.s...4....{.....p.r.M.XD.Swo6....[." k?..7mU.,......C..Sz.S.zfq.#.J..#..hq./3#..h.Q.(!.i.%83q.R7i.".=.j".u.J...o..A..y....f..5...k.rt..w.~|.B...z...%...AY.E.b.'pW.\f..k..&..]i.".]EB....~.Q..X...:a..R.H.q ;v..56nBkE.Em.H...c..k...x,..^....fa...<.MjW....$..O..8j7...@....i.i.u..CD!SxY...3.NT...ux.X...8....k..[.2..A....w...4.T.j.U.W.......5.ZUM.*J?...@..........!&.z ...Gl.P.......W.....T|.x"~.|....eVc!....F.Z..v....".G...X...7.....;.....E...d/+.*.V.."..$.RvL@.].=`)...........M..........%.....~..p.K...D......S'..X...[..e~.!4XU.-~.8./..!.]5../...4.B..*...Dn*+v.t.IH. ..../...M..n*...J...m..V.s..k.\.1..l.....g4Q...hY..QV.....qOaw/?.'b. ....._..Fj.#I..(.....z..qk.q.3.R

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\ptDt5cs.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):270566
                Entropy (8bit):7.999228139026974
                Encrypted:true
                SSDEEP:6144:ywkj/AvI4JYkVKRhenIMnI2TbbgxDr3e/KYDbov66fW0ZBRz4:ywYn9kVwenX9gnu/KYDbodfWiRz4
                MD5:FB696183F0A1DC48DF8CC4B98166994A
                SHA1:C058A745B2D0184B00FDC88F11D6286DFA6285B2
                SHA-256:F844625CA9F168397AD9759D2A5AC774BD903512E9CDD5128C12B7ED8DF89137
                SHA-512:59C5C346A71C2BC72DE9662F593134671222AE97BEF15A9AA9E049E4B9F5660C5545839FE5E9014995612D151F84FC42C51C6E2424A25A8D06D8A51147411C9D
                Malicious:true
                Preview:m..?.....#.f.m..T.....'^i...n...9...i..V.q....%9[...2.10h...Z.C.........y2.mulL.+=..C..J.b@...T.fb.<....s@..W...cq........w..2>~/f....K\.................3.....X* .M..5.|Q......s}.[NW.fA~^...D..#...y.........U.m*.fQ...._R..@....v....f..(.>`.rho...a=Nl.k..zOG|.|(..E..%..I.*..M.ea.,.l.B..o....I.U%.KB.0..[.e.;.'AJ...=A...oGuU....Jo.#...iw..YP....z..M_..^|,k.x.....7O..B)..#y.E...b..q.57.$H.o...H(.Q..N..tnI3.a..-.......!.dg..Ls.g.`2.9#.G.....7y..0.J..{*d...P.....|.`|..<3......x..*...:..i..2...u...I^Y..........9..>...gG.0...A....$NuZ..d....9....M$'.6...._...L..|.G..X{.:.._..........'.w..6~......P..h..L..zp@.$....i..p.9.w....K.5+.Ys.C......j.DD..?.M9v`.{...h/....N.OuVZ..M..Q.U1.Z.:......E'.+M...... ..]Lb.}?..U.mW.Z....dSF..-n...o{.8..l.g/0$.e.9.6..j l.\.W..bF.|..[.0...*...a.{...SD..$.1{._J.<...x.J...ft,UT...?L.s..v.A~..]D>W.1..O<.D..r.O..s.....T..;.W......B+...9.\..../.....p...4!.=a.r...2~...P....k.I...<......K...v`+Dg........H.W)D.-y.9.C.Xt..P....Tc.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\H2nDQtS.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):49403
                Entropy (8bit):7.995697439217917
                Encrypted:true
                SSDEEP:768:mTZe1Sh0DvuxxdMNwSRTs8XXKuWJgcuSiAcfNS5dxAixbBvXV8LKbjsChMPkCS:mTs1ShIux6xsa6uWMq9FXV8LIRYu
                MD5:6BBC71FCF431195307C85FABF301ADA6
                SHA1:780FF7C5E420DF21FE7A75948E260EAEF97FFFD7
                SHA-256:962658C9AF5CA48C27417995D609337C0777D91EC5E24085C0A464455AB3CFE4
                SHA-512:F50413115A618B1AB1B9A65028E7CCACA34C90DDF97C5EAEC72FF635FFE164A453F912B110D3E089CA755376C72522D62234D2479F2C32040EAE721CA0F8F6B3
                Malicious:true
                Preview:".,C.....e...T;oZ.H.b].......d.]I4.<.3 MUA...g.._.zb..E.}0..z..A.....4WV...'.c../..4."W..iknIl..}A..........`.x.a.z....F.$(.0.*.Aq`A....._.FN....R..h.G...R......-.+0.f.k......f....`.(.....!....{.s...?.Dfa.......:=....~..[+.S./.%.M.. cVQ.s.....f..Ni..4.GY= ?<..ekx.c..R.N.t$].l.d,.'.vV...4...x.+.`.!.O..^..m.....r..r5W..`.n."..K..XO:.9U....N.7...@v....D..x.DmD.......F..e....A\....@....`.,PW.U..............*l....)r..m.D)..0U...m....+.!)U..Ag..o....@.....Sf.gl.s.*'Rp.H..|..L0...@(..VoM...e-.....0.]2.......E.%F....^....b?..q..[..R!...B..^.}..:....$.Y.....19A...N3.RY..m..2..(..{vw.....p......m...us.......h.3(.4..?...|.@C....(*.i.9S.\v.;...n.O'...m..E.....N-.7..@x].... .J+.....c&.............3.*M.....5.....<.-3...G:..me....,.ty.....NHtN.?.K...7.FR..O..\w..EvQ.......!8....C./.+..p....}.3.^...Qp...?*D..x..s......<..!....+..j......I....-.....5.n........h..u..5..5..zv.l_%...Ht..9.._.-..k.{.x*.<`3|.A.$..|.v.....P.-..\....W. 4.I..r..

                C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\OriginTrials\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\PG29CJ6.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):346
                Entropy (8bit):7.361112486391327
                Encrypted:false
                SSDEEP:6:uHn3iHd3EOSL4YFS9+OnpiAW2bMXjLhbQL+Z4sJakyHDttjL45YM6yJ0H:Ggd3EOSLHS9+KiL+i1t70t25YM6yJ0H
                MD5:60E263A3CE999BF0C5D08C959F359DCA
                SHA1:70B42BAC12AFAEF29AB76C1D343C3AAE8AE0122B
                SHA-256:D2E698385D1757D4E0ED7BBCE4BF552154212C1B5D378E126CFAEC2485E49B39
                SHA-512:B90B973844AA32866D455E8992B50B7A52433CB489C7A3D424C92B9FF886FA723CF089AF718A2806DA6675509AFDD3A0B27CE4CCD374E91893DCA44D239C27B5
                Malicious:false
                Preview:2...s...~....|H.3..a'.3... ...(..y...;.....H..6...>.X...^..4......~.jX..Ov.........[..ZB.4...3Uz(.1.C.....3...".w[I.K.....J.w...Sa.....9......EI.(_.&~..H.@..CY.\a...l.......nD..Q~..J.'R.8........-.I..j.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Google\Chrome\User Data\PKIMetadata\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\QlEKJZr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):601604
                Entropy (8bit):7.966694292123377
                Encrypted:false
                SSDEEP:12288:w6a2TgAfJsdh07QDvCUUryGeGFALeVELweAGDVpRcLujHI:nTLU07Q+rRALe6bhfo
                MD5:C966DCBD6B1DEF6BC72ABB517CAB2EAC
                SHA1:7781D9AA46F0F98758A0474C83320AD65865E15D
                SHA-256:A465DF9CC802CA58B66F3CD19A648D61CA693840380C3290380FC4F01FA9161D
                SHA-512:4BCF5EFD6EA4FD91F3D3790C63AC0324E903AFBBF3062A0DD45F5C082BF395704098A73CF761E61F9FEC404159AF310CD92673530ECE2C8BB46AE1FD249DAC42
                Malicious:false
                Preview:Z.B!..,e.....U...JL"...._...7v.c.XN..|..].>...7.NP.3x..u2.V-I....._.....e....d..9./..........3Q.blV...).)..2....j@.L.R...CKV.%%...m...61.WH...*$C...w..].......Sbv7E..BM.D.s..8...}lrW....H..f..l..U..9j...Dh.K/...7.o..d........Cc....K.(.&]DAy...^f....- .Vw7.4......k.is.w.o.8.f.y.>....k.)....f............l..o..$.Q...OSf..".[.#.Rs..((v.oC..x.G..F9?....Y^..Q.Y..k..T..;...*..66D..e.w...<P....P8..&..........u.fx]?...j#.S.......=.\..$.........G......z0.U.k<.]:....+..K...&J...?..O.C.....}.0..\.LU.Bg..+.0...hT{....X...g=.7..)3...*..YCb..\5.D.ig.WS{...A..&...7n.....-...........z,.L...$@..M..b..il...\...t..%..M.2.x.e.G.."g........pO..R.....8......9....e0.Y......m.~N....*(8...2Ft..ig.z.....F..M$.@.q|...w.B..].j...)g..>.nG..Z....T.k..*...d4.z!...&8...1.x.S.7.7F.q....70Z...^E.ee.....E...zxC~...:...{G.....c.Mj....1B..[1..E.=.lL%..C\3.p.l.:>n......>;....@r.~4..N.U..4]$.D}5..wTp..X.f.x.(......!...w..R..)=..T...%i.y$]..W^..<F.I......F..'.~.B...c..

                C:\Users\user\AppData\Local\Google\Chrome\User Data\RecoveryImproved\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\SafetyTips\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\DS0L4zH.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.975186577931846
                Encrypted:false
                SSDEEP:192:WopI15r5UbIZghxG2sjW+2MF/TXu3+H7pvDWq2eXvodG:WWq5YIZghJ+fLXoe9DWq2Gv2G
                MD5:C725758069B484C44C0852C685591963
                SHA1:5F02D66F714990246A871B5B1117C64E9C5E74BA
                SHA-256:3E6256F51AD184CCAF906E57EDF359D6336D2644F21DBEC3B3714E3428DF46F8
                SHA-512:FF016EAFCD72E12113555B6D3CE596962D001587FEC8B8455CECD78B7DBD400E269CEAB55E66DF9C93C0CA4419985F672358095F5B2E1F56000432A7CC68C794
                Malicious:false
                Preview:H.~....a...ar..l.-.MRM.b+.{d....x`9Mk^...u..UI.w.V.&$q.$HB.M.+......j..O4..d.S..|.&E....1...M.. +..D.N.|H...I.....oE.."..h`..#.$.....ZUy.Rc...2tyk .e....l.\.....h.!.....`.&\...I.B...y.u.{..**w..MR.M...o.I.....&.9...>|..$.l.k..sR..2..^N]...x?..W..7..U0i*[..;zM...xD.eV..Lt=:_.L.x..=u.c.M.....X..r..S9....5.m...:w..v<...F^7.Ku`....l...6...O....7....s.G....o(j..6~...,...rpcqd..&).y,P}(..](a..i..:......_/.....#....s......a..+...q.y..z.!....<..~).O.l.l......>6.cV...T........qKJ...g.)l....7.....0E.3...(R.*..n...^.m....1.7J.6...n._9.........% .. \PI...`....k...j..1...Y..k`.......K..V.S..6..a."..W..|.....2....d..(..\.e5'%.H.J..=.wP.#gS...N.....\..+.V).....\...^...<"....+.r....U=(..Wcf.p?.*.;.......*.(.....K^..B;&E..6}].9......q..}._.g$....... ).3f!W.O=tk..K........).N.6.>..R.h.aX.@...nB.N..kz.[V..... ........V.9...c0...'}>.J....K-".;.CX..)Wt.3.'.C.").y.l..b....W..m.6.0;]...A5S.N...\h.I....01......{..?iv....->.7...?.{.0.;..2C..'.i....Z..

                C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\EjN1Tv7.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):270566
                Entropy (8bit):7.9993005454900725
                Encrypted:true
                SSDEEP:6144:U5JDxdpcZ2m0OVZyNcbwfnoXyKYpVhgurB5UqwRmviXd2NwEr:U5JDxK0y4ccfnonYHWqvUqMtS
                MD5:38F94F596E72FADE965937510B49C75D
                SHA1:C967F9BC0452DDC2FC899F92D868B485BF235B50
                SHA-256:D77120FB40082278898A9F0365251EBEEB7ADC69EF2A7A2D0C29C3EBCE0BD920
                SHA-512:22391572C5E4D014F508A2EEB80195DA0F7039038BEADB61FE988D452C9D4B6627EF690B2C0414057D5C0E42E71FD7A6942D914CE3F363F837138019314A3CFF
                Malicious:true
                Preview:>.6...R3q._.[..J...........C.D....O..3.T..S.l..?..O..<.N..LJl=D.*...=..sa....?R...Z..f....S.!.mq..s~........9.q..%..%.F4.t...2..o@.5.E5x.4..........v...QR3:u..3<.{u.VK....@.6O[p.V...C..-..7}.."..T.u:..z....W..B....[.r...;@]D.T.2...x..fTH..P....."r.v.3.......Qy.....@l.Q...t...J?.a.W...)-..T...f/.+8.Inx...m./.z.4...$.eE6...l.{....]..n^r..b.m._.%,....T]LXE..k.Ts..@.k.Yk.....ISc.#a........Y.......w..@..Lsl.JFxMFSS.'..R. .Nk..;LD....P..Z.*....V..........eA..vAd..x..A.**.............=...:.O..41.h......z..y...t.<..y.W.9..a..rz.5...!.d..1.}f1Bb;.x}..$M..X#...l.{w\.^...../.e.. a.E.....^.....t7....d.p7Ef.3..d _\..2.ut.....o.c..6..k\..D\...] x2...$. ...0{5...R..K...K....Sd]:.....{.D.........d.bf.27.e...wM.w...@=. ..F..../V.SfD..U....{...eU.O.$...5..J.. w......... ......h..{._7?D...(.v#../..}Q.5.F.VE......F.~...,S...(....S.s.3..*g.k..1I|..d...V.4......[Y........=.`....9......6.#..X?>j~....PB.. G..R..I6.K.@..e.........2.7.>:.~M.."rh..K.............f)..cm..AH

                C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\HKz5h05.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.9756021682964215
                Encrypted:false
                SSDEEP:192:GlYTOPGyAyv+0qaK+dlZhoXdlMG52W+t5HlzulCz1HgXdFB:GlYT6Gr0LlrbYr+t5yCz1Hgtn
                MD5:A73322AD61BE3DFCF6F0E3543DD3DDED
                SHA1:286644F51A2D1BA81DE58970C8AFF15339154DC6
                SHA-256:E232C5CE5E48A514549D3B0F3D936CEAD907C1656B422D34FCD06244A8B671F4
                SHA-512:77BDFFC6003ACFDE51BF3070ECF33C34D93DD40A81D23F898567FC0912B2DC51C54BA6B21D4121777157A18BDF5F054BC5F13FC309DD69A79C736B1F10AC8B72
                Malicious:false
                Preview:l'..BN..Ei.b...zg.{..@.n.[.e~..O...G..$...pi.....G.N...c.. ....p..I.mw0c9.#.X..-...W.6e{...@..2.f.O..V`U0.&.-...N.]..g.$w..,..C.eW..9j..+Z.`M....L.-..%..,.4............H-\c.Y..b..k...o..%...-M.fW). ...&...=.Z 9......pT...A.J.O./^.`.*..._.y|..rkG7.Zr.g.(..Q....;.~..~...SW#..n.....H.?x.#...[.9.G.....I....4........my..../\W..m9........C...X.S+#.F.x.lp.....}.._.....1.....vQ.eY...W.o.........O../.c.k.....D...jMC...O..P.b.w.......E.^;..g.Q...`ql ;.fq;.@.'7W......Q...5..W`.?+....K.....]..p...S........*.YD.+...s.q:.`W..8.G..q..&......{...YW.....`.. (.`.....b.-#`.._Y...4..R.E.[.4.e.L+.......0....F./66....aG.Z.`l...h..C.T98..CtU..H^..P...eT..!V ....{.....r..c..'..S...0.b.R..._.x......3..-....?.....:...y...[.Y|$...g..z.f.DK...N.I..)......wX...........u..w....i.x9_].6.m......J...w..6.o.2Y.%.X1.{.$:.3.l..<|.;%...<....{..v.....H_.keB.j.Ew.T.I..E..76%..e.....h[d.g......8.0.)....lUL.(...R2.b7.C.U.GK:..w.).]^spM1...e......5^z...C.)k.D....-{....ldv.

                C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\X84fFkF.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8422
                Entropy (8bit):7.976980709913126
                Encrypted:false
                SSDEEP:192:NSatxhMqfu842rnL9xrRPkWnj9JMym9KNj2A715:4WmL27L9xrZ3n3J9
                MD5:29E9A89D8366D3E259C48C47E7891BDC
                SHA1:23F15931263EF49056150E4B29F06B76BBAEFE2E
                SHA-256:CBFFB7069DC6163FDC9049A7C2E3637F70DB34EBFE870B9A04389B20330665F1
                SHA-512:4A03342F389078E1601942988ADEF9009AE734A6A5EC492F00158274A90B9C8296C9B60566C28B91546A72ADFB7524CFC8DA4916209CB8A347F631774FDF76E2
                Malicious:false
                Preview:ld^..M.q......w...Uf.E...\...TAd...L....u.Y..d..7..fV%fj.....n....=.'9y.s`rK6......i..u...[...zU.O...q...Ek9....W3(....Y*...6....1aD;......XX..3.0.^..../..~.P.pRI....A[....KW.g..Gl?....y..o\..I.Y.k..*.b...^.j..D}..Aj.j...0.<......*...u..8..9.L.9(...tI*_...E.....z.e....j....D...F.X..6..e..][..($)..j..V.A.$..........i.<.......~..,_k.R...H.S...H.:..S<.H.Z..gcL.]..>Go.1.m.....zx.....8u..qm..B..d"...5...<.aV..gL.&.\......x....@...'..Xwv(,.?c.QXppi..H@y.m."....~..p.@.@.(.....I.{R.4d@S...9......j..Vpy.......V....9...[V(.8e..+.F.#.6n.1.u....H....r..B.[...D.y.=....3....>A.r.1.~.4S.."I.#....z.o.6v.~kd$....9..:..........u....8...&.;T*(..E..4!*....u.....<....U3..._...u.XF.S..SE8.{....4..3Dy<."@.z8..*.....r.].9..%.l..h.k..7]...........c..?.`..61".VJ.O...|.:.ZI.uU.0....T...N..g.Q.e4.. J...FK....%.5.lpL..|7.&p.M...!.;.u..4/'j.....K3..._r..O2......o..".Qd..o.3{...:c.i.E.7.....-......'...BQi"@P..v..T.;..a4.v^5. ..;.$...S8..m...)..GV....g...@d.t.v.~...-..

                C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\stiLb8O.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):262741
                Entropy (8bit):7.999349315636983
                Encrypted:true
                SSDEEP:6144:/BVzVSLU5uluctZ6XDXo7wiFhdSOOPTBfdxOSlZqgQKWk:/XoIGf6T4cESzB/OSP7Q2
                MD5:67ECE11FF37944D6ED47089A4C4EF929
                SHA1:C8A5BE3178D36E1094DF1A11D971622FBF29F09E
                SHA-256:EA0D19798ABB7B810DA71A4D8F6D3B3832BDADF33E231ECE4C83807B1885CA08
                SHA-512:7F71A03C20A4BFDA044C42D0682CF0DF664C05A366F0C7E65F8991D3DA1F90CD00F4B70D84E062C2B81E929A6B29A5485DCB688CE57455028337817A580F8A35
                Malicious:true
                Preview:..gZ..Y...../.3...w.G.....p.(.h[....`r0.qhv..I...3.Y...n..MDh?......r..+........2.&,....j.T./...!.2.]H.{...X6....&.5z.o.9.|...N..2_Xk.Z..j|F.........0.=.@...[.f8.O..u.TM=JM..w..g7..S.....'.........e....!b.k.H..-....L.6(el.......u..w......YP{z...g.$.....R......u...Eua.#.....*....X...M......Y.B.Zg=..../...}>..Hs.s...Z.3`.?+..N..':..Z.@....d.`..1.V...5.F.=.+l.B..c.J..b...`...<7..|..r.^gF...~..[..i)......B.m..o..o....O3g]V...r....8.h.@T}Q[.......i......9.9.c.+...M.Vrs..~.......b..V.I..v7c.(.,.'.A.>i.p..^?.gv.fk.S.rz........)....2.......b.Ob.S..v...[..O...,.En...a..9j....a..8.O...*...........&..BG.T....b....p..5.y=xt...K.;&..`z;c....0:..'.).x.YmE..xC..-2fmk\...3."........lK..=.4B..|....:...j.j..!qcx.~.....1F*j).....e.#.....'.....&..c..XX\....8...0..U*y.|.AOP@..R.!.M..$.....7Y).......we.....pT./.........0xB... .q..}[..H.......z] ....e...0...~.UD]JE.....h."5.|.H.T..F...`..QU...Z..Z....F.....[.2e.."<.._.U....Oi.(.'.@.CB.s.(.........w.8.....y

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCdm\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\ZxcvbnData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\aMY3DGn.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):320
                Entropy (8bit):7.308395909073332
                Encrypted:false
                SSDEEP:6:ZcP2H4TqOUAEKXwf0AqvqQLkECHHo8hR7btWBB4PAM4sJakyHDttjL45YM6yJ0H:sHrELoABHI8hR7btWut70t25YM6yJ0H
                MD5:A9D7FF8DAE7C4A56CED6577960887AAA
                SHA1:A005B64E0CC64B43CCE1479A88DB3E0B01784D91
                SHA-256:BEF097C60BFEB07850238532EA0DB338FA839FF0611E44135C4A99BCC055CA0F
                SHA-512:E39469AF34D451EAA6B348D04FC550F246DF3A128A58BDE871744546D97D2676A666FF6042DE6F064CB0008D4881B345AB15604691179EE231F7C2171F3D7945
                Malicious:false
                Preview:....!.c.(.TjS..f....^T*.....:..8P.>....\....w......0|.*C.7lA..).BU..d...+..".:v^m.e........L....:s.....EH.o...Sa.......J-.;..a..].4<....zM\"(f.m.O.3...n.-.d2.f.p.b..c..)e..a...8e.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\oN9Iex1.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):256
                Entropy (8bit):7.142725476484885
                Encrypted:false
                SSDEEP:6:zchY8L2XwKb14sJakyHDttjL45YM6yJ0H:MY8CXwKht70t25YM6yJ0H
                MD5:43E174AEBD3B89D4C693374DA55DB106
                SHA1:C8548E57B763BA5BE1288F0B2D4915E1F808F4B1
                SHA-256:9FE0497B1FC083FDF392E2604181C0C499BA6FDA2AEAA8A6465E04C528749CB6
                SHA-512:A0C58D0657D8085B1D0BF0FD1990B432A548B943C32679202ADCBC0CEF752FB4266D0C69A000026CF6604AA1DFC9F457F490B175663740D150E5A28332752593
                Malicious:false
                Preview:....4..L.......3...6.`[T.%q..+S.o......a.....9....^.*..P......U..4...j.G....}.....,.h......+B.7..r../....e..G.l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Google\Chrome\User Data\pnacl\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\User Data\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\Chrome\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Google\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\2IUB8g1.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):38896
                Entropy (8bit):7.9948409449365485
                Encrypted:true
                SSDEEP:768:isxub7bRlFmXq1V0BDVs8nwHYBANjN5BFLA1vBOwRwcGGPoBj93:isgb7niBpCH5YvBOwR/PoBjl
                MD5:9FC39E1D122B7BD76EF3464B8A3A9822
                SHA1:83CF5E5C2232DCCFED2E1106D33A6710E3386A89
                SHA-256:601A21DF4A8F952A21D0EC43C93F25C469B60C2D139B415CA8D7F6964BEE08F7
                SHA-512:AEB1A51EC8F3FFDC6806CEE4FC2EED72027F17E2C05A73F0697225E66F9BC33903686688E2B5EB06DD8AC1470B537428E8A5D341B1E1BAFCA168A7523E7D1662
                Malicious:true
                Preview:y.........Rw.B.P........VHx>...-..R........m....-.f....&..-....;/?..(.b.......,v.6.tm.#>wL.0...........:..Wy(<./.d..B.xx%.....4#.s~.V8.../....b@....S..kl.._...7.#`....[.Q....E.m...?%.........p...;;.Ex...p..e...K.;....FAN...E]F.+!...G[S_[.J.._.;+.)%}.B......p.......*JU..MQ..?.t"y.^]&<.H..~....)..6O7:g^.o.'T.|...8}"p..u.u...6R....Q.>...!..,..E.;.........o...(L.N).\;..N...G.q...7.[./.......:..4.[..U....H-n...y..z.%...7.N...<.v.....r.VHE$.f...*.&..-.k..I~..bCv..N.....o.&v.Y)$..Z..f.3......M...K.."..a.<....HeBu....[.i...-.2.h'..c.<.;+...-..o.....'.y.~T.axg.<mx..v....+....ex..........w.....*9..4g.XR?D..c$..'.*..>l..`.^...T'.o.k.....f$...^f3...oMx>.v..Z\.}%'H4.Isq+..|h.~..9.6|$:^f...R......L.!.K...p.Z%....i~....6..D'qd.].h8\..j....O..........sN...Rb.H..LH5.b.....\.!....i..[...#i..-.........v..]...c!.=.S,..1.r._.!.)Y......&......5.....S.n..-..Gz<...g...V,.....>..<..b1...............<2.....G..>...Z...xl...[<h4.J...r...\..J%Z.z........

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\4UHaBzI.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):10053
                Entropy (8bit):7.98295400829217
                Encrypted:false
                SSDEEP:192:GXig3nqWxdwIFhVkZ97n7CEUQ74zV7ptjhKmO1FDRRFuoWIWlRf:AagEBn5gZhKh1FVR4oWIW/
                MD5:74718ECB20B6B9463DD441C2C9D9C3E3
                SHA1:EE040EA3435155CCAA543F8FE6DA6D627F99594D
                SHA-256:87381D70C8B7CCB24F4680E434DDA2797C6B812B1795287F1B8CAEBC4027B743
                SHA-512:93A5D20A7DEA96AE30E0CCA2209685C0221E5E1D8320B91776A4097AECDCA12EB968D3801D4ECB78E97470527AC1B3D1A5446F2B50EB3D4C0453478F96539BF1
                Malicious:false
                Preview:TJ.I....3'b84..c.....&fo.Y..@.T2TQ..g..1..i.?..&.....>......(.`g..v...?.%...f.7Du.9{.XSc>...^O$w....*.].uf..>.W}..W.M0:|...-P..p0..;.&D.......U./.U2........*.'.k..w...~...q-.......b:.$..F9.n.j..<..._..O.c....O.r....^.H..0..F....c..@c....BT....o..Gi).^.FH...j.e./......{..Q".q|z...|.....u......H.{p05..Y..5.f..#.Js.*.i...'...G5.P.*.{....#%.'...7.).s.X..S......0.....Q..wYM..D.AAc2.I...^xBD.{..%..X...e.;+t..Q.FUm....1l.y/"f......b..)w$.....=..Z.5...'6=.|...@eA...N..yr. ~..3.\...=.`8..E!..&......B....B..\...Kl.3..8..o...f..V.=.JDa......P...>F.....R...[.J..d.P....8......P:.BT.m...8..yx.y...9w..-.B..d....^+C..../g........7......GJy........S.+$..@N.......i/......O".B4.|g...ag{...Z..EE..[.t.|0hV..[...<..O.PjlL..]PRm=9..+3.9....d..O..D.7..`'...T5..,.:n2.Wk@.......5,5...#...A..Ao.F..!........e.../.w...g.....Q.QX.....F&I....n..V.~..B.~.9.3u....=..........|.H....!..#b..<tc+2.Na..y.....@Yi.............1.p....H.....2... ...}...^i.....Lv.W....' .l..K,..t.-.3u.5)aY..v[

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\6Je8jpg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):46910
                Entropy (8bit):7.996889865117978
                Encrypted:true
                SSDEEP:768:nqdWzJyK6HnS/Fs4R13mdAKO7ryRLMB+KH/FwnnMuQsiy8msM8bsDagCIJvq8c51:OWzwHna13md1CQLDKfoMHs85w+VEvG51
                MD5:95D98117C344237C7DDAD07CE6A20D31
                SHA1:3F6AB4D7A746E2BD12060BC2B86CA9D4732DAA5C
                SHA-256:FCC76F87C9388BA3CD88AD08167ADAEC6532F49CEA8574F2CAAA513F9E705A12
                SHA-512:0201D6F519E69FD5A8551D657FAA5A5C63BBB56BBC097D2956E1836998027CFD92E48C41F0CF8DE39FF04E9E21F141CA5D5159C5EDE17E2D829A663E4BDDA9AE
                Malicious:true
                Preview:P....U......&.Kz,w.........:}z.......zW....:..{U../...#~".$#6......e*...I=.[.......y.....=.-P......0...N.L...?......K6....|J.6(<t"..w....:...(..T0....l....Fn...!_^.1h;..S7X.E.. y....z..u.R._vp..%/.Bj+.9}..1..C.G..hE..a...L.....@.o1.N'df...ev!_....a...j,.M.....H>)+..2.k..g}..t.f.Aweb..........$.O.\R.o3-.cFzG.+.C.\x.u!e>)>.........Tr...W..Xs...B$*...i..h$. .d.Y.}.9........t.H..D0.,.:.#}.M.C=t....V..!;.8:>!...9d.;....+!..&..F......(.o^.a}kd..M..c..o.K.^............E...[.Rx.2.~.O.....$...=B......XiGqJ.8n`....D.Jc.D^...........e...u..y..a..7.c.p...VZ}......8b?5".]....#.....7......a.^..VG..M.iM.|..]...!N.`..8t.4......n..v.M.......8&..`.,.#...D...M..?..8./.....zg7dB..F._8.F._._..8.s..\(V.../...........Xn.XA.G..^O.`...Z.7'P..._.....2~.h......!.....z.e...q...V...'e..V. <.V.1......i..R....{..G...b.@z^1#.&4.H...6..?......1.If.k..vP.[..j1.0..;.).mX|.....*....[.!a.n.w..jT.tT...v.6.Y.....x.#......K.L.?..SiN\.6.{1.$..A..#).R........?..)*[g.S."..2....L..m.

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\6RN8Cfz.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):9910
                Entropy (8bit):7.979619097583325
                Encrypted:false
                SSDEEP:192:hx+uOyE35EQLJldhPKbvxKJLGceGH2NuyDXA3jVVQ/IV+O9KUqRq52ADxuDJvu/T:hyVLJldKxKJLGcei2Nu30kE3aDDctL4
                MD5:FB51A74F19302E34B501B57248F024FC
                SHA1:229C75EA391C206D6C4E540E81E2828EE6B89691
                SHA-256:C8610B46D228F1F6E2200C47A9775C96140D531D2B092A59B5A3205D62D05E72
                SHA-512:D3DB3A84105265A19DBC18761740C795DF41E243302A907C9F4313E2458FAB6765DE36583CE132F3A123FE0C4F2C0FD6D4240EF23558104DA402B74CC3F953AA
                Malicious:false
                Preview:M..KO&.`.a.+M..|.T..[.I..V.8....p....>p.*H/.<fb...{K.w......V.3"[#...+..;tu..".......>... ..../B.V....:..;......1..H`....N...b|."...`;..`fd.}..."..2..c..V...Ju}...)t..O....;.D&...5b.P..6..<a...R....1. ......-...H#]>.n"S.=M.'....Rj!*...P.>E.n..T[...k]......B.......#[........3........8........\5J*..b2..@}.........W...D.[.\.G.~....+..B30....a...QlH.F%...^......._..WRj.>?....m....W.o..........C.;.@........P....MY...q.Q.....!.r..6..f.t.bjod.....Z..x...............k1...D.F.Z.z....{.S.^+u.._\..8IL...-$...#;{o.......(.......l.h.Q.a.|!..FRN.,.....6.>.W...)..n.)...$.......^.?....gi|...Q..%J.g9....O.3...|..LR....cE24..).].DA....2.8....t_...g.+..k?,(A..`}.. .7$.j...ZJ....u.F[l.K.C.g&...=...t-.... ....\....O..|.Me..x..L&...M...t.NY.....5..cwmqBPdPo.....I.X..b...6......:..Y..../..Im.R...A..%..;..!.V......O.t.0. 0%si.......tD ...'@-.3..[.-...G..P..F.i..S.o..q........P......%....@.?A.^.2.......#n...x.dy...<u.>Q..[e....Q+.&BuE...QA.z.....l'.....*%.

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\RveECxH.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):10046
                Entropy (8bit):7.982480124364539
                Encrypted:false
                SSDEEP:192:eCVsUYghv1NMssgHCCfKU8eEzotJX1r6r1zq0n2IkrEFwUmh3cNKlnV2:eBkpMWHKUOAJIr1zj2IkVQK/2
                MD5:BCEF0AB47910DA50A1EF02BE97927910
                SHA1:A104332D95AF501684B1BF18A212A095F51DBDEB
                SHA-256:D72F178078C3442736FDB95CD0E6CC429EEFF365F60B4BC06F15B5B95CD6510D
                SHA-512:1FFF3FDDFACA1E2040A9B9569007AB5B12E44F500A2ABBF7AFC3D5215F76A24832D05AAE640BB0415694DED43734AE0B0B350C0F9F1D3FA71757F01BA0C77128
                Malicious:false
                Preview:.o?..B.e'.Nd_....2QzU`..>...Gr.U.=|.z.W.T..".d.....w.a.r...A...9z.2.........//.].Aq.F...V.KD.......2.....,+?/.).....k...<....(.ch..l#.;.X=g.*..n.R...YE.....@.........5....v.._.....-c....w.6.....Jy...[.B...!...&.#....n...g7.."..\..w....o;..r.9qfJ.eB....iB.dES...R8...7.....B...ep....G.U...(d/....H.i.SbQo....H.B.(QJR.i...j..!".x0Z.w..OnC#.9..ntdA...R.gZ/.f...E.yd..P.P..>Do..Y/;.zV.\X..1t@.....#...R.?/JY...|"7..SXM......`.6V(..........J..|.h.!.s...fD.q...Bk..K}.f.B.E....Y@*.......+1...?,1..8..XNL...^%..u..x....'ab]Be.P.\.j....*..t....G.x.....q..Hs.........D.B......'....X$....._..r4...a.{B....IQ....g...&..(X.sK.d.&.`N4...2...r.....9..?......./......;M.-Z...W...)<~.........v.....6.Z...6uy.n...K+...P...".).....qq.........k"C As.a.]...4.......y..<...X...w+..t....S..e.D\.W-.&(fg].@.ok.....R....>dK......D.....(k....?.@G...^....g.........m..+.)...O...g...%."M..9C%...~j[.....P..=.5S........J.......n.q...g...+;U2.._.A...R]...G^...n.v5..U.A]...

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\XxQQXQB.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):10586
                Entropy (8bit):7.979652505731409
                Encrypted:false
                SSDEEP:192:nh/r2kVEfg4mvHHwcxZQgFifVz/HXlNbFFbeh8ajeCvZnYMa:n5lBxnwc7QgFSVNLqVSCvZnna
                MD5:4644C0C5AF1E84EDC40D11A312B93089
                SHA1:7A9768AFEABDD1ED1DE692B6828DEF2993AACC48
                SHA-256:692A870110A0F2DDA65E086152A3C705A0088F613C66C7AC81E44F7470FFF4B5
                SHA-512:B2AA90CD35CB848AA78430BC9A06A08C58B4B8CA86010E82E00F73B10FBF9896D9BA2F4011F6099E30499A08CD8CC515FB678F6CBBE228462A45E44F455A9515
                Malicious:false
                Preview:;...u.......&..^0..;/p...qm.`..j....J:.{.t.w...+.q.n..+!8>]..).9.:>...4N..-`.+..o.>S...}g.<...%.....f..g.>..(.~.-.'V7......D[^.L..1.z......Ao<}.7. m...:..x.H...@..7K......8..mM.5....H.....t.....;E^...TE/.okcV....*..i.o/.r>C.I..6Xr.#a...X..]2.W...q.K..........h...r..I..8.7.jA?..}....;..........(.;.3O2.e.~u.|.._.....K.+B.....[.C.4..0...\..#..;......../D.8..[vE%.{a.N..2...GeiV5E:g.S]...GN'..Z..L.c.....H.L(.IpF../K.....xE.......i.....=".....?..J....6.......R..@...r..D...<pRg....$..GZe..:l.uH:...7x.r../.E....].r.13D)..D>..O.1.<)..-D..NZqUT.....^....BH...l:.8...v..K.D.L.\.....En.<...-.i.T.5.Q.c....R.-.&W=r..6..!b. .h..^..]...6.....*Y...p...{.......M<...\hh.U...O....x...&.;o./..D.v2..W..p..x..^,.8...G......vD@ f*.a.?.....=..._p..3.F.r..z..B..~.n.S...X....D..].[.j...7.?.#..o.PN.....o.....2.c........()..g..8c.H.G8.J.3.-.}...)%.\.P.t.j=.X.c...n....J...F_(2...X.6..............0<.W.........#...........ZlQ........q."|..L......(...:...u.c.!I6..Um......&..A....

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\qkrZtuT.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):10166
                Entropy (8bit):7.983184083805262
                Encrypted:false
                SSDEEP:192:atwasAJzfPisFcuBeEca4wm0nwhyIq7Ff8JntIKlxe9fE6C5/SJYMGcHgJ17:u57lfPiwcKeEr4xdwIml8dtIKl0NpYMU
                MD5:8FF8E0E28508D9E12476DF91F16365C8
                SHA1:C4A1EAFE777406BFE986C5DCE3213566EED5BE84
                SHA-256:0EC6B910584A89910B87B4D474E5005DF21557C61BDB36C3E3CB3ACD56E69786
                SHA-512:7EA422AA92458860C2087342301F3D3FDF35A64BBB7C8A333DE8172580D5C182D636920003DBF8DDECAA45E01A4FD6EE4C43A48A76F30536B4D549FA342CDFDC
                Malicious:false
                Preview:.>.....W..h{8.Sez.V....8J...5s..QP...,#.Q.&.....E..#.I.x....T%f..'n4..j.P.....g;....{.......l'.r.....B......Sq-N.CI<...U.=.w.&..~B.(...#.....y.f_]S.$....jzJ..kL#@N....,../..6 .`.@.z..V.3.d........&z..J.).)....+J.l.@........K.}....XD.. [..z..*.....%.{.....\.+..q..i.Fi.E..1esg......SD&...v.........Ol.z..S R..+...r.q.......c~.0...l....]S.).y...........m.)....p2......uu.?...s....WY..{.IL..E...xx...9.PH.3....<....u.C....f.....d..U.Vbz...F..r..r.0Q..J_...._4&...IA..T..-.4.{g.y..ox...,..2..:^!.c.u.&..M./)....g.........Tv.a.&...V..v5..i...e..L....H ....X...._q,..i.n.%Fx...,...k.G..z.1.N....T..4H._...Y.aJ.....a..U!...g.i..u.>z.....7.O...m.I..]?..A....$......7...~.3`v...U..y......U..Mj...);...u..bmK..c.69.F.....4~\m.n. 8o.sg.... . .......\=l.....n.....f%.<......{..v...R.$1-.c5....l..n.%(.+...?...{K.\...-+.lW|)...wy..M|.-.d^.....}..v.-.K.5P....P.W)..<O....\.&....%...Se..-qS<. .] '.. $7..ni......G.!=4.,8..D.f9&.>,.1...I5...7R.7A+>.....*K

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\sV5wmvJ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):9463
                Entropy (8bit):7.98304853560613
                Encrypted:false
                SSDEEP:192:Z3w3f/xGAP94N601swAh2zxsm/ce/BRwT7/m0Ak8cRLLGY:lw35SN52hmRXJJLk/
                MD5:CB5D717AA94E7E4FC361FBD260E92E15
                SHA1:2D7FA66E989450AFF5060334B48F5244477EC39A
                SHA-256:210D242206079A92490F070DDAB55FE0C2F5D5EF99AD4656446540A6980231D1
                SHA-512:DC59510045D2FDA90A28DF417995356E93B68E13D5622BA84944FD964ABA95633544D7E329E645DC5E4C79BB162D5DE773C88B8E6AF06A0ECF20B7E16720976C
                Malicious:false
                Preview:Q......Lq.a.Q}.....v....Dr....L........D.{..,.SH....K...<.EY"?"......)N.z..{E.i...!..."S_ry.........!.E".o1....gM.O.V;."Yvh...r=..]~..Z..x...#..?..HH.W.x....m..........nQ...`3.h..0.T......4i...;.k1.4HWo).6..=}..x0...9........k....2..{..g>...MB....q{.......L?.t...Uj.S.2..h..z..\h..?....7..;...5..(..(V..x.$Wj....i_.oJl.9....>.......>.{...1%O.v}.L.2....l..].3y&.yPx*....5..Qd.Jy.?b....[2......HmP.,.....?q.6..Z.3).....W.y.-B...b.=.+`.Nk...2...o.i.*-.mZ..t.f...4...^Bd.].J.......C..M...T.tK...g\.oh.k....<...D.,/.........}6....v...>...Qk....O.j...........W.4........ |m2.,...Q...C...(.n.yW.$nw...+....o... -.Cj..F(.8.....+.WB.l..q...8rL7.......C.i'.T*.f.+..N..|[.....92.....z....$..W.zb..1..{Qr.<m./k.#...u.....lx%.c......r...:0..K}b-.+.u......b..Z.9..`0..`....T0P6....[.KN........Z*... lk.......c....uv...a.](W!z.....S.%.....z..d..+..x.}.w.....xQ(7-ap...........g..-.!E.(...=....<.|..o.B...zS...Z.F8.2F.s.'s...+.T.]1....mR.]...M..G..g..m....&].U...

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\yW0rnhx.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):22171
                Entropy (8bit):7.991674248136904
                Encrypted:true
                SSDEEP:384:awPzpHQUvE9FSCumhIDXf7O3mR2NqweKE2dPN5CY/s1ePcAkvMtQ:awbpHQUgSlmKDXaWzTtwNZ/sY0jvMtQ
                MD5:79864115D60B27070D5517F0069204D2
                SHA1:1730248FAEEED2D57759DA11B7DAE1C6566079F0
                SHA-256:05F9B3AFC117CCEE3FFA26452B4732C27D213AC000D7F53FF4F7318B38D88079
                SHA-512:1881AB03C4CB65884ED83B7F98D1D2132136D45BB51CC914CC749C0D740CFDFD145714171AD74B37348FADF916CBA8B56D3505CD654DB71C9F20BB08195CA008
                Malicious:true
                Preview:..........).....'.m.X...hN..U............._?...H,...[...Jf..........k|.].D6.x....ou....o.0...}....F.zc.m*xQ..\..<...#mBS&..w..n.fB.".....Q....j..5kpIcx.....V.......G...F.-B.....5g*......2..U"..m]k..u..).!..P..s...f.{.d?...<....... &.....k...b )..K..B...#........2..Cwx.. s.r.B..E6..Nt^=.Z..LNwd+"n../...<MR.g..<l..b.. .R..S..2.8.9)/..11|*3..(.2E~..e........UB0..G...7.+..\....K\&..+s.x..6...d.G.V..x..VYF.N..2.....JoP7Y..9n-....W.S?....T....Up.rH...65Zr7.9@.....:.p..jyj...]Y...y.....z.x.2.&X.<...d^.|UN..kc..|=..^CPUQ..8PBI...<.0@...7.w$....o.7g+..i..tA....7......D..s3w.l...8Y.......T.v..p.-.5k`+....I.hW_&....wc...B..G...7..M.qV...........ld6...L.3.t....KN.a.?..._IVo.P..a..P.h./..c#\...+V....S...n...3..C[..i.jqS\.)..hd.w..3..L..V...............=......F.&}nOcx.......i..5....w.g.q.d....N.....<u...QP.&p..$n.(...v._.x..r..........g.f.b...g.l.:=...n(%b...\<h...........<.E7......pb....<.o...t....H..?...`0.~j.>6B.f..m.....w}..Za.4z........2fZ.....<.i..

                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\yj77O9P.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):10039
                Entropy (8bit):7.983617064584519
                Encrypted:false
                SSDEEP:192:PNDbz960vVjxljJJE6WZtE+VdiYsoFz5XKMADAthiXQD9hw4FgxhdOe6PKjhfS:PNz00BxlcxKGdizo5ADAthiShwBhoT+S
                MD5:C55FD405159BC3DAD5AE9DD17F2B0046
                SHA1:28848AED9538AC5730651BFAD9FCC792A5470999
                SHA-256:4A255D84A9E4F41933F2169B2497A93EA42AD03B1919492018ECD455D613A1F6
                SHA-512:4F76F32AA7087101C4AB778E4CE51D0031E717FD7B738D9BCAF860C491996785E0F18DC4A9B79DAF06FF120E3E35A89CDD9736EB49A31BA99BD7DFDF98512A82
                Malicious:false
                Preview:9..#.)......w.@.v..r....{..D.h...u..M.}...S..<I[....V%..,m?...@..#D.:.R.r.aH<.)1B.A$..J./......._+...Q.....P..JX..l.v.8..M..<n....V.=-a..e.\..%.l./n1T...<.....)..zY....DO.......).$'.k..;o9...Z...56...pM...+.....u..^F...^....._....U..D.c'x...?5..O...4...o..j.Iz...U...X....)w.......Ryp..QZ_.?.t.sd..f..xb .pm..Z..&..l.}@.).^..Q.3...|.K....J.......... ....C5...(...zf......%...C.o.......R$'}<....Y..k.L...#{..o.*N...xKXa...K/.l5Q.Ad..^C1=-w!{......(..w....... @z....}.Y....|Q...Lh..k...@...+...$y.w...`.g..on..9.K.u...Y.q..3.|..:..+Kv".b....O.S..<?..s....[..%td.....UJ..L..C.]).6.|.5...4v9...[...i{`.|4.+.;.C.^.l....v{..dg....f|.8..O3*...../0..I.E....j>...mI..I..c....d...<..w..F.%.....@(.........m.u...e...y.'..\...\.].H1~..../......I.@_.....2&.k......T.....r,KD.M.6..n..N....2.j...:.....[.3N......P.B./..5.Gx.pG.-....1..0....m1..y....U........<.l$w.+@.....V.n <....P..U.C!..`/....c.!e.a....+B.6..&4...J..rP(~.....ZQ.;Q...KU..\....o..K.*p..}..18...o..=G.

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\A7YskpL.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9792700396044145
                Encrypted:false
                SSDEEP:192:DAYdo3sCNcfHsOKhtp26sAydQynBol5Fo72Iv1OVXUimvZh7p0JMROY/OQd:s2yfpRskynil5FWvoSd7uyROVo
                MD5:F0C35A33998E4EF8FAE805E6A772C0E6
                SHA1:FA0B1EFD34CD6D136B10DF69B539450C100408D6
                SHA-256:07A6DD41E19708BAA898805C2F29DE504D568619627CF7EF49606ACE00A01B24
                SHA-512:A77F0445785ADADDFC99D31C8AE989CC0286D9ABC46E4DAD51A126383FC2017DF44FC4D8471EB2DA98DE6C5F5655B0D14E008ED5C5134FEE7B25388D63B580A3
                Malicious:false
                Preview:...UUi+.....2....@......:...1#.<C..IY.]...i...~(u...V..H'3YJ.%..`.......O....P.....U.\..C.+.zL...#34d.m.4...{Y.3.W...&.2........^e.d]Q.i..Kf...%fT>.c.......n. .....M.Z...m#,....."......c.Q.!b..\\2.I...>w<.BEi.)..%...../...d]..%E..3.{R........w..!.x...&...`..r..6...R....H-...jt.R.Q.`Gu..<~....&.GA.U!.D...=.0.L.&.c..^...'.V.c......I5.S.~K5..p.W.v...........R.r. _.[+....a..B...2...w.]4>!.*...'..}..Ku.u...z-.E.d.=..ZCE....C.^...=Z......y.T........dH. I.*.......G..7.r...R....Q..\8..x...-.bE;...F.3..VpOB-l;...p.I..2..z24x..@`.T.=.....A....X.z(...PTi.C.NuJ.....q"jC.{5!.....r.g..:[....b..4.(.x...!/...F..<..P..J.h...0..Y.4..t.p...9.[.}g..%.....W$...1]..+9..F..^.4j.;{....~..u.G.{.A...!....y^...1...|c}.V...z.0..t.s...J"...C..E....6..Vk....V+.5..'<9..~.].EqC..K.e.1.YK+.Tn..5}.f...v..W".|..Y...hh.+}|.N.s.OA...?p:@L....m;..n_o}..8H@...5....(..j.Y^......G~.S.v@.....;3.A....@..w..R.\X...8.....!7K...|..5M$h..t...KuWl%..Z....I.. WxA...sk.B.5...$

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\MZykJ1q.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):2639
                Entropy (8bit):7.9280486581662855
                Encrypted:false
                SSDEEP:48:AEN0twuI3e0wZatOSsdyI1OjVi+mR8a+N2vR6EGSb/PDgUzxpwL:zNT3zw4rsdX38325fgOy
                MD5:479B62609C4E522620E71064BB40EEFC
                SHA1:1AC661ED9FA81D5C1EAE496D6F77271FD3ED35C6
                SHA-256:B4A98A2177B674AA47981C6D4D14D33420A29C746A41904EA9C9BE0724815709
                SHA-512:81365A5308CDAB1709AD97542A6711EE96440BAC1467CD656EA74853B1CE065AC5C8DC114BEFB7B31DD9EAC14790D21258D985796A190F30A095BC5DF9F45298
                Malicious:false
                Preview:.....6..m...X.}...m.#.h......{c2m..$...../k./.o0....*.9...I]..X.O.hm...@v..Sse.G...?m.9.<.u?...|.Ct..P..N.e.;...I.G%..0.........(.%..9.E.V../a....#...........D..T.."...qN.6 u..>.......Ik...;......S....F...8%9.;.a.....$.....x.Dm:L..B4.......qM......<<t...NY.......>u..A..B.tR].P..*.G..*..d.oq....$.W>U 10....bE.......U.K.\...m+.]L.H.rQ.H{....~;...:Q.....+.....I+..o..1..*.9....82q...l%..` .5i..D..g)...=........AK..3kF.....S.....f....-%.o..Am....aQ.8.$..c..B.0.;...BV...0..hO..\.$P.h.Z.g....sv........(..3......F.)....^o,'.Ml.DOg..q.{G.b.......2.1!C....V..t..X....".G..)....]W.....V...........l..M........WKG.r..e.Bj....%S]q$......R..G.../H.kC"J......S|..A..b...-.?..GQW"..i.F........X...+0.a~|....R..I4..V..}i.X.rK{t2.......a..."....R..O..o.Y.4..EV.Ox(F..'.y...2O.0..c....`}....r..E......m...H..\<...(..5j.......E..P...T..0'...}a.L!.<.I..d.(.7....)..z5..?.....yz&......+.. PG.<7..V.C.dX:..*v....#;.."..~....cH....v`.UL.J..E{..W....=...*..~.9@...g.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\SSVunPU.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1866
                Entropy (8bit):7.900851711409537
                Encrypted:false
                SSDEEP:48:7UuWZLq1x7Wt8upj24kBAElbRG37Zz9cXC+oqYKhL:QQjWz24kBlRG37Zz9cXCKYA
                MD5:EF86C5A32AF0E54CD2F90E9D7E969CB9
                SHA1:8FEB2A0E8CBA97ED31E86DF7B47534D5A0AF880E
                SHA-256:9E77040998915AC9ABDEE71062478BECC4759E9CFC17BD84C89A7001CB3C57A5
                SHA-512:78F0607C3BA245E35D948FAB0B5828092A4F5C199747AFA3077BE85A85BB72F6380CF0A5EA39491E9A4D91AEBA6B213B98F0AFF5D325D2C00BF6F470348CAD74
                Malicious:false
                Preview:$..M.A.!E.5I...n....q..(T:..c.hm.-....Y.....w:w9.s.~.3..|V...*.c.Mu...>...s.....`.2.....f........D...F....:.b."Qh...y..Y./#.y.....v?..^.k.W ..R.t._o].~Q'...&......*......B,.#.q...$..F..X.-.W.1...G...Z./Nhi...N.......}y.Fkv].foc.t.S=.Ugz..#G...!hL....a..5j..K..,.\..:..F?.^*..N_&k.....Ra.1m.V?E..vC....p0....}....{V.... ..hz.]9K.../..{...a...-n.!0.1.:.O.EUQ..[.u.e.wC.b.E..5m.4+.Q.iP1..&.=L.t.H...Hr..`.....~S"...{.....t...M.F...B-,..6..4...@.~.*..R..S......Q....q..........B.G*..;.x......?.2?.Z;.C.8.......M..F\...7..v.i.QXA\.b.;T........../c.S.{...=.R..O.M5.Z3e..W.Z..t...0O..:......fh.6.q.1.7.T[O2l....{.f..RU..R!.d.1@......,Q.P...!*3.]:.n,.....]+lW.=..s..}\M....m2<2Ip.`.U...c.."st.,=..........?;...(.....h.!./f.I.)|F.op.......0..=....}.rD.y..Cd...7.j2R..x...~A..t.$...%$&..?...........)....!.......pw......Br.p._..-J....3...!Mc..c.W9.O...[\sW....8...!.qgs..d.........1..VPH.K...R..s[.a.\..Hj7l%.{v^..5*.........6._......+b......L.....X..@H.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\8ILBxKy.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):2647
                Entropy (8bit):7.935889372546881
                Encrypted:false
                SSDEEP:48:13zyWDkgMKjYRyHFkEWUvJmR4FdT0bVYU3Kee15//ZPGMFHvtxDmb7cL:GPKOUWERv1dZU3O///Vd1t8O
                MD5:9285D7775D222ACAEF98D124C6A9B3E1
                SHA1:47B7C255CE66F29040ECB7F4F1DD67B527F439EF
                SHA-256:4F431B46193C2D52688704901314B8B5011B890D5B78B555AF867483D2BA380A
                SHA-512:196448FBEDF3C903D43474A41EB1169022FD419BF2411D0CD28406B9DB1753899A2BB2653B9A657BA888002AC703B9634CDA759FB1A2BEF5DBB63E0F2C374DCE
                Malicious:false
                Preview:..UH.....kd....:h.Ly.j..N9o..........u....y.....,.........C....,..~2o?.ef.[...y].W.ss.v.e}.5.."...1..`.W....<F..;.q....1.Q$...Q"..O.+...,.88K...\]f?.m.&#Bd.j...Sn.....z..Y..$..k.Y..}.`>.4j.eKH.f...........Bb.?..L..].g?..?..=.{R:dT..D..]..[..S......2.:1.... %.o%S...ovx..C...8...3....<...SW.H.~..|..B.a.pf...z.>.#)..-.H.syi.....l...fO.....I...-t...[y....sD..T2B...~T?v....\..Q<l....{..l.3..d....9.i...j..{.i..s.....1.G._DN.......J...H..w...8Mb.....oo/j...<M.....5..~.p...F....r._a.}.0..E..L.*.....:......v...Ap.-<.~..N.5<..)....;.P...{d..C.1pmM......W..~.K._..<.&..e...!4......zux.5h3..#.8A..W.;...vi..^Z.<T.......V...Dd....k.9.7.`............m.:...l....$.....c_5..F.W..n.."...&...q..tK..o..-..G.X..9G...;..h....x..<..H.F.....S.w...G.@5..y...#1..6.af$..!....,.Qu..1.........(....5@.s.<-.Oi8.]..y&.gC.^....#..'..V...._ft...Y.@#.. s...g......"....D'...=..%Om.}m...S...j...-...K:.bB..@..h7..ds.O.su..[^...^B.......C..p.>.$.yr3.F. xh..>Ci.. ....l...-..~..v/...

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\zJzPAo7.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1816
                Entropy (8bit):7.904217935889312
                Encrypted:false
                SSDEEP:48:gMUS4OJT1b4fRG13CHVsHPQ3iCtPT2E0L+c5+a5XL:L34zRm6VsH4N2/+a1
                MD5:3F525608BBF9F5DCB6D0FAF564344DEF
                SHA1:991ADF40DB256A6D65449F9FF74813BDBE856FE5
                SHA-256:8FB8CD876D103CA4B4782FB49BDEA2AC3EC800A1ABE83A62ED1D0F632819464B
                SHA-512:16F80605B882B9FB531A72752CBCE180883D7A21F0D7D478F4570AD619939571BA25D929A0E8A6C181C26640258BD4F979A724FE3E28DEB718369814CBE8E52B
                Malicious:false
                Preview:....._I..).....u;'......7.N.....F...8.........L.t.!."z.}.[?....z..].......r.. .I.b...u.O........)..'8.Iv.t.O...L..YM...E..O.OB.M.I..0...B...V..X!*\..d(d..e..._g....Yh..6K ..w.[..yc....5...c...1.....H.....-yl../.@[7..-z!.v...r.n..w.......'..............4..03L<].........W.*.R.$.5H..yf.p.....n..?...P.....N..2,{...\S....u|S."..m...E.nQK...Vj.....P...r4.........B.na.".0-M.......a../....Dz5.3'.X.................%r=...J^+..6/(.s....5.u..YK.....D..:...)8.....b.f~"]!.#...off>.E...l....<..P.d......@....U.G..X.KRl.I.._NRuK.4..o.....iZs.HW...s`.*..\.D.l.u>7B.s-6.r...<.)...8.8..r.LP.A.L......Ya..hTm.98..$y...Ex..9..C%..}...AJ.._..7........4....@[.t.Ex.+..%V..;.oV...7."H...oU.q.t1...X..a...|Tb....9.[>....@..._..`.X.<..0..i@i.T...j...,......D.d.i#..L..|j.B..,.............m..X \.Bk|.v....S...H..C...i..r m..2....`./T4..-4..)~.2*vi.0....-8.}H......;MA.(.f/..M/*t.....{.e.d.JS......q..7`.......T6.ydY..<.......epEx.....=....X..zr.$..

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\eKWmn1v.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1799
                Entropy (8bit):7.886098476629378
                Encrypted:false
                SSDEEP:24:PF5Hnc4AMFihojg/tmo1/WvEcW8kynpFOOcspsemZbzrsT+cq6MsoGChnne+xEn6:r84hj0UG/6EcGypI/Zcqsodx0bkL
                MD5:FDD0320079B898389D05653438F0C6FC
                SHA1:FB0A82110CED28047A35891106D30B4CDC9C33A1
                SHA-256:D916E234E164B4BE9696A95E05555C7579DFE7A94496FF61836BC3263DF8AA33
                SHA-512:F4915966816293609B0E54F2A1241CF69ABA3A44E51CBC998A81074D8B5327FC1F92190EBF6587B136B03F61A9B2F3537ED45596B2970F22EC3A116D8F812AF4
                Malicious:false
                Preview:..]...;.i.d5...9n..7..K..A...2......`_.4...G....1..,..]m."J..J../._......E...7.2.D......s..\.:.)^.&|W.I.}>..]]......^.M..n..5;...sG?.'.Bez.m2..P.[...p.....a....Q...Iq....Ue.=i.zW..;!~]....y....B..G.xOW.buB...Q.l'_jnet.z..Ix>....z.....k[.........SK@.[..+...Vu.C..E.dP$..n].:.....b.mN.%...7i.0...........8\...:^^..z..l.\...[L..I.b>5iX......&.L`...m.._.@.T2>.....(...;.26....K.o.Y.oq...r...^(/K.)..#....B..C8+,.....C.%T8IOJ...(.j.e..!.}..R..a....g/..:A..,&..I....+'......g.z.2....|?....9.,.kn.j....$.:......].m{...4...r...V0l....?`..2..Wyr.{'.^.'.1\......0^......I.....f.8M../........[..N.t.Jq\.MO.4.4]..=.8.....^.(.>.[|.......H.H2......{.}R.w.]..3xc.5...H.....[wR.9...b.?...m..Rk.....w.i...)..VJ.y.7z.x2.;V..d...?R....K..4..f;...]..^+.:..u1..3..<..h.%a9]..l*9..b.]n.3......G.H,.s\.3.c?l0......[.hNAo.._.d.P.!..I.8&.P`pr..nt.....p..hh.JQ....%......D.%.....'VZ..:c,..D........M.r..v...qu.k+....... M...&5.'..i...R}..4....4)A..y....>-..........K..t.X.

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\vyM7vuW.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1352
                Entropy (8bit):7.837223123426595
                Encrypted:false
                SSDEEP:24:ihSUmhyoR7frJ67YXti9+Ds4LS7FP8kxJL07RDn8LwtU5jxN2PqjxGfHlU2uD:CSlBR7N6o++Ds2EPp2Z8LwsNMPWMHKL
                MD5:1B50517105DA6FB29CD1F89329442782
                SHA1:31B297F0C73D38B89B2C383FEFEE6453D7383A5A
                SHA-256:939E42B36C3577CC4DE874AD420AD4D4DB30D4897F608E259BBF6803BDD97438
                SHA-512:AFB2D39014384B79B572B68289AA6B5E648DA3C13BA53121AD181FD52D568499DA06ECEE4C6C5A827D39495471B8C819D7AE5D7B216F4201177DE75E48A2E338
                Malicious:false
                Preview:+(..V.d....r.5".?.M.;5."w3.o.8E.?..,p.P.u.y.....k..$.*..=i. ...}MA...'W.#.......g.@..Su.T._.?..u.&....A.x.o..N..j.mA...5;.v.OUs..%.G..N.nm6........G%.....o.....^..........=n.....#...6f.kp.|.w0.6.nB.P.*..,........d....h..}.T....n...n..[....8.4..$]...../.Q.!.........u.N..=0....#.7........0Sl..).@...iCPd.=#...P.^.:r3m.....<Y.....L..EM...h..[....$.`..C.f.G..........W.r.9.43.!=y.U'..n..C......P._.....3B.\yN=.G@C...&I..n..yr.%.%^./.........y~..>....w...]......+;.rg...Ky....-..^9.t...../.|.. ..7p.#k....:B........A.......4...D\.........=.F.|.$v.,.x..*T....*....>....M..,SS.;.....y.Q.B...1...V..{p..x"....[t`.....D....../..${)....KV.}.......o.|.K..FO.9.4....q.<b.g.!.Y#.>...[g..|.g..yD]..jpT.x.tg|.>.#.rX,.....m.cf.4..b.....[...0i.h..a..u.`.^.G.....&<t..... -.........W.6C..........m.^.......X..5.>[f..@.%...3@.../g..S.Q...R6G.........$..~.Z.,./.....V...4_.).../*.. 37\YV....%...yyPV8&T........R.2.;.#a....U.k. O&{T.../.........'....4:|t..

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\ArfXcIA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1299
                Entropy (8bit):7.878252063192605
                Encrypted:false
                SSDEEP:24:5+4JYWxeQ0S85z+zylMXwPLCdazQptc0/3TV2XBOU/i19j+jNiU2uD:5+43J0J5z+TXkLCfp9TV2xOyi1d+ZBL
                MD5:7BF8AAC56AD5740E47F13619D39D6764
                SHA1:33BB01551292AC13E13D981497FD96684D3EE799
                SHA-256:43DBD361AFF212AE4DE4852E6482133D453CBC60A8EB75399512AC5D482203F4
                SHA-512:4A7631D83B2283CC0A3DF04077DB9C391429CF054F9178FA54311B0356808C0D1B35BA36B034558CA7AE2DAAE99D7BA6DBA5AFBA6586C4E0A85B937B74D80C8D
                Malicious:false
                Preview::..(.6....8.U.K..u.'3..4........k...7Z"..z...v.;..7y4+.Ls.&:..c...~..oa..[4..-....o..ZD...TI.E.a.5&......9[j$..Z...e.i.>Q......n.......W............[...=8*...g.b&w.....s..`.A<..).hC<R.\&.1 .L;..r.,..r....BX..\...2..U.d...!8..q.....*'..D<....{.E..4@=.j0..CE....X...a}@.j3..@.g..d.X.rQf4E...7.IJ.d.i..._@..?.K..C>.wW.J..".?5.vFj...].....6..PKe..K.....t.WT&....L...#.6..7./D..1a....`.,.$.U.,..6..A~.8.0'~....#B.......#(..D..o.e..q.-...m=.B...6)......6..ow:...5}g...1..S.sZK#.h..5Z.....g..g....P@H]..{.ylM..B.z.v...[].`.HX. ...Uwp...B..3.`...u...P.).u.}.PjjO. <TBq.............|0.M...1.j.;......Y.f.3..O..wM....[...P..J.:...5......=.z=..\.;.e\.WhY...G(...QH..[E......g..x...X|.p.D-.Y...2.._..m.DZc.1.ox&qF.x...3F..k....42-.'..........}.....|`.........yj).4R...U.l..`..y..:.G.r.7"._...u..n...........7LR16M.x.G......-.5..3.:.....-YW..Y.....Sk.z.>g...'..]....[.J......h.._.}..0..q*6.z.....y.....b...i.*.7...........62...|.t.%H....E.=m9.....*.Z.r.\.Z|/

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\N2YtmhT.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1695
                Entropy (8bit):7.874822550114988
                Encrypted:false
                SSDEEP:24:t2aZxsPZrbMeU2HxAg5tKHqa21BEy24yAyKFIG2V+tKtqUGVFslK+xEbxfiU2uD:t/sXUg5cHExyKaG2G/HFslnxuBL
                MD5:2ACDC9198F8563B97F90879B1A36E59B
                SHA1:61378B54070DF687D14C8E96C6EE13BB479EDE4F
                SHA-256:4E802BAB5B8BF5C2981AC44AFC4DA722EA42A19F96DB89C39C11D7F781872826
                SHA-512:7C929B7BE6163B59D170D6400513155679ACFE14B02D38D08B8E3148E99D3ACF071FC9C3593CE3D31C197F942824150B6F0560BE216B6ADE7CD64E97A74CE29D
                Malicious:false
                Preview:yed.l..)]...(.........M...x......y.{5..d.A.L\]..d...?MK.X.......o?....0...[.<...g%..h.<W.`.o..&X@....V.t.-.F..Q.Wt..kb.N...h.C....U.|..q.5..3M...../?P.....2....Y.n.vh.._.H...w"......v..e.;....:>..j.J....O..6.....Q.`.q:.Aw.n..?..f+O8^...h8....'q$Hl....:{}.'..C.lCp...?{:...~...........p;..2.^.F..4.6,y..4....MwG.7."s....f....LN..q...~pd..5....7..$V%._ .j^.)..n...A..P..-..L..`...&...J.. ...j{.Jwf.1...m...#i......[...*...eWH.,...yN....l#.:Y.1.hb..#.&>h.y.......7c.....c...;E1.&.....K.v#./.J..aw...e.=......q..V............?o.....K.....[.2....|.B._..j...c........i....I}HD....:2k.T._.3.$dx.8./%b.....@..B..D_.}s.~...........k.(p..;7.>...1d.... .t.x.[........).R;....G..>.m.k.Q2.....P+.?;..R.M..$...'...`OKQ.K'....-'.\"...m....5..._.B..GUA*.m.k$...F...!?..b......>.....Tq...N.r..b.V..t....YrFy(..R...# <$@=iL..._..D,..6F..>6q.G.8{]....+..... ....pn,..wJhM....N..N|U..2K.M..v...'rQ..I...0.F..........*...a..#>.c...(...-.D.Y.......j..\3.....~.8...q...1r

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\1lESn38.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.974675470067079
                Encrypted:false
                SSDEEP:192:qYdTKW4WYsAs/hKcvgmYkFYJnAqFuKqfVZksTkT/TkceBWA4YmG:qYtTgmYqY9dQtW1pOW9G
                MD5:FE653B18D8AD49FD258E23E6C2936B30
                SHA1:9F4B6C2FB3F4D4F38902FCE50FF0528089D13B84
                SHA-256:51E9A44526B5A4903A85E8BFCECAD5C0894172ED501E86689F821F79D2C20EA5
                SHA-512:A7F1019BCE58369D9684BDC920B8746E91E75419E3A19FF9ACEB451EFAC53CE11B85FCDCA9A6F0A6B161C33E9B9E9F49208F3392D145DF9C2816A8016F8FDF0A
                Malicious:false
                Preview:....^.....@..'o..z.B..V.*|..u..H..h9.<....+,.[s...9.$.B..?.....b.;rH...;f....(b..,..^.3.m#kB.c.A{..:...].7.S.[.J..|..A$l5.......5...x,...uF.H.....Z.Vt..A.....]c..Y.H..........4U5!}.U%.]..../C......,..j.<..wW..d........{...<..I._.G....l-.G+...+}N.LVE.......%0u...r.!......... ...4..=O<...%...w5(S.*...H.ww...v.).wwI.:...f.){ma..y.f...I..E........q@.q..$xN.....P.e....TYP./...uO>...5N..@....g{.5......#.\.Dy.6.4/....=$..t...B..3.G.P?j.....8x....r...b.37/....Tu.s.&.e.j[..G[.P>r.%Y6.p.|...&.X.G.J......r...o.fD.$T.{m*.9$.8....%.G....F..^vQ.......0..Y.>.#....?....oZ X...{.~~4.o..}aRG..0H.......y.....u...{c..CA.&dm.^.fP.....J.1.U.....m.fPQ.d[!.ib.V..A.t.T..1..(ZG".....G.......=.W&e...j...Q%t$.{.....H..w.....G.S.RZ&S.....(....O.W.@.\.Z`..*..%R.f.ZM..n.........7.m<..{..#.......y{,j..1.Q......G+....._v1..c...R.R.z..U..W.q...2..G..Yf:..h.jv.."...g....&.p..p^..H.~..}.AEI.L.6..6`......(L..!.v.+.N`/..,.6..A......C.B...n..O.....Y.E........pqZ...It$.......

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\ibZxCTa.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):16632
                Entropy (8bit):7.991251042796938
                Encrypted:true
                SSDEEP:384:vtzNmdyW7T14ofh5X2NTgAba41K4RL4mitOvS53e1D0ji:Xmd1fuof/X2NkAbaQKO4JtvU1Dt
                MD5:8130FFF78285F581D680DCC666AE00D5
                SHA1:A63338EC2956C5BAB8EBB47C698971F86B127E5A
                SHA-256:1E45C85DA9AEFA65F9ADA14E1E14F09AAB9A89D0E0552A8976D1F5441D819B4B
                SHA-512:36431B948E68C5E731AA15D8C74CC894D21CD0AB05CD5A659942D6BD409905D17853F2981DCD5DF2520D22092B3C43F155A0DBBC8046A59702A4CD510F37E8C9
                Malicious:true
                Preview:G(I5.)..h.p..X...........P...E...|el.0.a..!.U.?.WP>.+.......@!..'}T4..5.q.A...........$....af.-....C..@%.....;..Q.I#.F...........i9J.t..w1..!...X@u..Z...-.......w.....m.H..|.L.\...b...<...L...(..8L....N..S....tr.~....b.z..P...a.d>..W........1..g.5...........O....|...`.}#ut....;.v.N..z....4....g.HhZV...u.L..!..)f....8.}...2./..T.....#=k..E.L\.....`+N^...i(ns:.....-g.....9.x.#...~.Ne.`bQ.#......~.K}...=V.i.?.$3...2.e..YA.M.1..S..it..)..L....).]?..9.#..q5..@U...c%.JXGg.7Rs..y..aQ`.l.L.s:....4...m7.+.9M......`..>..N.o<.sz.}.......i.Yq.n..t....{)&.T./:U..<.....V...(|.r.2...O^?..S.^..h..N.j..?.=j..]...[....u..k../.YV.?.."..\.K.|.(...E*nF.....$...R72.y.,.:x=9..`..h<]3p2'A..QE.mD......Gy).....j[...i.{cy.Ra...LY...Q.... ..@:.(..nE.f..`......+....y,.O./......../&1...T..t.O2h..e7.j.l.ld....\j.......D..7N...krex.....c...-.._Q...?e..4..U.:.........{k.7.P8..<.H\..2z.....@..q_h,.g.IL.^..........H.(\.<;.+.....J.d$...&.V.;(.J....V.`r......f.9.U..\s.u/..+.td...t

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\qlG3P8S.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1573111
                Entropy (8bit):3.620028102925301
                Encrypted:false
                SSDEEP:12288:nlxy78mpJBpgns+odznL8Zj7QuSH/kRmAryit9+oB/bo:lx08mzgs+KngZ3QuSHsRLNhBE
                MD5:3BFEEFB5258199FF57D867D0A78181FA
                SHA1:4F178EC266A912A46E756A3A9712FD21E2AB29B5
                SHA-256:0777918C6E294B09FD46BC50A8DA5930A3AFE6984303B56A2F29A22D45395D34
                SHA-512:F6B4CFE15AD8A2EB67475138D131125E3449DF759A7D72C77D6FC92A7A92E2BEB1DCAC05A69F8A67D8E3FFEE3BE59EFD4A67DC14439AF04EC8F9859C33880A4D
                Malicious:false
                Preview:?.....Vt.O.4F$.SP....../..:...:>T...qw.vls.~.%2py0u..}..........X.,.......Y.V#.B..D..D....ra...D....7.GMI.!..<H.Q<N..$.....=...y:..QX...<.1.:`...u0..%.%...."G&..B..$.8.....p..s...B...3...?......V.<GG....e...S.9..Q.)....R.c....8(OS.p4`.0'.-.....Y.F..LO.'..O..:..O.....L..."..ge.[..!t..JO.....x.<i...S......v..Z....l.Sbj....3o)nJp:..ZC`D....}i.).}=..b_,t.....x...q.=3.U....YY..m.).....D0...Z...u..I..]..z5..T.L..M0...]...........,4@.T..Yk...G..Aus..S*`.1.....#L...1..-c...*.......!.`ZuD..Nx...m..g..di.'......:4......m..e.$..~.(.`.!...Mw.=...M..v..n....2...Vs..... ~......Vo_...T..T.Z.o.nD............7......N+o../r.2....T..3+I.#\qE..)....I+.e9..R"....r..Y..;.q.....y0.3....o...,.k...9..5...........9E.+a.bg*..Q.AD...4....o.@..........._<..b....V=^C&r.m.....1(.6.y.aFp....c.i..E...5L.j.Q...'.=.g.$.(.!g.t7..+z.[.....f."..g.~1.i...$...|.ggr....qy...+eb?J.Oc..L...g...lwq... .._,.(ku\.ES.A7.5....../.DL...e......!a..I.J.viT...EW..s.+e..,...g..

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\Local\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\Roaming\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\2ofIH2E.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):107444
                Entropy (8bit):7.998208035202333
                Encrypted:true
                SSDEEP:3072:oO7nOYMLPr+PldRsvrbb6psqc9FiPDyQ2:T7niLPr+1DALU92
                MD5:BCD10168EE981CB78A8F70D904339872
                SHA1:BB02CC67889FF39A8EEF0AC1D3134B6B826B7C49
                SHA-256:4F1F846AF468E4FC2772C96606E8D4A8476B5B16FB18426F9F114F103A1C2E67
                SHA-512:8A9087F8219338978CB2BCF01A0AAFA87045AA94776EA69C62A4F9B2C2FE51C958DEAE8A14C10422C99A7F6800BE67C2A12E448C1F51C5BC8426BACC2DBE63F6
                Malicious:true
                Preview:7.....Z^C...yz..m.*.'.v.l....d9....N./......8..vM......E.o...7.h..{;f.p..v.]..<....X<.m.......[e...G.r...E.Ox.#.^J.8|...#...)@.[VuhB...,.Q.TO.....?..D}.".=.7.......5......v......R].`:...d1..p..q...e.p..Q-.....a.~...`S...fn1..#x.j..sj%.6.....UAU.H.-.....Hr-.....}.T;.8.....R.u...s......\..+U..&J..g.....oj.D.."..%...6.:y....-K.'.<.^......l... ....)6.B..7+j]._.dg.f@.J.8..&|U..H.......!..A......f=JO.8>.0.^...-P.V.....R.N/...m7...q.Q..^.:....r2$.E..+.q.s..W.o'.6hI...4i...._@....G...._...a{1.....C..a.... r..:k.SQ.=...(.D.d.2sn.%.25G...V..1......4.d......l.r.f.....Z?.E.8$L....%....a...m..9..8"./.$v.m.B.].=....~..S.$p.66......E#.H..^.].......G%9.y3.....^..X=.R..7...x.F.=9.R....!....{/*ET...t..Pu~.-}'.h. #-...r......qU...l.s.. N...4..... ..{.w..*.[.Y....f/H.|..F.'vkkLh..1.i..9......Gd.....6..r...I@.-..../.~T...y5`...:...\p.a..S{...=...&.]....N....9p..<SQ,.ey.......{3...KA...B.}...a...dG..M.(...._b6..>..v..L.U..{.T.~../...A..BI.=z.U.....-..

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\tYXlx61.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.981919512943351
                Encrypted:false
                SSDEEP:192:Bmco5BWwzqNEqhHQ3S7xwxeBZR5ESv0LLOdik6JZv1:B8BRqxtQG0eBZHEw0/Odi1
                MD5:6211DD544494367722370A5131937E6C
                SHA1:7DF4743810B4B17515D9E7CCF1BC4F5AEBE22ED2
                SHA-256:F1BCF9958A97E4448929D8C6EA45845321DD7C140AD2B7183E7899E2742C8E8C
                SHA-512:76555E545E3EA4B0FD0A02B783830CBBB7F78E7F3FDB6E4C12839E2E1BF6DAF86C597DA82F2DB33535DBC4530E279CD08C7921679D820DB0AC8FF3C77E87AAA6
                Malicious:false
                Preview:....2.b.w..Ed...V.M. ......~q..z.'F.Z`G.c9f.}}.M.'..v.i%...:.....@..e.o...U...V...q..z,&.R..7Je..h......*.5.g.(......A9..h...o.{!..Q...x..Q'Xj.X(....d..Dum.!O..'........Ms..F.|:G..Z.....R...G.d5e......[.......X...d.:}>f.8D.=...c.O..4.k(....yfh.&Y{.p...I)#b.eP(4)....5b....$.......W..4u....v..........P8.i....#..M....K..w..M.....A..b8..Y.J..KBn..i$....D.L..a.".2.....Pf..$*"S.,..I..[sj^..)b.7.]..}tPu...8.h".\P.ET....q.........=r..r.s........vi...3.+...p..'....2.....I...4......7...G...v...../..c&..]X..W`......d%(m....6L.'.7,t`;...a......&.....h.&..[..#d.....SAQ.....d.Gc..y.. %...a....2.ez.kXI..'....D...........ox.3..L....B}...?...jdB.4.+d.zV\.-...!..x.b.}.."c.K.N....8...|.N:.N...&..v.....mf]1...0...o..6g*W..+...2..|.C(.p.....5n.B.tU>V....V.N.cI.*A.....1Df5}..."k..P.A?.u. .>.....MK..jH....-/...\...@&...{.~..".e....K...g..E-`ad.&.oG.O.Z....%.....&.8....N.."...a+...i.5......b..{}#.L<I..F.2..p.._..^..0W......)...X...3..|.uG.b.+..b..

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\HoOC3tb.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8435
                Entropy (8bit):7.973807389039595
                Encrypted:false
                SSDEEP:192:LXmPh+aaaTtXXUml7m+K3pgkpoEtI/Hizv:bmA/4n17W5gkuEt4Mv
                MD5:843161D7BAE833DF71EE2AB1BB7B57D3
                SHA1:DCB27149A157A9B3B0C1991C6841A159167785BB
                SHA-256:FFBC8EEB6AFEC47D7284F5AFA8FC3975E8B5C102D76021E2C185B0D8B81B45C0
                SHA-512:14D1A7B651E56D5CFFB43FB622A2899B7531C7164776C31A0D7B52A7F4348878BA394DE7E96351156BD216AAC80F5C202F26335AD62E25A4771078C5C5E08F1E
                Malicious:false
                Preview:..;.....a.....*.V.......%.O....,.V.eR....x.I._;V...~>i..}{..sr.~1l..X.N..O.........J/.5..J...V%W....8.....\Sa..O@V)......b....K.A.6@E.?'..i..g2......V..s...>.....f.z.......y..n.'..<....?e....<.Pp/.....Y...........dr...PL.YB..+y~..,Kd._.r.Zb...l(V.............&.._`IC.K$..Q...h..u]....^.%"u.........,eY.76.B.......Yj..d.Ch..q:">P#UC.8*n...*..6...>(.`.......-5{j....lLO.........J|.........)....m6l...%,..v}OFj..1.[*h...M.d...v...(7.x.b..E..w2.tZb~.Ds..xHI8..'c..7./....[d$.<.uK...p.vNrq^[,.e..S.}.&.5."&.... .QC.D0............B..{..P.B.#..pWCd.........R....t.G.T...>..+.23.!L..o@,;..w...o.4...j.nV..]....3....?...f.....e...e...UX...x..@q...%c...{d.j..vN.....0..1.%.7V.....U....Y.4..;.Vwa@.s.C.....`.....W.%.}.a.Osa..... .6.....i.....{.e..+.&r.Vo..{..g.uC5z=7.%j...F..;.X..k&f.,...h...I....vu.}N....k...V.J!....$s#Y.hUk.V.4s.4..........~.q.R.)q-6K.I.{WI....7J..n..^C.k/C.m..C..7G;.....YH.0H*.....H.o.-...8.......O..u..A.r.....Q^*'..*jAi@....N.<..B.ml?..

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\hwTWzE0.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8427
                Entropy (8bit):7.97547386473649
                Encrypted:false
                SSDEEP:192:vU9XjpiRTysEBTmd2PZ0qX7gfymaSbqlyjacl1D1y+XkJ:MxI15ATmsSqX7gqmaSbqlIFl1By+XkJ
                MD5:818B095D7DBD5975FC935C75A7933E7D
                SHA1:1ED69B314CD74ADBCF046A060CD3A598FFFB4419
                SHA-256:B2A7337062B1BBFC4A4108EBAF5F66B86B26EDE1299FE657CB877854FDC2F9C9
                SHA-512:9758A845509E427D40490805338A2E7E5C23010C734C1B868EF5673432EADD5AC88644B75A70DB86FC40C3D2AA3953A2A357E2F20650DEFD4636292A18B66C56
                Malicious:false
                Preview:.....#d.*.. ..fq.4G.r..S.M.f+.gM..*.@..]ZL..e..E....d...D..y.b> r]..".......~L..>Pty...`.....~.J}.f..(S@....y....q1.w+=.....g?....dY.g.Tz.@.+....E..V.}....+L.f..Y........;V.[......:..K.|.4.....".7.;.2&f|.rC.l.N..-.D.\.<+.".^.!bB..d......7j..g.h...h5.....0'...97.yK...l....h..8t..Y.^}....1r.P..4a..)..!.F.&...NF9..J3`.T......,/+9:..K:$..c.GP..Y......bR '5.v.9z)[.....3.Y.,0....w.bzNM1..z..-.i..i..".[h..5.....vG.......O.'n....>....*..TI.. x......W.o.h..[$.0.7v.$.....;.X........T.B........V....@.......k....'...)g.wD.[.,...-~G.f...3m..Hvv@...FC.)...+...t......Xv......{.G!c.\j.m.....`-.'....u...J.uj^..U>#k.....<.8.E.^.Xc)m............m.n....\.&.~.*h.....@..%A.j..@.....4rA.........89.j=TcFD..T.Q(...z...I:.....PV.f?.g.l.....v.:...2.w.OC........5t0..q..GNB@8.z.~xX..]...{ ..D..$.N.U=].~...B.....*..d.P.~g.....6...o.[......v7..U|\.N>..p.~....47.t...RB.......d$.. .S.g.I.J..z0Ps....LNHR.[....N..g.&t..P-I..........6<.2E.5.2.6p..<...BU.J.#..Z.\.....!V.g....

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\eqrCJed.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.981631831180518
                Encrypted:false
                SSDEEP:192:5uh892XMU2Y9gliZ0FpzuUxy1chpoRC0kzQRaen9igPvywb6c+zD:5u+SMUTgEopzuUEYpVtMg297awP+/
                MD5:7F0DB7A8F36AD59ABD96BA3B0DA38D8D
                SHA1:D1F92C3EFEE5C579BDF51AA91049818946533E2B
                SHA-256:EB86CC5308DF315912BBDA3F0F92A80C12BF4D0EDA6609EB8257280CED6FF0AE
                SHA-512:59421CBA57C514D459DCC53C9357C04F069ABCD9AB099248FE3A8CC76AFA30CF09A5399D0A9B70378F52410F1D42057BADAFC9BCEDFEAAC29EF59F76CAE30CE6
                Malicious:false
                Preview:-..7....h.]J.eP>..{h."t.A....X..[).f....j...".5..g7S.].mVo.,W..O..\.[..7.]=T......JN$....I .....n..B..!.%c.....C'-.\.h.....9/.h..(..[.\..g.......%..M~...i...._.l...&.0.J....5y......._...B.{.VS:.....)8.M........oY..sA.>.|....J..*'.PL...[XCQ.............,/..@.......E>(Wn...5...8|...4..S.YX.Ot..e.....=!.......-)..W.43...@.b(*.....)..........Y..E.g....3r.CP*k.Y~~.z2....~k..udT.....I..uI...6S)......?....I..H:..e@?.......2...!.^......A...-..XQ.LK.^./.............S.CO.t.\x[N.!.z.xS8U..P?...v....$.a..c.....B......h.L....iNu...2..I....P.^............r.mHX..h.{..($..bp...+6....=|.x.kf.`..CX.w.....o....zt.xT.......F6..S.....$....dTkV.'..'.`.bI.~F..=#.2@oJ..Q..b......$`0........h5....J.._a.3..H=Y.[.Q..&s.a+.t7.d...`W.QN^.x92..d..7_.....Q(-..%.I.....[..>...8..._!..8:Wf.......e....oJ..G@...+L.......X.l./.+]....).....2...4K...J.......Lx..;....H.h.xh...?.......^...M.z...`S......../R.t..%...n.jw.....?..GEz.d.*U;.D...:.c,..>o..;....o

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\aVZevb1.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979050899371005
                Encrypted:false
                SSDEEP:192:XtGvBRig1x5SjEfo9L1HtzdKz83MJKJ9KwNGr1aMJjZ13Svgr:XWBL5S9Bhc41XNGroKHkq
                MD5:CBC5A370BC76769CBF6594CF972CEC05
                SHA1:74608D6FE4E37E06B8A063D343A7237EB310FB61
                SHA-256:EC2E7084C85B2C5B32056C38D8BDBAE4A65A18B10BFA1C308EB1D25C49A3E7F8
                SHA-512:81493B9B2EBDB88552C562375455A5EA65C9DE55169B1CFB073B633BEA9C7FEFA124F2AA02E7BA72C94489FA2DA5AA87EBF08396299558FDC658DA588FD59FE0
                Malicious:false
                Preview:.I..6..[>.7s..B...7.H.bL.VwW....X.".^{..7U@.2&.S[.._......@....(.j...=..6.a..E?B/..;......]$b.'F..'..Y....\..|....3.sS_{x0..../.~...`o.....2. .&[..n.dM.G........R.5.T...NE.......G......ht.'..0C8...7}...^}tT$QT....T,.2u.d.h..R8mi..i.l....a;,x.p.p.xR.z..DW.p.E....<..H.....,.x....z8...;... I...E.m{O.a..0[..p!..#X..H.\.U...q..$..*.}...-..m4..\.^.l.r,......A...u.zO....f.a...h.....\....).m.)8<........J=.1....:4t$.K..(Q.8l...(Qx[=Mr.B..c..+.n^.).).`.(r1..r.a.w..JL....b...(g...F.G..=.rM.n.X..L......2.}g._}.<.0JS...{...k......!.j..[R.....,Z6O..6^^..3.b.........r.....o...=.Y.K<...n`....-....i.'.H..-x&a..>\..0..B\~........6..;...S.........n.}...#..^0.>/..>U....Q_."./....v..-.Z..V...v...?..g..Pw.R:.c1/x..c.k@E.._?...s....4.....o,....^S......"=.u..R.t~s..K.!.......t..v.^T.)....nD.p.Lo .8-..z...;:Lo.2......1.A`....F\T.3..n.4.....HT...In:.}.K$......vC.x....lnq].....xA.z"e..b.]Q...B....;..q3...>k..ZK.. ...q4.%...M.R...Y'l....>%..H..%...{..R..)!........

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\7Bq9pND.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.980126259142573
                Encrypted:false
                SSDEEP:192:NLedlcGvYBRIXZPZTPbiG8loltJpWVGdQqakcTswOgZmxuvSe+:NLedltAfIXZPZT+ZOcGdQqmkGmrx
                MD5:5B23D7FF92B9972F53A491AF97B03582
                SHA1:B61E2320A52E3BA036EC493C8578214806C10EF9
                SHA-256:FB914F95688A19654DB3BE0BC44E68BCBBCB55B4DE0A3268E3105F4146C78F35
                SHA-512:D0D0CA1F89748B65B5581377AB8F69DBF0DE9AD199D8CF533600473387D87D57F7114C6A4DD59B1E242E9B2F7BED1C510C958048664E514EB929305E5A50420C
                Malicious:false
                Preview:|xT........{..]-W..1...t...<mW. t.....|..G.z.....^]?.r..Vn*...h.{_..N.9..R_.l...79...%D>....._.......`.Ds.w.,..|=.Pt...t..Z^..~{..ha ...U.P.`..qW......`A.<.}M%^q..?R.?.9.fC...s^S..@H.]..."*.s.......t/.x^......<......g3.`.5..w?!_....J@....b...0...4....2d....c.....\.$)....8....?..5..z>.-...#..S.Q5.3C[.....&ZnV........\^.d.=.....$:}[..j.......R.E[...Q...o...0...l.q.\E.,y....l..k.3.d.H..m..H......+9.@0...e..~6wT3RR..T.0...K._.q>..gl..;^......x..\..`...o...y..e..]..K\.d&>g.J..i...{...\T.M..-)....J...Z.4..:.:..&....."z.=|K...GI.(.J.d.=.^E.x.P..r..<k`.;..p...;X....=...!......DH..Z..G...?..FX,..UB........yD....!...E...f....R.....1".W..Y?....R....@.M...aT.t.)tV...3i@..1..a...6.{.......61.9.3h...&&e\.0.....=.~.../..M...'n .y...."R..?..."3.T...).b......<.%..]OA"..H...G...a.i.c.e..M.x..D..U.....`............8.5....-..>....n......j..;-.Wg.&.wLT>$..g.N...WW..L..P.F.*R.Cu.W..2...\....^...D.?......!`..<3......(...Q........C.^.x-X..Ot1(`).E.0..\...L...g.

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.2.2_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Runtime.2.2_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\mbPqMiD.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977604958473259
                Encrypted:false
                SSDEEP:192:tdVQz7mdSxjMeaSsRIUSwUVdIEE5jHJvRxYDFHQmAiFizw442QCl/aRz:rVQz77Fa6Fd3E5jpZx+QWKwi/uz
                MD5:4003D61814F920CBF927BFC3D778AC39
                SHA1:B6490C00D796001CEF66D0B95F1301AF1685FC3C
                SHA-256:1BFAA09E6191EA02F2D6903EE6C0C354D7918997FB7A9A7DBD4CEF041A856EC3
                SHA-512:26CC6D5075C5852D730638A74D05C7A52D8FEA636E3D5BAB8923E110D3768D5A458673C1FC540A1BBBD0106FD530E23A7533F654ACB5ABB9D60702B901672990
                Malicious:false
                Preview:...*...\...qN..@n.I.J..../...|....X7Rh7......i.&nO....3@.s.....0c.T(..._.Q;4.'?..A...........#.64F....R..L...{Z*.?.X.O..'a."......j.d.{BN/.....GOpzNE.x.....o4.Y....&.._QtC.O......r,:.....AUF..../..C....z3...+.uh..4..T.....LF.o...,.....\ixU...b3y.....I..j.l6..0....KIh....1.6..R0FJ..../>..\.Vl..~4W..X.z...6.n....V....%&Bc.....6..Wo..)....d..<u.. .A..4.k6.4...Y#S..2....!/..G$GL.......:......L&1.A..c..7./..{%.z.\t.)_|...,...A..B..e....0..#A*.`.|..S..2-.W.3.....LL..a..f..^.2....Y%s`1..s...-.:....u+)tQ.r./]....xE....w..J#Y...U......%O...s/.~8'..jEi.F.*..T.&....V.e....C{}.n.....@.......Wzg}x.."E.b...>xlGC..l.7dB.-.%.o.t.1,.Ia.'Q."rM...7..........?{uhP..d.ft.'Dx.>)I.....u.a,..@....`j.."\".....:.S.%'....(...;...i......V[...8.y_.!..h..G......>2ndMxG..e$/.gW..x....dB}J.#..%wM8].$l..}..v1.9A..px.6T8-oa]....}.E.A.-0...Pl..)y.."'7?......$...'.%.tY+u.......r>4....af....z.c.......@}...j....3F.Y.u~p..".....>.Qw?W.7.$..g...".....&./...>.`.9......

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\uMwYTW7.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977766212918657
                Encrypted:false
                SSDEEP:192:h6MR/fD2y9KZRp3F8c+qQ5vO0s1jH2RP48mENJ4BRJO80Whz0:hP72OWB+Rvy1jHm4zEQB/OKW
                MD5:BED9B676F41BF9B3D8A322AEFCA1F335
                SHA1:393841078DB3D7F2151B344A056CD559C0F51574
                SHA-256:908C0256F937116A332A380D7622FCA901F570C5CE530654F55015803268393A
                SHA-512:5358D28E8982B34ED9476EC558B1F07787CB751AAD1642327746212C002B3E417FC9DB610E15E95633AC01A908E510318EF5E0DD274EAE9C35EF154BD64F4171
                Malicious:false
                Preview:z68...].......X.9.*.d.....U.....b...&!g@.'..Z.~v...>...."q.X..-..2.....N. =.Z.......j.t..~CH;....2..:....t...8."J..K..:y....(.9&...\.Y.H..=.nok~..Cq.]....j.o.R....~..../Z..[.EQ.c.e.g....|S.1.8...A..F...`.........@-d...;e.....Y...n...H%..a>J.S......2.^&N...=...u.jC.6p....Y..3..&.W^`......\,../.61...A+i5....7..f.y..O..X...(`..!*.Un>.v.#3y-|k..K.....~0....6]...pU.k,~.,....N...G0u..p.....#hJ~..v..N..<n#l.....ap.9sJ1<.'..@(.....Dgf...N..Dk.>'....%..T..d...:.e ....".^.^......../.....}.H....41....E...6...^..B...J:. ...k..d..$..&.N'..7S,S%.p.....@..i.N.P..fE.6.J..`+.e`...9PB.'..x1....W..d\E.F|.. .B.H.3elJ"3.=.9..f........`%Q...-.....h#.t..+.......K..].(.N.l]..?....o....Td.....Y{0..\....BY...i`+...-\...c...r..vk...A#....}M..<q',n8..c.....;Ua.E.Q...!..B..Z..p.....|..i.Nt.....^.......ID..7.oJ.k.QCvT..+E1Q..b.;O}...#...Q.b.!9.....|......[..9.@..5.#!..T..Y.>.8u.....H.]J3..7JN..H..w.A6..`.._t[...,_w.A.t.......v}.......W=(.RL..|...v.7O=.&^...X

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\1sPKg0j.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.974984180810353
                Encrypted:false
                SSDEEP:192:OYo5Yi900ilXRPl5luMKObIXtoL11N8vIwVU6HgBCaVuFy:V0Yi95ilhPl5luMKb9oIIOZHgB7
                MD5:0B644C6195102956992AE13351C850D0
                SHA1:7BCE85EFF24961E010532B19AE527C0DA35DFE54
                SHA-256:D187F3018CD5D13D6246D435AD37D609FC139B172AA8883D43524382E3E9B159
                SHA-512:D9C3CBAC1161F201217D19C37CF3418829D774712502877542C9CE59E244840D39E0D7BFDCCD951E0C6419E17DE7B532726559BD55453E68041BBA4936D137F3
                Malicious:false
                Preview:/`.0...q..?r.G..W.1.}E..:.m.>.D.V.:....Xh.1e..9.\NU.&....+..k.......6...=..t+....6......d\.u.L t...#.X...n.].u.|. .>.y...Z.k.b'..v....t.TY..`....+/0...}#..Z-1Z.J.SB=.w.{.=......9F..LC....0...c..w....."...Q|...6(..>.u2k_h.....C.m.2L.4*...x.SC.......].S.....M.?"...0S.pO...>.|.,..jZ.l.S}.=.>t.S.<....Uwh...Y....2d.......T..==\B(.......6./d..2..|n...s.....seB..........TcW....sj.F..... .^.t.N.]h..Y\..\.Sm|.}6SG.. q`Gtan........t%'....r...iq..}..vn..z...js..m../..se..p.%...EQ.x..5...O..vx....~........>.....).[.F...,'...9>..~OxAV.K^.F ........b.wJ..".A.}..\r?......9.Y.{Z...\t1v.I..PX.....#...5.W...:f.m4H.%..O<...&~..b......<.d;...G@U..~7..O\.Vk..V.V."h.Q..5q..&...;x..S.R....Q.R...W....L;._I......oxnRU..#d..T.w,.g...R.....t.K..ES...sE....q.%.......l..XY....(.[...Xo...,..%.}.^.F..l..y.......\..(.e..:K..G......kTM}(0wBk.;.........L...L.m5;.`"\...7..`.S..RWn..........c.Y...?_...M.....7.z`.fGP!.?y.^+t.P....&..\.a@.U..<.[.".r/....m8}....

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\Mz1z6q8.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.983085441133697
                Encrypted:false
                SSDEEP:192:c2nForFM0E1QDUsBY3mogH+jKgK6bUkRIkoAiK1EhKUr8n:1nFoRM0E1QDU1gQG6bUkvMBKqe
                MD5:51A3AA59C83628D222950A4D6B6D9D54
                SHA1:BF7F342F71F1FF5E649DA60390D4FFBAC46CD934
                SHA-256:71F67A6AE5BB656779B33CD4D1AB60F4B266D76E5E38B1858E273AA8481C2264
                SHA-512:E6825C421C445E9149DD88AB57FA8E0F72403E0B076345C3DAED69A64C9132A8707CC54E8A27EF9130C13E1847B74DEB8D4A14FE0574DB9B39A7156A321154C3
                Malicious:false
                Preview:7*B...Q!....\...cm.|.....`Gl.Q.*f]..i.z.Fc...C.....N..2#..n...L]....Z].._U..c../....2a.{..@O...:....}`#B..'.I..h.N.....9]O.&......$...B1.5..|H....3T..n*Z3..rR~.B.#....4t..`..j.+.T+.....Q=G.n.4N^....H.d......h...$l+7x...q.g....R.U.....Y.=..+7N..'uE....C.ww.MU.;.e......t..V.ZF9|t....s..D....e##-...Lr..vx...u.@#K.*.bc..I .7...+P5...PdT.M...(..m.d~u..."......i..."..b.~Eu.FW{....{-a.....!..f.."..5..L&.5..._.9?%...;....L..H..L.V3...{g!.&..|..o.<...x.....!d...........;.Y...i..!......s..Sh..mI.gq...HP...uW4..)"...s..UMS.e..6......r.g..p..o]...%..>.....g.......YD....XoB..C..Z$!.m.=..)I...Y..!)^~vP.s.I..R.....e.l......X.v......G.2...s..>4.~.t.J_.._.iD...W.].S..7..j.d..H.c..g..,.:w.*....)...;.:..U....._!.........V.KKlq....t=....^.q.:RO#S..8V.tFC.z.`..G6...`.\.?...5)...3......O....7.^....P..0}.S..`K+a...8.'....5......x..u.&.9`...H&nD..G=^.",...-...0.r.].-_..5@.@x...?O.`h81*..5.=K..A...`.j...w._>.>n...:.y.n6....Q.z..........^.<(.1w....1....ou.."

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\L1b69Ew.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9766840439737985
                Encrypted:false
                SSDEEP:192:PCNfA0c/ucXaQgbE5yxkmRHYjWfWecdRIewakWrWhNCSq3arf:Pd/uYajomkm+qfWr7lYCt34f
                MD5:ED79BB3AE572003D75C8950277FCB8E7
                SHA1:20F792960243EFEF0E31ABC49C81DFE79B9E2DAA
                SHA-256:28E6F0E73EAECAF392FBA00178F5D4F0270BD05BDEEFF5661103EF716A467DFD
                SHA-512:9EEBF25854D7B08DD9606BE7E1D5615EF6CC8AE6490B492670280B12D62BE4AB91388B789BCBDFB2BEC4F9701C43C44B89B027DF79C4BA5A8771EDECAC18E950
                Malicious:false
                Preview:kk....y.(?Uu...,M.^.4.=.........A../g.n...'_U0...w.f..9..7..zA.`a=_0.N....?.....8K.+S*.v......*%..4.R...C... .=;..gI.u..!..tU...S..N0.*Q.>.3...4,GJW.....*...,.$..C....jP.x..T....4j.c.C.wo...$...,g.............s..s.lw....t5..D.)....l.......P..k.c.......b%9.1."D........$;..#......Ovo.G...>Zvq..F..d.G.:..Z..xl..,.4....\!5...NAG..iQ-.h...C....@...y..5-..q.h.Z.....D..k$....4}O8+.}Z.[%.a].\P.'.....jx...;\.B.LI....U.G.w3..^....1...8...K;@...D.A...P..-s..R;m6R...pkh..?i..pFx6..I.dw...D.s.,?.....Z^.f.u.^\.P..B.?w../..%..HN...Z..>.RV.!.gO.............e..>..Q..;I...%2.78.[n._..$...S..t..d....[.Q.8...%.v%.=..F..rS_.3p.Q..i.`...[.f.....x..s...]D.. .;+....g..C....,.o...56q.4..6..|7Id.`.O.k.......Vky?!..=nZgq.5.0|...3......T'.....Y..,.....s/~...^.M.......h...7.v..;|Yb.t7Y..K.9;p....~!xp.ff....R.-.b;Y."...j.Nt...,.D?%.%.O..D..7..C...,....x.WG|.l....).cf....n......w..+...W.....W....S;........Zg;W..?.S<..3....._6..}.....3...!P...n....Iu.e..QP.T....xQ.0M.".

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\1cbKnPK.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979283954635321
                Encrypted:false
                SSDEEP:192:Laib8NbFFhJCDIB/ejOAjphtjYTJrAyE/OArg:LJEbTnCvrFXjYpA1/N0
                MD5:C547D4C8E1F4B8FFA7D9C2A6D443D3B0
                SHA1:946FA4E72C6B0C58376D4B8B2BF7ABC61A50AE9C
                SHA-256:408876339A19A43C264572115FD534DE8E3F358CFEAFA75D980468DCB1E25992
                SHA-512:E0F821DFFFFB054A863353610EF10590260A36CED4433F3B602C34227A878C800E5B32A15CBDDA07846C75A0EB45B39B562DBC441A2E8AE14A0BE313A76157CA
                Malicious:false
                Preview:.`.()D5..5S...Q..Rs....#..=.<.H.j#P.......z@_....ct&p;..lT.\.....KA..2d5.$.o...%..M>^.z.O.9...wo.a.O..X.'..$,..<z..Z.9ht...l86....f....cf.=%J/...I7X.\:.W.T.#f...'.A........ns8........Mc..9}b...0.9.P...K...l;.*....QT .J.?n.n.....!d`&&.....cP.........k.^.{.6f..f....W...\".i.Tc..iM.....w.q..".lU-..s.?..4..H?.y.^:.(..%..E..@.|..% . ^....&..~....l9<!.U.......R.,c>..aRo..qL.........*,%......uY......!d.i._..V....a.!.0.#...@.k...w.$~.0.Z.\...l.....:Z4h.t..B.U.C......@cV..^..XG.....OI..n........<U&1..J....-..A|i.....E%.t\9.....h.I7`y...uD7..w.G....N.;.).....d.pl...!Z<J=.g#A.V{h.,..b.&..f.S.g>.:6....r+.B@....... .._]..z.Q...bn.8.4......ys......(3`W.jk..X..0o.U@7.i1-.M..z..S.(........[......?..s.l.L.G.Q....|....(..0.7..Wm.d..y.....fO......?.......##....).9F....q...k......F...JHK".7;.......M.Hl.!h.p.WX...U...ZR07..0q..*.....(..|.0..57#3.l.b.\x...q..f'Z.$.....Y.z......d.O.&.x..j....D..^5F>!;..W.....U.Z..=.px..>fX....s....,...T7..E.T.F;.2z..%~'b/YPe.<.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\yYWmCfo.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.977570845980721
                Encrypted:false
                SSDEEP:192:1XUrtpY0RuUm+VCMOLDLjdWFpxddEtT4fhQRfQccKwnMe72:1XUrt6sbcTYxdOtaVccKWO
                MD5:98607CBDECC36EFA05D7386DC9E1B169
                SHA1:A9DE805D6A42AFD85774B56888B9CD0324AB635F
                SHA-256:2B4A1FC0C8C887D2C945D9DD25BE1A7094054A45BCC787EABC7422468B63821C
                SHA-512:F9610CC205B20257EB7EB05FF49FCFE4B39A0BC7EC64837C7E07FFE592CC7AE2A205B2BBA282AD4436DD875EE8C9B7A705252E31A77488B42247EF0823E3651D
                Malicious:false
                Preview:.....>,......9M.X.-....s...i0....=..m..TR6.?[........H%......w-b....9t9v6E..C..7.F.Y..{...l~....U.|.#...+.f.xF7d.....uo.O.....@K.....U.f...."B.n.`....+_..1Y-..c....v3..Au.c.";F..Bi-H..._......V(.......wto0....>..O...$.z........z........Q..N/.w.....`.......}.x.....e|.U.~.2.S..bP^..K.....5.y..s|o.._..8.y.YLX..7.9..q6..l......K.h..'.....D..*LU..'Wh....f8.p.....J.6.....H. D..3.,.?X....Y.h..;K|..V.x.L.....L.=2k+..dnoRN..Wq2......_..B.9..V......D.r......EzD.....-#....#EX<...`...Y)mL.aP..I.; ...$.\..."yO...e..o<..I.s:q2`..E......\.-......0L..q......G.^.H...X.e0.../]..f...... .0{..X.:&?..96........X.P..R.=hy..J.ci_s......H../.X/..j<L......(1..<....w^.I.t.[.....z...},%..>...&...<l.g.>1...(v4-Vt..X..|..{.).*)......pZ|...P.7...%\S".5.^.Q...9...n..L....Qk3....h.j:z..g..q..\....9$.!........U....r......._......D..._.;....(..N......>.`!..Ni.k...<.eC.rp...Y...C).9R....9U.w..^."./{R.^r.ta#H...b.*.3^.e....c.....X........j.6....,.el.:0.N../^d2

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\CyIUx2l.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978648595020199
                Encrypted:false
                SSDEEP:192:cGGY7lEx16qbgyBR/vxRdlmCJKxSkmZnm1pjwXiVCLx/KRk:cGrlRSvvdlmmiSsptCl/Ke
                MD5:3A6742D15821E72BE6B6506CAB96DE1B
                SHA1:7F3AEC13FEE6E32A14AE59A333F5BA9E7AEE335E
                SHA-256:AF5E3404320EAEAD77ACF2A6C8D3366EE6DBA508B98A25D319D49C8DAA8B0075
                SHA-512:552F1AEB4DAF83D46A2B69790D113EB93779DED90FB0BE9AA51B3B4AB49A355C72DECCFE5A77CEA35E1AF01A7BA7527A44264B4DD5316A581C714ABBFE3ACC9D
                Malicious:false
                Preview:f.K........`.&..XV.....M...8.R,..x....5 q..-...t.5...^.=f..%~.b..&....1..A.......{.J..D..!.K..UP.....?H.t.2s..5...lE....fw@S.mM.1.q...L..JL....kwV....NX.[U{......o^...!./.h.!ux$M..c..p.)nb...|..........q:A...Zm.=.7..tlR*....e....Z..j....... T9....K..E..*..A.k.ou...8.n6e.......H...Idg........Rh.w\....<I7.9RV.W.........n]..W6.N.......[*E...L./...l7h.V..-.#S.)...%2.-..m...d..[................a0..)h.....4.V.....:.$.-.......[#Jj%...c..J.p'.&.]./.~#}.....;..f...._.79..,C..?.h.9....P........tA..._.(.v..p....b[o4.{7...vx.....|0.!......[.].dcP.x../..+.m.rf..@.m..=..o.D..Ig.d4... ..H...K....+.R..:.%v...n.$/....T......\....-U.aI...?..e...9..,5>V.T...B....oGK.~..hI............4.<.T(OF..)..?..-...N."^Z.v'|."i^..IFxm..D5?...ry]....@.!@r .VM..5.\KD...V.].>..0..".....|....c.+...o...i.0@.L.v...'/..Bg...WU.Q..o....6R.,4^ep.c.|..:.i.....]..Y*.a.*i..L8.y.4....Y.RC..b.E.R'.,..$.i.N#.YE....f..m..n.O:n89h.......x.....O}*..P...0...)..z..>..}.....N7?..4......$3n...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\LtZSUB8.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):4345
                Entropy (8bit):7.96403399075917
                Encrypted:false
                SSDEEP:96:E4myejVq7DEzxmOHnSF9lmyrdetGu2N9isNV6nPs/Iuvu:lmye5qH+HSzlBc92N9iw6nPwvu
                MD5:F6B367B3C8AF2F45781ECE470A9F4813
                SHA1:9598209FC354318D40B3BC35FF8BA932C6EF835E
                SHA-256:CCD26CFD9EB3964CAA42E389CBF026154FB4FBB1F89EB37C534D456FEC5533E9
                SHA-512:09386B9B2912B717A425B46AD8972555E32CD181DAAFC138FC9887F01B8C302CF1A8E60B94C64888C8F5B74732426613D31E8BB06199C37467E29AA28F170D39
                Malicious:false
                Preview:...R...lt.D.&.....+U.a.6Ao.1....O.x.5.'k.^...-.W.D..:....I.$.G..%..U..[...u...h)...I`......'.ei...Vz...."..X%.-(.)~%5....=.......+..V......$..E..a.Qv.....%R6.O.l.E...<..4h....>|u%.[.e...Lx.V..~....cm.,n.c.J..2..x....v../.....I}.L.x..;.......X.7..~.c.r... .J..lr...z.....M.9.G..n..P.&...`.i8D..>..X...Y{..B%.2.......G.x....< ...QA..+..;.....c..&&.u.O-..+#.0.&/c......y..#..#5BP}......BZ%..9.2.tG......kWP..............P<.xl........$q...T..K.w#..z......L.-Y..J...a....F..Q........Mu....al.9Z~.)v..}...'f.*.R..5...=.c..... ...2.H..J{eX...NKpv..i..x9."..u.j......"..C..j..$.....z....]....T..w.}l.y..QC.Q..H.h....S.b.d6...z...a.Z.........p..D*&..^Vm...w..Xi$..8.T9...r]@...p.yHBA....).I.S.).e........g..}.$.....O.X.a;....-...r.UO%./.pH...V)8\....x.^..i.!..]..,...D..OK.....r..s*...6.-.....nh...PUc.8t.....kDGB.H.m......#.t|.._.0\1...e...e&.."..t.j..I.+)".0... mH>..Q...bG.h.g....,I.j...|o..#..61..]v..\(.......@.l..c4k...... ..5.k.....9z...n...d..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\USjwHp7.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1384606
                Entropy (8bit):4.284954531760076
                Encrypted:false
                SSDEEP:12288:vpRhQSCd9XO0Wu6lbvvvxLGBXz1pU+Ibta9T3R8GmJwAT/HxR:vhQ7+Pu69vZLGNzPKbtaHJmJwAbP
                MD5:BE1748DE0160A4950F14809E0920E433
                SHA1:E493B87F759A317285428CF5B1BB8CB0FE33C762
                SHA-256:C42DE7BA237CEFC7EFE6E2618370D7F1AA87A88E44C8CA41E0852D1161631D11
                SHA-512:54C609C477D365331C836D0CE6232E581D3219B0AAAC32FBAB8DB4D67642D973C9D0EB673DE6ECCA8FE48B9FF07B04795F08EDA9F3DFBCA526F9F589E7B2F921
                Malicious:false
                Preview:ea.>.r1...._F....KV..M?..)...#.....Y.|!./....O.......T7M_..L..g.wD>..%....:Btw.JT....-...... f..>....).u-..!q.-4q../z....e....m.<C<......d...d....b.~...0....U{..V4..[....p.T...t..JJ.5.......I.....m7.K...X.....?......f....|.i..i...5v.x..r...z+...wd|.7=.f....`.Q+..j....V0C...!.H"..]...Z...H.P...>.*(.y..t....v4..N...q%...5Dx.x...y.u...6.^.]..fo......M..].H+......7..L.Sz6.<Oc.!.>...6...p..3T5.r^.....}../K...........~#I..3nm...!...3......d.e.G.B..\....9..C...H...b.i....[...|.......O.n..Bji..P.n...#.^..e..k..D......F._...T.5P.w..pi.S....Cl?`]..2.....k.s,..QJ....gk.....];.d.....,...*...u...=t]....Jk.$.......b...d...3-.'.Gn...wk.1..K...0g.g7.c........>.u.v...?.W...}j.EL...b9@[Vz.Hh..knT`.iZ...-...G..:F_....f./.D.......R...1.j.R......\.w...`...@...br.......~...sL/.........q..QUb7..o....x...:s...e.S...}.Zt...T...A...9...3s.$..A.....V.K.KP...6...=*..!.`..1..,....z6g.&..R@.<]NJ....S6..!`4.QD...]..... .-.#.....8..$u/..u.:.pA.:#e..s.....-I...qc>}.w_..l.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\XYTFbKn.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):65813
                Entropy (8bit):7.997238170207877
                Encrypted:true
                SSDEEP:1536:nj0T9XegPWxQbnSV8k7Fsx9giV8NfLJtaUGJVhbC3BO:ngtfkhsLbV8F9tkZO0
                MD5:4EB6B380950D18414D21CAF9483FAD29
                SHA1:8EE8BEEC0C53DB85B670FDE00CB0BBE4F06B074F
                SHA-256:DBE29392E3F6094164E7549FF62EB305BAEC825B4CB896AB30DA3DC33E1CC82A
                SHA-512:3A1FC46F265A77EA5FB7C51DFFB86CFCF73D2D310A96BFAFA082854D777C3AAFC1698454D5FFE982576BFA02F36FF2823AA92464C1FDC33F9D2B2C4447C1D59C
                Malicious:true
                Preview:"H.}..5/..O/..@H%z{.%..vs...o_...7.j....g.OD..l.A....%~..1K..5..5?..T.+mZ.......q..f.7,A^.u....[t /C'.......w*=..9.R.E...#......i....>.%@.\F..y./..qC........zi.....8w.K...e.vq...5..U.8$7a...Z...P2W.w........C."t....'<..+v....-n..*.....(M.U.f!C..C|oa.#\.9.;.fI.&.ps6.l....^..X@.,..k.L'./D....b....;..."+=%.89.,.N[...._iX.f!.. .....j6.....fC.j_4... .^...t..L.....8.s....'..+...;_`. ..EvVl..]L^x..........l,2."ax.....mJ...@...{U,..W..|n..e..C./\d7.A.....N..E.c........J.....{1.t{..~.\VU......-.Zj#..c..B.eE7..,..(..xcf.J..n...z.Z......YX..V{.b>.....Y_{..K...|B....z....W..f.].g...D.e.........yk..w.X..N[.<:...G>.4....;..AcEw..mbn......8.....%..>r.C.n.Q.i.a.K.d...=....s...D....6....< 8q..f Ge......... ....&..L~%.W.....`I+.....!....%.........?sk.W.....[....C.%cf.$.z_....?...~m9..!....(}."gR....,J.WG{.0..;....G..ZhH...z...../.:-]0e..f.....Nl.z.`....J6.X..i.~.oS......|.1....h.J!NZ/........|U.....V...oE3.']y].r.Al..<^pGZ.v2l..$..Q....~..b..y

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\rSJQJPD.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):33023
                Entropy (8bit):7.994627232544275
                Encrypted:true
                SSDEEP:768:jYeukPNOhsP5v/WrJWEwcx93XyGjAUEKDJWSk4M:jYHmN5nGyA3Xyk1QSk3
                MD5:B3D35B44C19662D6649321AE38648445
                SHA1:0DBFE848C357176EBEA4473DAB011C060E06CB60
                SHA-256:A8E55B750C01108A10855806152B2443652610E24CD365CC824C2F45EEB03791
                SHA-512:B9AC7A2EF94C9C8259EB986D3FF53A03141D64F1E6A6C04689C2A85E733F91BAAB6A7FAAE205121486DEC39ED41440E0839F3D9D949A71B35AA4075FAE4738F7
                Malicious:true
                Preview:..J.G$..H..........z{.a..:.*.V.[H.$szpm......C.~T.K..:.....b.H.=.5.W.X...Qq$8...u.b...Gw..tc.*_....Y<..../:.Kxc...-=[$.......U.e1..NU.#..7oS.....X'.T2&te..............!....t..Uq.A{Fk...yp&^..td.y....z.c.z.......?....2.........P..?t..u../.).xw..".a.u.Q...o.0..u#K..8.=....Vg...X..... .6%./.D....%.[...H...rA.1.t.F..S...Q.@.l.K....f?.j.;..u...zE.......)._...|.D........m.).~...m..v..D..F.m..;.Kg.d{Q.V,..SxG.=..Q.,e.....m8*snB...1..#._n.y...$.g...g,.~..%.6c3.|..*.....X.....x@y...P.L..y..K..^.....)ek?E.i.S.B4.....d./..t..<.........e.'...S.e....B...M..4..?*q..|..w.8...fX%{@8i.f...A...B.=...;...1..f|O./....?!......r...r.%.v..}M.efK..p-($..2.{&....3.2.O../..-.".u\\.~c..V...^....F.9....e.Q...K....<.,.dv.N.&. 0Z.3m..T.N..0I...YC..4....Bd>....tJ.ZP......Mx..n.c...d..9...)...#.4}6...f-.$.E......w..o.sf...B'k..O...f;B.-........;._.......G.5.>.!..JXmS2X[.9...W`g/.v...3....y,.t..(....|}_p.6..9.....m*.+1..._AC..o-l.]8...h.b.[...Qy'...{.......n/.& ...Y.2.tD.. .....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\nm956jG.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.97604815156814
                Encrypted:false
                SSDEEP:192:dCHnEACDgRmZaIqEN0UdL7lZRBjPOz1nIh83wJnLWayi7:dCkACDgRmZwEN0UdNZRBjGRIm3ynSDq
                MD5:B5B5FF6C29651FDCD0C975EB424C436A
                SHA1:2D6D0FA50877FBD40F157974D3BB6A12F4280B8E
                SHA-256:B34459960A067E1D928DE23972C601E3268FB28079AE4AAC15C146F9BC685B33
                SHA-512:3F83DE0C87AFE36AA2FB15F09315DEF42D8DBC6BDC5317A395BFE885B8E993B9F9F707193920F8BA85459A3034098DDD32C9245A7D58E6A6B84EE04E8909B5AC
                Malicious:false
                Preview:.p^............=....)...8ngM.A.U...._.K.c......5..:G...{.vw.`Z.t.y#1..G5..\I...z`g+.s.#o.z[.?m.d.0+..-..*.h9...$...6........e.XXJ.9....-.........._RK......4]...i.A.H{....j.z^.*7....n.m.u.V.>.(......^}..(-..MS.c.e-.T..3..tR.~R..C.....f}..4.,...8.WO.os......@J<.....0.Mw...y.5..s(7Y..\"..a.-....o"bd.7J....Oi<).m..u.gU......x. .....o.&...._..X`zQU..2.,~[Dh?.PJR..VoG...%a]eLq.Hw.@3_}3.T.............H....T;.2S}PPEc`..Q"....C....p v.X.A...0..>...o/...Z..z.P.t.......n...FDJ....A..u.c.s._....{.M..).._..H.... R..0.u.Z.x;...e..^Y....;tq.IUh.N...5.])..z.>@.>.xA;.?.....M.@[!......|...E.4......J...g.:=2`.......f.ycV...w..3......K...!..+.c.........p.......:..I...Ql.0...v....P.9oMN..a]A=.^....'m..P.k.F.6\B....i..{..f.....O..?...J...8...m.;.c..<5......a.......}.h.->*&....X.r.L.W.%}3..dM.l..U............N...!.[.z>5K..)..c.>.n.F....A.#.......A.>.>....v.*W../;L.x......?.G...}Go1.".P...Xy.{....Y`x..$.Q.:....=.......`.......\.B..^.k...........q.f..Yk.+.._w.....?...0

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\N0DDiWa.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979039332319237
                Encrypted:false
                SSDEEP:192:UtRyHNo+YAJW0QOhmusIeN1niA/s1taTBKZygC31B+2GEjteVj4:UtOp/M38peN1np/NTgo315Git
                MD5:7C76B10A00CC49B3427BDDBF48932CAD
                SHA1:B47DA65FBDE3EB944B61879C8D1688B8809DC3C9
                SHA-256:80960FEBD31018D3B7F60EB5F2F684672A2694854C5085EB57C7E456C1907907
                SHA-512:EA56FA07B82EF97FA7C056A34705ED22AC6A7E927DD2FFC2F1CF8C7EEBB61B98DC4E57DB28C286A1CBA98841F0FDE3EBDCF8BA181F0493B653C4058742AABFAB
                Malicious:false
                Preview:....N...h..."8.@..u,.7...^....`....l.x.......w.v.y..`..`)..^.b.9...\.G..K ...s....=.....F..U.....;<.$...qq.-..W92c.z...vaL..c.WU....^&..P&..N5./.#.{y..DO`..r.C.r..ha...+y.J::a...$..B...T.7..-...~"..b....JP...2.......zS.>.L..<............Q./..'!...:.......L..4u.:..ZGD3.F.$.aa.c..wxP%.5E.Yo8...V...~....22=...9ObM#?Bh...._A..H.r...K3..6-........W......=...{..+...R..../.a.Q+.z.X..<8.'..`..PC...)b..~.O9.b*>.m..w.H.|C.t?......~....O......u.p.>..1'ij...G..,.........Qji.}7O)`...?..o.B~.......ja,..*xQ.@...6a...\...I...'..a..M...Z.n.:"/q`.......0h&...a.].INq.uL.o.8......H....I..J.^aT....*..r..../.8DkPV.......:`....I..~.O.x<X`o.+.r......hi.i.RoJg..J.e..tPp..r...E...........{..Q.^........!4..V2...i...|".f.M.......~_'...!F0Zm....U..]H;1....3...x.....D.`y....^..B..%Bm..2....Xb\......u#Q.3....^.V;]..J.......#.(;..H.0....VQ+..zX@Y...]u.6{.*.^...b-....Z..pG0.@..1....G.6.I*.C....SC.XOc:a.1.e+J J....f^..J....5...z.o...F..=......[. .....Q+[S_..\.=S:..dn.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\AYoCP2i.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):16632
                Entropy (8bit):7.988524618182876
                Encrypted:false
                SSDEEP:384:0XONgp9Rbrm2MSwPgM+XAvGP4GuM95rjxt2ym:0e+7RbHMSwYM+XAU4GXZP2Z
                MD5:4DD3BB03300D3031CE1A151A70D9F9FA
                SHA1:2FB499F8E9AD115F33CF0DF7557029BFA27D4A70
                SHA-256:A712149CD937D45EAFA8E36B3E1763BE1F72C1FC5787B1EC09BDF044CCC68506
                SHA-512:FA55FCB91CA8AAF056500E31200DFC3C0426DCA154C5027931806DF9938E3D22343D1E9E59CDEF8C670BDFA4F54C153031108463AA97614A835D5821BC006071
                Malicious:false
                Preview:u.....)..R.}\......L....=.:..$.....3...{.Z5`,M..eK.\$.yhOK....(<......)")..a .N.[.....Cia....wX..,.o...2N..Ux.J..1....N.....>..,.K....H%.....1.#..;.E2K..G... A.gx.p......C...:/..l...b.J...9<...]..)..)..............|........A,JZ.a..,..z....a....iI.@..!Z.....4j.....L.2F.+r4W...W6...a.f..l.lQ...%..-.@.N ...NN..{.H.B8.........:..x.....Q...g..r.mt.b2H...8.5.AE...El..I.>...H..m."...Q..7..a=.8F...;k".[.E#C.O.g..].m....V.x..T?Y"#.....6...0f{.6....6A...../...&. .."....ous.C5*f"...u.....t......_..*U.:..0...N..XEi#..~...Q...u..&.k/.^DuD....y%....m.j..IK..>..m.hr. ..|....=.8..J..Yu..'QAl..9.c7.T..\..@Q..16..4..w9..&.*....<..a...l..y:$.w..)./..i.j8!.....K>.I...7W..%.l.W..m..6..Ix.O.}..v.....7i....^...l.w.]...^.......X.<..\.8..H.o.....G....2..X/jo.W.....z.P`...C.jk...,.q.hY$..Y.FQx.>..d.h"5..`Y=&..W.B....._-.....h,........:...P..l..il.F..D.w..g......B..!...*.%..T.m...-F(.I.dl......R.G...i..Zp...m..EU...M.P..!...gB...../.P..C.%].|..j)...."...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\hpC0TF7.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1573111
                Entropy (8bit):3.5999473833229074
                Encrypted:false
                SSDEEP:12288:PpBr7zM8yoD7fV4T+ETx1ae2WsbzwLIJN9wgVfc9awC+c//95Gp:PpB7ffN0jxTmMgV09XE//rGp
                MD5:C13B40E31DB12B2AD94450F227DB41DD
                SHA1:0C3B0EDA1FD60D296D4AE3CE18607152CE41E46A
                SHA-256:102DD0D63F5292266DAD29B5DA1ABB274E49FC0463C98981FB28D38B5CBDAE3C
                SHA-512:BE8F553632F390F49ACBF2594AB2EC27FF81F4B7D520653E594BC4D62ECADCFADC81C2213E8080655163813E9C5EF875706353D8B81C91CD756522C79C878229
                Malicious:false
                Preview:P~..%..)..8.c.B.p>g.}..D..:.........E.H.6B..L.(.?c..r."Y..-...@...=.9..q.Y..;./...&YZ0..d.W..w.....~..).ZE7o(.o_.\..W:...N.'"U....^....{....W....m.c)E...g>..`.dl....p .n.O.;.....f..+w.l.1..>...L.rK..x........ ..7m....,.Ngf.....l8....[........E.(>S.E.....O.m.m.C.i!qW........F..&..G..{%.`.]....Y...`u`W.26.:f3.N..-..g..g..^........3..?...[.*-.{).r. J,..fH<....)F<W.U=n..4...A..l.G.............S.o.t..ZbMrax..N..dF..QtL....c....Z.d...k....a.._.....uY.(...H.H8.^bG..$%..........h.....XQ....y....v..g..}.T.L3.5..t{.._.>.*....6...p.#.*.&.E.s.DJ..Z`L..L......& .{..=V,..W...S...:Q.hY3./.;..9.)].K..]..$.x[..`J....jy=.(Wg..k......;.i.............*^.]"..?`.....y..T.O....o..=.K.m .?7u..u../+........9.T.O....l...M{=:u>.[.....j<..{.!.......l.1w.s#\.K......`s..}....}..r.O..-X...A.d......*D..S..8..(..x.c,.F.Q..Fe...X...p.k....']%bYN.'....r.r2k0.yJ....ql.a./.W(.E..p....!A....M.`....t.?m.6.5....'^.. .J..j%.F%.CUUK=..S......@..H.B...b.=+".z.u.Zzy#

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\5zXlBfs.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8425
                Entropy (8bit):7.974455697300783
                Encrypted:false
                SSDEEP:192:JjKDnavs7zzdP/vOApRO16bczR0yyAx529Vb7OKMLD0RM:Jds7t2ALWmSN+VMh
                MD5:1D46B32388D335D1DC556F6DCD158F63
                SHA1:700B89304683E0DDE042368E8F5501F349655B81
                SHA-256:0060003CFCA3DCD6A9DAF9D588712538FA44724E70DD5A0093A9246EA09F330A
                SHA-512:E7F895489FCF600647603E1D89CDA76BDB9F4ED84217A3B87837B31362A78C4F9F7A7E66A1FC6D0B2FFB9138DD35CFE91FF2C6E57547360EB6363B19E46CCB82
                Malicious:false
                Preview:.|...+..Z....y..V...A.u...r.~..R........XE.q{){..^}.j.#.*.J..Q<..[0c..e..r...1..^..[@..$.53M.H..In0..v.r[U.m.....'..j.%.......>.dg.X)p....p.*({.i>...L./....Xt.~a..C.W.G5w..].....q....Y.....B..$........[.6l.."..$.....:.o..{c.\...^.....(....P.......=.V.O....J...:...p...$ .A}..kX.)v...$.UiJN.P.B..J.:...V........f.5..N.EE..ag5..:.1-..lkk....~,<.......~.ia.c|..\....7."......./.'...?..W^./Qj+..&...q......6` u.V.o..g9Y..w...!.u.1..t[..e.....+...X&B.Y.J.y..fZ3'F..Rf......kP..Bk.c. ....%u.a.>...F"....]........^......*.C.S.`[."/}......A.X.Y.?.T.x[....;C.b+..m"...vE.^..e.%E...&.v..VIX...'.>wh.W....2p.[..../..JYG.K.../...u.....XV..>D......2DV..(.8...<.>..F.....F....ps....)....+...c.o.X...UK..k...o....,....o..B.J..."...J.. ..u........7.".t..=:..v......O..u..l*....3^pmh...K!.I....Y.."fc..3._..p....=t.Fa...a@B..L...|....\b..s..j .X..&Q3.T.Kf...5Q...h.DR..........>E.....c.z.....o.R.6......]...f.<>Zn......f........H..x.c......$.a.P..(......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\FtSWg2N.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):16627
                Entropy (8bit):7.989057527198923
                Encrypted:false
                SSDEEP:384:Du1/RA64ZrljSuPK7Q7B9uTyYiTvLoIPnys:DubA64ZrZKw9HvvLN7
                MD5:22564A9624229EF23DF623016EBD9533
                SHA1:E455E430BBA897570556932E6CBE43AED33A5C76
                SHA-256:04EA70E48A7A5229FA7579B2A0795778E750C2D6C8BCAA403CF8F76FA2F4E823
                SHA-512:4B373E156E12A24A6F4C694E99520EE85F4C53EF13764B4C0732CA7FB851C02AE0A6BBA366883945882B6FFF21091A680B11E6CBA436077E3AEA532759AD2C6F
                Malicious:false
                Preview:5..i._*....o.....e.f..z..1.VV#+......"....._.J......e.#..`.......8.........D..n.0s..k...v...._..:..y.....f.r.x'v....Y<.......n.=..cYI.....w..g...G..a.E..<7i..U..J.y....N......9.+.2cal..Nz..)..........G)...gJ.mT.!_......../...r..m.2z..&#.....U ,.w..Z..8..Qo.....sA.....r...c."..e...j:..........y.>....<....[......ab..@.0,..>k....;...T.....@h\.4K.z T..lY........Z?...............0.._..T.OA..e....#...4..P..9}.;....j2.!....e.O.[.<u.... ..."..R..:?...m]!0.. .4>.I..`.....j..g.2..BVr.[.=..o1 ..G.^._....w....\g{5......{....i.|uJ.....z..A..>J.e>.d.g..C...J) z...'...0;....bZ?...j{..h@...*/I=........\|3k..K...2.h...gCT&.Z.f.qB6PN*]]6...../.Qd..3>.k..$l....t.5.J.d@.I....lml......~.R.{j./33RMW..(cd..!.g`.e..@......... ..z..o.....=.........,.O=..,.%.Z..`...h...z.59l....l..$.....l.R..5.3..^..vj.)FQT.....#>U...j#sZ.H......;...... J.B..4M.j........@..B..."....rr...Y.....Sa#.E.f.!..?v..&...R..s.z.<...`.....i.3.YF......Qc.WC..e.t.uxY.X.......t.+}.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\PS6xfWz.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):524529
                Entropy (8bit):7.9997095132199805
                Encrypted:true
                SSDEEP:12288:AnQZdsHcX+pLMeKXemChqJw88RTGx0rFUug5:AQDwnpLUchqJWBOL5
                MD5:B7EFDFE66C11ABB66757574E2D141137
                SHA1:44AC4FA711D12202BBC198037D635904F9C8ED27
                SHA-256:A1E56187683CB0A1C1B23C8D8D3B4515720AD92238D8B10BC2B403BBE227CD51
                SHA-512:DE7E2A287B4D18B1E62E61E3458246BBD8831FF008EE64BE18ABE5C7A17C184ACACDB903D467DA4481E3682835B3C1BF6228569A9F78F40CCD719A9F0951684B
                Malicious:true
                Preview:go..Y..jZ.-Q..-.n..).X4..#jzg.K"...Q.Q.;.l}.1.g.F..o...9..E...w.M.I...k.5\X..fv.\*.I[Bm.)..._..26-..*.f ..z.;J%e=.[.3H>..v..hn..~...M.&..S]..........w=..{..nO....i..........w......b:1......0J....J...%......T..........F...Sz..d'...........A.s....(R.B\./;..C...6.0.I.g...N..(...T...:....D..\..dm".[...fx..^....;_....k...=u.M...*...,.^.NS........F.Ps.....FJ>OWy.?H..u.,m...fmR><.>.....~n{@..*......Q.f..Fd.C..(...w.E.....W_....0_..Jn...2.Qk.P....f.b...\.x....83zw.p.;v.*..0........:T.-.....*...>z........:.....a..G..&=)L.'.g..&....+.~...Q........J.L.@......$c.~*..m.l11.....)....UI|...c.i......>.....?N..F....s.d.P;...+._.....x....ri..}.%. 7a.^X.md.`WH..Z^..D1..#A....t.W..E...I-a.3..'..'....7!3....^.*..M.)u.W..L.&D..J..B...e.?k..XD<..y....D.......O..B|X..P.5...t.r.k...3.6...\{..i...w...?.|....M.K..d..Q.c.#y3...Z......0q.@...1;.hB.....{.>|c.[...+.w.%{..0.:.~A.{.o....~.C"....}i...t/:k..}|?.e.......3....).....\{.cUi..!..e=.*^.f.PC...<.?........

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\QgOh9Dg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):524529
                Entropy (8bit):7.999672726391565
                Encrypted:true
                SSDEEP:12288:qVUBof2GNm4OCvlO4BwHp5wf6SoHymCt5MXgiZhUeuYlnvqG:qWOfY8vlOuwT66Hym6DOhNjqG
                MD5:86410C0031F9A378E2710E0EAB6BCD21
                SHA1:190CE2AF87C4400CBF91E3EB2504EF923CCE264A
                SHA-256:E0A9761D8F2AFC6B26A84A80981DF6FAA109139E8FF3C580D5E832DACA24BEEA
                SHA-512:0224DB175B08C8928B32D4E9A3EE4B22738309FF01C49CEF45BD3718261E715EBB8A73D64B1AFE77751D789CDF6FA0B1983021E4A2B42A06E8057C4700EAADDB
                Malicious:true
                Preview:...L`,....6.r8..m.bi<.S.;$1.?.G......./cU..S.w6m..:.h.).DL......h\@j..0t2;#`cu..tN5Nw.+Az....7eP..P..5.}.?A6.....A..}.b. ,;...y...I..u......>..\Fh.i..........G.....w..#..)O...C.G6m.;U.xhoG~.....2....}o...#.b.6.= .du.i.S..........O+fLk..#.:.G....V.E..b..j....~.^...96...0~..q.'.K.....;.:.A.......+F.A..2Fx.s...#.z..&g.v...iA.h.O...s"X..~F.@...6.>:...6j.%..8..XpE.c......=.e2..>.d_.jT.k 1..=..)...tM$E..>,.{;(.@....b@...s....25T.F...&R#%...$..a.W.....I6R(.......h&..%g.q.Z#.f...bP.p..G..?....O.7...z >M1e..Q............s.=..m.E....7..J.....f.^...m@......`|..'.EoX@..X...._$kE...iy..G.=c.!$<..w/.I.(^./..tL.. .....\n..Y....Q...0...........`.N...P3......8,.Q....>.&Q....t...A.ff.5..6...Dv.3R.p...;..k.M+..-b...m..Yh.....@.>E._..h.V.b.&.....i7..{......m...(..0.....F....../hL.;..C .Q..I.....8...+.PCn.}..Sh./.*._.g7.'..z. 9..........Q.~q&..Po.#.....xf......~.H.6.;q-.d. ...mi9.$.P}P.n.I.2...ba..ld.....uc. ../UI.5W?Js.z....Z2..R....q2P.Bc.:@{B.....7.h.....,.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\SVyqJjM.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):524521
                Entropy (8bit):7.99965467323569
                Encrypted:true
                SSDEEP:12288:0L3E7jQLD2GfAFLdDMh79wYCvt1NhAutdRQD2ESSWgU:0L3UGfYRDy79wXDbRQD2NSWgU
                MD5:4EADA7EE5B69D7040B8D59114F547317
                SHA1:8EBDDA09D2EAF8B19445927BE24A5C9256EDB077
                SHA-256:517188353E1B9610A03AF120BD1BCF752BB8F9BAD7E259C4A326E9871CDE0526
                SHA-512:02A81A284598D559799153A04AC0BB46000C9203129A4F6FA9F699D10D214666DA3F99964F9886F4A47725793B2D03C5FF3024F2C53B05B15DAE3417397BFF40
                Malicious:true
                Preview:...d...c.ow?.4..Pc....8B.+B...2........6..M..q.A...w....x#7..@.....hq..Y.#i1.$...IS.`.g.e.......n......SWM....H.uk &..h..'.4.....Z....s..Q<....*....g.jy..]s..n,E.......-.E..G-.s.@.J.D|\$.k'.-.....1...P.k..9...#<...u_../...;.?3@A.......u.V.L...G.o.."..C..L<\|...^..4...t%.-:..m......a..4..&AsUr>.%./.....[|5..+l'.c$.0.=...S..........0..g<...?...........R.r.A......I...'.E.@3.U#.q..$p...Q..j.j2..^..w..CR.sULf6.-.....%...[....@z..".....m..-pT.....t.c..T..b..'.v..;..7...>.e....B..<....l.?d..._...NH..}...\..eh.-...8.#m.S........2.85FT......:u....P...%.-...?H...m.w._...;.&...q..h. s....?..M.J9.V..<os.x..L......;{.eT]w.e.A.......Y...?..........xz..2ZV......i0q..lb._....Gs^..p.Y..)..[.p...Yf...l.e...l#.z!.........cKWlw..3.`lR\../7..4.....{162.}.9l...6[JdI6.?sa.>..,.PT..pr.....D.....B..lq:...'.......elO8.=3.....NY....P.....<..sO...B]......A....b..\...H.2.......rj.....at....J..m..]....V&..S.x...f......S..J.d:.t..P...m..L.v...f6.J".....j....t.2. ...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\k7Av8cF.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):524527
                Entropy (8bit):7.999662199991731
                Encrypted:true
                SSDEEP:12288:Pec34ifiVvaCZsKmGfvnF9aLZpfpGTX/+XH0H92VssAjR:Pe44ifMAQvFQRXH0H92VsbR
                MD5:A42BC9871E56C3DF93A061CF4042ADE6
                SHA1:782B5657E3EB28666543FB8CA2C0C9D38CD80064
                SHA-256:5E475A952E0B3A003BCC3B1652FB0E338C54914BEEAB02E0F39FEAF165CC0C7C
                SHA-512:E25EDBE47F496180C635AF37185DAF27E6D86E7DCB55230681D7E08AC33EE61354FC911666BD70706C3A622D0FBC291EC6CADE58B01B43062D2BBB3207D4717E
                Malicious:true
                Preview:..@.\..$.....?..L.... ii.C..[%...s.......+%.F\.dh?..q&.E.......m....(...L<..QT..g@Yn..f..o.4:bXu./W<.._..='...t...*&.{`.7...fd.2.m#}.$Z....Mr.4<.[......\=...q}.....Q.p....c........m.9......N.....^xi........u.V..lu."g;J.v!.#..'.f.+..5..f.M-+..:..hXg......%.0.z..H....FC,...Z|.4...d...++.H..H.@9.N..I..l...2.@k......2..p..|.A)x.%.H.#z.E.z{..U....C....bc.'.b.G..A...x.....S....M6..g1.^..Ub.G`1._yv].dnxH.....~.`.F.<...v..f..H.t.w.[ ..WGl...<....JT|H...Gq......i..$U~.......(.h..r..M....g..{Cs.....|@.".>."h.<....A_..L!..{....[...j......no.A$.*.ls.........i.=m.n..../....&...U%......?..x..+.^=.U......u'O_......cBg..^-~-.....c.q]..x..\...t....J6...c.O..AU....4........0.....&.J...Z...<A..Q..[...x...g..%o...0.O.z....~xw.D....@.E<n...-.v.>..b.bX...1.........a"R....kh.Z........Z.9a.@.A.....]8...;..D.;>.......}jV.....u...a.....'.......f.M@F.)...gS\.z.'5H...%.@#I.Sbe.9.n.......A}.P....Kg...gUT..b.....L9>...w...'%Y.d.."....8. #7kF.m.....%.....P.\M.pg ....a....%../p.$

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\l4Pavyo.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):2097392
                Entropy (8bit):2.8400692384490616
                Encrypted:false
                SSDEEP:12288:P0Uo1W/yLgXwPhFL0/ryyzXw/pDiev1AcSF+VlgIhh1JYRba:MUJhXi0/r/opD5v+D0hfYR2
                MD5:CD63DBA6EA164A3DDA3B727304B9CED0
                SHA1:20C913C5FB9E51B15296D42E70874C51DCE03BFF
                SHA-256:A35F52571A263B3E8687124B9B1EDADB051FDF43ED47C8DCE251FB90AF86C0CB
                SHA-512:AEBE20A258469E08A30D2BFFDC70EECDDE847F6A54687AEEA08E062D7E4CEE98803C07E6CE674D114F94116C11235E02A6E44FC34B2CD629281F5FA63171441C
                Malicious:false
                Preview:Q....F.....[..a!b.....3.Sa.........K.kC.-~3.........;.P,.+.....e./......?...;...0uf..2`\ .v3.H[......R.hA..6.n...-...&..Aj.L..|A..P........ .Q.......v}......5.+{................[...0;..........c.Z.]...!..@]....s....n.....l|...G..).^.N.l..=.Q......,.VB.L...P.q.y...o..#9.f4O..s.....N.Y.pv..K......T;......G..".......3....z.1`v.....#...*....9....\.%l...Sh@.....P..G.+.......d..z'.G..x...,K...?.L#.A..3J...D.^..T=.q.2$.C&`.0....z%...zA.,...(+>.....#.P..GE.....,....J.v.!z..:.2...i..x8.....=......w.r..r.,....=.....OOy.......c...I*..oY}..p...sG.[.9................|.o.v....s-...g.z....W..>..z.W^h$.t....3........$.o...Y....qa...l _7.w@.....`....T..*......Uw.v....).t.Hc..\[..O.t.>P.'d.i<..pu.$5pu]..4.9nC.7$Nv2.M;..".bm..=.E....B.$.%..|..h"..N..../...:?...S.8...C....{l.Q.M..R.r_ n...".H..2....v..r..Z`wG'..f%E...=..."N1N[....^.....%..1....e..T.H..v.H...`.........."..5..f....5.}.8...I..8.~..`...s.<....lg.t_7.....l.`.x....(.hQ......c}eN.q.D\.5.mVm.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\0666I8Y.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37312
                Entropy (8bit):7.9952681020778815
                Encrypted:true
                SSDEEP:768:nmRRE+zAVmdTVbNVqNy22bGkoxAZIoZF+wQh/38i1UfPbzKRzU+xw:nmk+5nqw227HZxZFhQTsPbuRg+K
                MD5:A30662E548D09E8D0B97C7D7C0EA899C
                SHA1:F09539627980336D96597CDA84C50E096153CF82
                SHA-256:25A70B40626D514D2665E09E992F7C0F293EFCDF0E584609D6FE6CB245B4BEF6
                SHA-512:593E5E8D9917AE6B4962BE7598D222EC941CBD8B1246C929762B4DD59EA9793D83A78BD0B53D734B594E0163A8820CB495F275FD048717EEF162598E7FBBE400
                Malicious:true
                Preview:O.O...........{..?0..Vs..OsXU.U..>.".....+..*.J..yz<.......yn....G.q|.*7.0.-YQa..^..B.....p.N.n..kk...Rz........O*....|.g=u0......$..=.uZ..........]N|...(....i.[E.'.t.....q.!.k!._..N..:G......x.ZY.w;.S*...d/.?....=4..DV...v..>Z.*.....K4..PP#.P........f.....M..Va.+^..m...f.J... .2.X.-.fg..v.5.K......N@........6).7B...,.f.[i..".ts.]..1...j..yS.|:...!|...!7....N..4..n#Z.D!Ux.:.M..,..4...d.T(.-..$....A8.....Y+..X...j>..8)..>(.j7..7.....0.;J_\wy%.DW.w..|..=Y..T#v.8.b.c.j...9.#...sa.-......:...`uq..R.^...I.Nj.&...w.f7...u.]..H.-d...L.....2...g...9M...n.7..*.w....M.w.k}..b.... Ej..`..}G...Zs.Y...K...B.l&.g..V......K...]..N`.$..P.,DN.....^...?T.m/p'...=/DL5...}.Z...J@...._.#[.=8\.l..e.....B .[.!=.-L.I.r!.......@.P.....]..0...8'..,Z..;......7.l.^.B.....G.-..?..u.};A9....1..2...h....|....xO..i...m.;.Q}d..2v.a.f.w....y. x0>6.Ci.z..0.m.Nt..i.....B.....P_(.K.v.=...jy7...,.......s:,.L.t....D.].2..D.#..jd`L....7..=.....W...%.f ........SP....t....s...}

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\0LvzBE1.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37295
                Entropy (8bit):7.994654022602817
                Encrypted:true
                SSDEEP:768:EiEAx8/md2coUCeQeYlCLnoXFyxkFcdkjXWN7O+VnMuYkwmhoQ1:2n+xDYlIiyxk+dWmpF+S
                MD5:1A807B659DC1131E5DC12BC13341F699
                SHA1:1242DBE010996EFA3C486729874A8BFEEF824A0C
                SHA-256:1DD8F95473700420BC1993A23CE45CB62D81E413868D65296EE2E21EFF0EDF3D
                SHA-512:6D0F82BE8E5DEF094A297840C419CB9383EE11B86ED62D2436A8EAE1E2B0B3514AC322C5895D6962A1645CE72628BA1601AD45CFB66A109F03AE7643F31C456A
                Malicious:true
                Preview:...........q..0...O....cOf6I..7.I,.}.${..+....Z>]../.$.....*.... @.XO.y......B...M.......t.Z2.@Fh_....)..i.| . ..P~...y..G..8..S.6.6B.......T.D..d.:.c............&_....s...a,..b.b5.S=.vi.a7....;.....D."...?..U...z.9)......Ld!...1Y.0.D..K.J....@.a......a..C.)....4.:Rj.-.1..d....`.|..C....3..0.o)....M....f....r[.r.X.g.q.F[......I(........H......7..{.5.)..[.*...!......B.^p..Kx.X......E.q.t...s..;......7K=...VR.....a.X}j+......#a<.]...[.X6J.p.d .b...P....X...`.[....h.B.d.yTlB..\j.&.........V..io....v.^..yq$ ......o..7.....C...I.2..D4...5.....Q~H."...x..|.....'-fx.......v..4p..X.......x=.Q"..LA;...M..$@.B.+.....:R....]..R..u....HTS.........{<..3...L....0.~. 9..a...+U.FX.M.X.(]&<.T..JQ.$.@J.#....G...Q^...G&U...S.]9t.EG.X.m......2.G.=u....3...W.;_.['.~V![..#....[..g./.%..AG........c.....Z../.i..&..tD..t..!J........++....Fg:C.nk...O7..C.Rjg.+..o...g../...:....q.8.].5......K.#..dIO;... .....e.~H....N>...9C.L.u..w.......D...d`q.b..c.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\15WWehB.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37334
                Entropy (8bit):7.995115848143302
                Encrypted:true
                SSDEEP:768:5KhfQEm/qBGF5c0BcfZgzZr78fF8YqD/kncNmFu5NmADl7d2xlH5:YhfQqBSrByZgzZv8fFzMWcNscNmAv25
                MD5:CD2D4687BF52582E4BB3E30BA10114CB
                SHA1:3815787A8EB016E15C113401AC97337A251A9AD5
                SHA-256:CF471AC4A1BF5850DD0221C7629407CF811FD5351347326A044D9FD219480B1D
                SHA-512:FB482922A27D92EA2CDB76C55CFF7D78F504D713C10AAF35FBADB83FC3FF620420D9A410CDBFF5959CF3A68D33EF64B0EB4C649BE2D6407A6404674E35DBEE51
                Malicious:true
                Preview:../....)...j.W.........Y...ZW..<Dj.p.j..Uh/..J`+&F..%..=.x.!-@.].U.)....._....3...^..l..V......jt..D..+A............}...w.Q.T\.P...4..m.......!....8.....XO..8..%..[yq.b....E.........:glx........."..g.k.a...^..'....!../..A.3...~..Y.%<7.n....x.04...o.F5{.|<......I3+..G=....tw<f.o.ze.1>...(..X.C..*..)$NTsX.h...L..n :A^...A..m...:..*..rx^F........I.5.....G.l.5G..;G...7\...M....".../F.^W..w}u..$.3..e.w.Pu....7....gSk.XWmo...2.b..D..t....spl..../ !...}...../l...C..Fz.3;g......u..)Z..-.qZ...4.s..$7,.$evN.t..AX=f.....t....v.Ym..1.........A.R....kG..CX.`YP...u...%v.d.........+.y..Gsd...q'..b...`A........W...d..e-..,.$.\;.n..rTb.mg..[_.B..........B..ThC.G.<..c.G.Gh|...d....C.v..jN...(v{B..%j.,.N..i.)f(...y.N..s.....@..W.A..,.."....B./|.z.}..K.......Eg..y.M.....+t...p.....p5n._..F.M...{{..L.n.6...........B/.S.[._=..`L.@...7..c9.v..........o.....>...R.E........6@..p(JAR...3X.. ..xD.........@6..2'...H.......g..W...;......"i.wc.6.R..5.dIg........!.g.9.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\2yADOXR.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37325
                Entropy (8bit):7.995892474840134
                Encrypted:true
                SSDEEP:768:BTNo5sXYS223bolzYw/b+e9LTMRkoC1L+3QGla+kqcc+6j:BRo6YS13bi//9N1i3Qea5Q+w
                MD5:85F320D416C41F4420049EDED5914A5A
                SHA1:90F5FC637176191DEE8EE0C7884DF9E3960FD541
                SHA-256:07F68C230481F61B157AFE6866D51E78A0589AC1C23184F64DC5AF0D47EC8605
                SHA-512:748E4DA1A4A8A9833E2F669C83BD3429724A1EA738F15836F4E07447D60E81DB3A41634AE64AC87D4EA4A6D7B1661ADBB2DC19D9E38595EA31AD186B9B76FB2E
                Malicious:true
                Preview:%B....U&rA.........>...>A_....,...2....X..PA.Z...Y8......p.v.w...%L..........g...|..F.=..N$-...,n..%..5.......~..M.y.".3..70..y.......U....&S....5.mk.#._.n.]3=.....fY......v.."JQ..~K.....Y.w..Z.Q.mYM]..6..KG.>....!.....&._..xVW..%.8...E...K...4go..fT.....n..}..k.%....7.=S..,....'.SE....q.+...A.....M.E.k.3.4'X...../.c+s.y.!.x...h.qR..(.......z.%.(..B...{.H.z.<...<.9WE5g.......W.......r...H......m|._M.95..T.L...G.f.E..5.p.a..{..N...}5......=..._.[.....n{R....Z......b.Uh.T.<.ei*......`.'?_"i.>..-....{\...@.<.z.4uJ..s..Ri.1..:M.....K.W....L.f..q.fimO..p......._..EQff.......6..+..!Kc.q.l.p2..,a'+..'..}\"....r w..~.[b..9..B.l.a..l.W`QS..?..-.....Ra.......i.......U.l..`....!..J..J..........?......a..]$....K........Y.g.R.R:.9y1KO6u..o......D..w.I.R....6.. p......@. .<X.T..O.~..a/...9...)..e.O9..&q&....6...a\...Oq.1''..."......v.BPl}H.M.fV..k..w.F.u.....T..-.d....i6x!~..UW:........y..y.../D.....Q6.....Fs.u....!..n.gY.o...JwF..r..t..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\3p5ygNx.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8175
                Entropy (8bit):7.979905347646421
                Encrypted:false
                SSDEEP:192:fKMZWAyuqNCudfZFNAsfY1YK3cCZ28G+QIElYShcj:C6yBPPFNAZ1YKi86lYmcj
                MD5:49E3DF26418160EB1ABB76FFC33B3F11
                SHA1:83B834FBFA244053043893B07E5EFC2B78E28107
                SHA-256:F6F6A9E4E5BA08D8BCA5D8AA37AE7601A73093CAED89655260FB5B54889B569C
                SHA-512:58EE7305CD5381A8B8265743E9240ECA414B94FD3C614A985A28E2256BE3607316EF37EC60DE75132C2F1706B099D99CBBD117C4C24B071E316F2CD35310D1FA
                Malicious:false
                Preview:.xJ.K/.5J&j.0.'..E.}i.....'....5.6.#.le2.:......FV..p.f..L,..'.`./D...2.7K...9...<..cLi.Z..M....(......x."..D.5a ..;OP4x.`.D.....Z...3.d~j.N.._...J.....g^`..\......,,..Cs..9...{...P..o...$xiB.S4...........S...-b........2..F..w8.v..@.T<....r`.....)...g..>_Ne.e.r..........Y.s.._..F...A.......I.z;.bl.[2.B=Q...5\...+.f,.....%..-...p...+Z.....om..P.#q.TWK.......b#w......R...;...$....?."Rro{U|.._.......W...u;.DF.b...../....)..b.u.?......../#I...B... ....2.f.t..7...u."....j.oq...P........[...AJ.Xk.#...ua..4..6*.........$^.h.3.n..i....Y.^.........R......]1..c.}V..K.CCL...K6Q........v.}.m..Pc.m.N...K..y$.}...W.)........RJRec..u.....f`..=..2....}3M..V.tj....p.....W.7....6.W,..]+.....*9.j.F..".SE.!....I@.a.C*&...._$.DX ...fNs)s.*......ygMS......k...9..IP>..C9G^.....v.yBC....~..R......C#....a;.GR..)c..k....[.CMgs.....,GS......6.X.1..?.%&....s/.8st...b'.g.a.]..4.a...dy........]".....u.|...!MK.;2[..%.Z.L-.T./.j.......b..6..%........x^.!.fb`.e.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\4lLdoty.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8184
                Entropy (8bit):7.975055477148146
                Encrypted:false
                SSDEEP:192:43AI3sZYyuxy5aQGA8/GWtszBp5fmcCq1cgiRcklHWJdPm:Ets50AsG3FmafiR12Jo
                MD5:50758D29A807FF5945494912010191B3
                SHA1:647A73949B0EB60DAB5548C2810C37307E092FB7
                SHA-256:7F0BA7EBB9C5DA1A192BE00FD68FE0DC0F948C0D391AA7C546F5B94686BC88F7
                SHA-512:C4CBD61910EAE3FC26EE2FE7A95D9EA148D2A8BBC7BBD641AB56DB8D4D7663A1EF4E9430C3CB6A010B705EB6C8EC843BE8263FA7536E2EE3DB8A5FD1CC848A46
                Malicious:false
                Preview:.3}!.....\....#...._...fr...v.2.|*.....-.,. 2i....Y...c:....>....w....._i.J.]......Z.'<Q.R.m/.3....y..@B.7/..ou..k.IY.....P.D.-`..^r....5.z.+2.v..^.J.V{H.U6L.m....mB......O.\....<....v....9...)...UI..^..).B............E'.....=.~..7..VTK....M.$1d.....t....7.^.Q....|&...........,.l..S$...x..p..!..4\.3.W}..,>...s.\..qxkXw.......2 ..e.&...6.G.t.....E..n....R.W.N).k...>.F..$.......`...+.B..oC. O.W.T_p..Uk..pBPD1.....j..ql.#.....a...V..\..bu.^..u.;........Z....$...t.uJ...F...Y..8?a........i......:._.......M5Q.?...I.j....T.....+]e$.&o....|Hg.oZ....V..JA..o..>.&5...Z.~T..].C......y.;.'F..b.2.....Soa.o..&.+......iK}..s.yj.S...R..x"![...2"..u....n.(.....hJv.%.\...?....*..n+...R<.ta....A..u-_q..O"/.&mzu/......b.u........f./.j..w......0...G_..2....$..8.K..:..T%.}.S<...I)..N...l..?GSY...z5...M.n..rHux.UW-.YY...U..1.y....?'Y.U..g.(wSL.2.>......C.....P..{.....>@?N..hs5^..KX>g..=:....Ji......n.O!..CQz...N....*#.m.3_RJc..e...6:[..i.G.W|...*c.&.._...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\5E0qGxi.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Secret Key
                Category:dropped
                Size (bytes):8169
                Entropy (8bit):7.9773563080736
                Encrypted:false
                SSDEEP:192:4dNrFFVMnM3DRRcIijMvZSxxQiLe5xYXF5aR7D:4dNrFT3l2rGMxLRk7D
                MD5:DA3E3BD31BD0B8D6E474802E75A21B36
                SHA1:7B9CA1CD49F678E343861C90363F61AE87113016
                SHA-256:A8686B14231C3263FE46ACD17F7C72C40BF1A543FF90F29DC1C8318329A19C59
                SHA-512:25BE159AFFBC6590AC9D0E37C9B5871442AC6036DE487A6163FD145A03A82565BDC7DF9D7C92C66F984D00768D578A0670D2F1D0653268A10B7254C8CC910647
                Malicious:false
                Preview:..=...m.#..|..0P)....2...i.....5&f.Z....d.ak.Z.*.C.}.......'a.{......K........./>nkC..p&..p...S.._.#<.L.!.b\......2.R..3..o.:w....Z..x..,U....N.z...b......=.G.V.H.s...N>..+..9.A.q.e%..`QXm2.]......<{.h.ZS.-3Mb..B..;)......uWx..)...N.!......T.T..b0.k.....~..[...-iM...E".U.s..:....q.v...)z..'.O..&BD....2.{.GB..Q..-.....'..~.7J4O]1..>............ty......?...`.F..P\..H..1J7V..........n....rC.....`],RG..~..U...Ay.{.....Jq.5o...#..g.s.}....HT`.O.u...`#.Z`._.ts5.....d.B!..RV...A.e."R..1H.w.s......zT.T.JRc.'.u...#q.r....ao.yl.(.p..2..u..k.q/N..Tr.~*.%%..P( gX:..v..?.Hv......@ZU....!.5.9n.0.......>..................e...ju=...NiA.......^..P..G./...i../.0h@i..v..S..$E.b.1...QY"x..-._&....[..S.....i..c.....E.4A&.............S....0t...7.Ho.V.....f3......j.).M....<d89)./.......}.}....a.+.."...40....]IB$C.....5_w,$y=Z.f...9+f.......h..>.~..v$.k0J...5.+....D\.&u%]7.c.`..*xU..~`.Q.v.X.....WG..x.EZ..e.d6B..!.C......iL...;R..>G/.hNJ..{7......X..!..U.!.w.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\5uTAc8S.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37301
                Entropy (8bit):7.9955354970299135
                Encrypted:true
                SSDEEP:768:S7Dof6jhkCYHXAk7XCumkgjRNz2nMmzpwKchQBvNbT5mPUVOKuhLScUs3v:S7cyjKH35XNmkgSMwpBTwlhLCs/
                MD5:4850D78390CC4AA26DFBEE1890093AD2
                SHA1:9B2043E026F1B7C6B6C8F74A1347468D3B885FD5
                SHA-256:026778094646B66A4AD5B994FBB711BEA85314C6C889493C0844DD7612A5FDBF
                SHA-512:6F2636460E7BB16C134D912660DC66774AC217CE68480CD1275A8316A5126EE6E5CC7819ED990176B73DFFFB9AE74BB96AF4B850422B5B996B22D93BA82D6F1B
                Malicious:true
                Preview:.a....5...%........A..,:.`s.]...`..\pUN"..^2#.7$..$L..Wozg#J(P|..}iapn ..i..C._...s..#.>.s..V.p.X..%..-...1..qm..L.q.x"&....^b.k.i8~]\vYI.i=.A.K_..V...R..ZW..........m......Z/.P.=....[..{..A.[Fv..h....`J.PsCP..|.o....0.k}?....K6.$........=.9...j....V...3.....ro..EO..tmo3y...+u.qk}?...*.....$).^..j.g!T}d.".B*UV.~..a,.O.....~.q.*......s.m...........(..*N.lh..0.$.N..."......zE...p.....1}.Q.d...Hz..,..#.....@^.......b....X..Z..~..y.W.K...M6.Le.........xic.=....{?w.X.=.)87..W<....g.X.*.#.G%.+1..}M4...-c.#....&.R.....P.z...{..|.H...w) @.....>..F@..........D...M.?:....Z..1.o.........f?.J.t..j.....b....8T.6H2...Rg.....;~.f....^!..y.w7........,..qQ.F..]U{......fI..+./...c..2+')...Bz...p.q...}..d..~...,G...3.~...h...t. ...-.@[\...el..Q~..v...>yp"A.V..e.....^k%F]eu.Jg[.P.. z..>..=~.X.Mu...+.K.v..zt/.kX/...2....e.....$..d.oc5.L...[6...I....]..*w..|..5b...M.....(.,.O.P.i.u........zfj.......&.+B......4.L(.-....!3.O.b..w)....%./N\.>.G..~...!

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\6EdNVx8.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):37301
                Entropy (8bit):7.994485798836602
                Encrypted:true
                SSDEEP:768:0PSDWAcOSMgnitEuPgnqhFCieE9ZhB3Lf5vbFip2zGXTu7TmSZM5KZ2ghfzLj:0a0OAnifPgnGVeEVB3Vo2zGXq7/ewweb
                MD5:05A01836B6C256111ECE8792ED5602BE
                SHA1:95CF6D7D54CBE10E115C445AA8E495ACC3F17DEC
                SHA-256:83490EC6DDB9C350F3039571ADD9628DD6202CE0A015F88F1213ECB984092979
                SHA-512:8976B2376DBD28B85DE097E6896FD8FABA9472F462723AA195FA275A23BBC23D8A7D8B9BA372E0BA928AEEAB2665C90CB6F3B51B48FB8DD5A81B13C814DEB892
                Malicious:true
                Preview:.{...NQ{W.B.._.6....L.M.&........V<{.....:..2r.*.._...Y.........7...A.......Otc...%.)..b...>gca..Eb..+.c|RZ.B:..4......s..h...m.-..Z.D..Ya...[..@...W]q..2.l|_...M...m.E..iV8....e.(.7.:omy....g..#...a".....a.f...r..FX.....s.....&.+=.X.......7..C%..*J.qx...90..LMN..=$r...._...n.6....Q.5."...."...l..NBO....!...&8BG..\..M...D.....7..i...k..p.fE:.}...@.I]. [......i.^...RD!....s.5a..k..p.^..F.. ...5T.xci|*....P..V.........T-............ff......Bb.....D..s&4^..@yw..?..m1...P..K......wDW%.$g........j........ .....m.]....g..NZ......N2.C?YvjhU/.......:.;.........jy.MGmX....Sa...E.e_...$.^.x.<l;.KX}.4.....F.@....t|..M......+....z..#....a|.1_.Y......."..?m....0...R..R.K#.~S..q.p...8..~..3.[.C..].V..VJ4.z...x...8a-;,K.I.....<..=..CD..fFL..W.uk.....T.M.M&...T..(..z..~p..F...S...............O.O..y..LT.!..$.l...#.gS.*j_.,..L....-x%..dk*....(,%.<.W.s<.b..,.?..G.).I.%.gE^Q...?.l...#..>d.*..9....,l..B.......M.rF.@rf1G].}...E.D1#....o.z.....^.33..q g.C..Rp..^

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\9DMy04w.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37307
                Entropy (8bit):7.995228745366245
                Encrypted:true
                SSDEEP:768:tHVWC5zZRVnU3iQtk9AdiC0G0UiwYpl6eorp3coNScpibU5/NrDLpha/IRGW:t1W0Zr74QAwCQUXeoF3B8QiA5Vr/p4XW
                MD5:597C2E8B6993CB30825327652453330B
                SHA1:030F6E92FC0CA2969F61AA5E9CAC0D79CA5E673E
                SHA-256:3471338103ACC6521508EA369E3C52FC17AFAF3ADD0580F3654C063F826F6FA3
                SHA-512:68C59055049588CF210208D58B124778BA541BA848BE9A7B490E3BC0EFFA177352A1229163544EEEF2512C6C0B69B2F33AFF68F9494969C421EDF04179CDA54D
                Malicious:true
                Preview:j~...J'..=.+.<..V......Xy.(=F.......{X.._..j....T..M...nH.......0....#O...x.4...P.=.{..3..m...e.....tI.....bN%N..*..<%bd.E@~&.,.W...!.o.{..r=.Q..V.7P...!..+U...4./._....@...r...@G;.T%._ax.{.x.....kY\K0.. .......6..$K@x...P(...EK..G.wXV.sW....!....W..a....b....1.7!j_\?\1...._.%.....,i..R..:...z+.>..*..Wcv.v.<Q..<...D.....|....]J..<?......s......;........M`3.qy...hLV..AL.6?..KRI.X.Q.o..7.j..I......-..%..}9.R.z`..G.P...^..cv.W..../....b.[z.@..$e.J.>.R....o..Q<D.#..e..../..b..;...,y..QKU4..9..^Y>.1.c.....;.s`.CF6p%5....P....F....B.M....W.${g.z.bl....i4.z....W...C. ..Bw..O.D..a.Od../4.bO..Z..a*<.....,.y.AO+.zCGQ..}.n..i-m...z...0jZ...P...7.....i:k.....k......q6..Z...D..l...7.C..........@..2.B%%..c...J.{......nmcK8s...P..N3.O.m...e=/%MBT"P.T.c.zw. d..6...#-...y...b.,...... 0.s..:.s...........f.Mt.......`..*..,.....;.q.Di.F...ni...V-..Tp.\r..TV$......'^.O.D..F.. .K...@....0_+6A...c....Xp...8.p....z..jdyi.l..Z...\<.(.I.f....i..L.=...lU.QM..`..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\9HSivmE.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37293
                Entropy (8bit):7.994595692638868
                Encrypted:true
                SSDEEP:768:s+8SKL+coLLeUzZIc07Pl73rF21dBqrUslH/SGdB+d1zjG7dpPj/g6:lKLjorz+BQ1c6GWdRQj/B
                MD5:E314E227BCA83F0849E30CEB520035B1
                SHA1:C1E941BF273CAF8678C47FAD975F2CAA0D381D30
                SHA-256:DEB0737B3F9B77EDC8DA005C9B21E55E8A09AAD5892311EFE8BE8483353CC998
                SHA-512:501684442725E63FCE9688B25CB93F3F7D2018296664DE3C0571B1B77CFAB01511122A114A9A896B9697892BDCDDB3C1C16B3E7DB435A029992EEED6745B195B
                Malicious:true
                Preview:..6....."..O`.G^....H.J=....%.D..4...y......Z...6..*:J.....M..p.x..L..<.+..^...{......ab..)h ..z.........7.....}.<.X0..m.K.|.:u.8......P>...h..k..y.R..u.I.z..r..3!...k7...I....$....]....Klx..|.+T...V..&M..y..?.P....d...}.#.:..5.....>}........C0...M..D.?..r..1..[5.8]G.....=....{........#....Q.Fm...5..I...6@k.R....47..^.....U.s.a.*.n.f...K......{..c)`..+7..vu..:.7........."...w......:..H[&.X9.......F...Wn...4...K..7.ot..s.#..K5.Q%.K.....0J.s.t_*u.-.3p...i...(8.g^.^.O.....M.Ev.d.Y...L..yS&...w..0....k..ni.....4..q6?.h0.X%pNB. .7r........ZL'.l.....+...t.V.JX.GsU=r.A.=|.8=.....)D.Jt>.3..H....j......U.Y3...oM....l.g.%...vA..1...nS.m....y....h@."aP....I...<n.:/O..A.d#...g..wv@....@...y...TSH.H.0.K.E.>cS...z...'....'..[..l..n.Q.nH.'V........o..I....Q...)0.p%............`....\J...>nd.U._.B..A!.../|5...|....$....H..[...<...Q....r..|....3:C.\.n.p;..MB.p.e..e......f^C.G..P..U.i... 4....*:k<i.)......>.\}3)..i.27..|=.@.o...HF.u..(.'&.z..........

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\9q9ArF8.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8180
                Entropy (8bit):7.976310815815765
                Encrypted:false
                SSDEEP:192:ayFjVxLEazUHyDfTFKc5e6dM6+QlWTGozCrktSq4i:TjrLEorf5KcE6W6Otz7Sqz
                MD5:05319EA4B9CA82D1867EAD885B91953C
                SHA1:0F9BEB157FE8DA7D6B183C1FC32ABC43CFE25CC9
                SHA-256:C4ABAF8A743107908532A2476F20F4C917FF60C7754010F19A34B839B107F5DC
                SHA-512:EBC3C9DCBDD170B5033590FEDEFA5ACDC4587B0CE3A9E15A7EEFEE842D21C5A1E16594C20CFB34432E9BAAECD0CBC38A06E306AD9EB4B0B862D6E1120FA89069
                Malicious:false
                Preview:.#....+..s.tf...S.a.t..wf.N.>:v.K$7...f..+.-\.....U;..!.#.....:.........#.6_rg....-A....k,...p+..o..S...$.8..{.\JS...).<.K...[.j....."......5....-L.cwl!..L.m4.&._n...%.}.....i.I..V....`+..V..Y.l.H{'.....(J.qkY....5......}Kn{...4.&P7...^.2%..J..Y.....SF&j....*]x.5:.....OC.....F4v...z.. ..E..~..7.......h.=.#.G.?A./Mz.{...].>.$=......1v.....-.aF/..bM.......5(.F...@.i..sY,..Ce.h..I.mo...i(.c...|78~.b.|+...N.Q.w.yW.i|c....`.}S@.z[..|,....pJb.y./.?.W...]b...S.......+....p.d\..-......"..g..C~....0.[..W.<..../..bV. .z.p.X.m..vD,.1.`,ay.'7.K.l!8......Z-..Z`8M.5..X...;....1......o.+6"..mFm.;lI.c.}i......t.Iyzt....w..5...\x.i...../..=.[f.c.....DL..VS...Xg....t2.'..;.ZG.......%...p.>~.lhn....%.v..H.j.-..yi<.;.~.-.$64(...9Q.W.S0^.......:G.X...O.`[D...+%%..2..T.V...r{,.....!]....L..i..p.. i..m.8...~.n.s.-...).V..,............=>07..CJ..m.e....jw..+..qO.._........,...:.. @.$...z_Y....._E...oB.J...g.baX7..g.<..VK..k.J......,..Y..;Xzc..9......?j....T....F...M

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\A7F2rah.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8172
                Entropy (8bit):7.980272496269593
                Encrypted:false
                SSDEEP:192:TwFNei39TdtOjFla4j9lIbjMLBiZWSHvtruB1W:knvWFMjYEZWSlrubW
                MD5:5D6760880260082E908CFA95606DDB45
                SHA1:E209D1A4304652BED273DF11DCEFE4F833087569
                SHA-256:BE0740D9407F18E1D234EA476B9689E707EA160CD3B93C9D180F594EB3F0F2D2
                SHA-512:F2F1EFCF33C7279E559C0C36CCB4B1E153771C0E71395996D5D8515AE6A44D3FE67450729A2F2107920B52151D3F1B23ED6F27CC0AB92D52753B689B41C7B241
                Malicious:false
                Preview:;...]......q..._..c.N.......9]..t....<......7~..e.....".."N.'...yB,..1......Q.".........~...5].R...d..s.._b\..H/r.....7....=.....y7h......M..#.&3..F....%J..*.~.HT..h*(.-.D.....&.z......A....o..rR..7e.%..{.9....c....f.......TS.0...uqJ%p...\;...yk0......_...... .{cW......)b...R.^...~...5.H.J...P.U?...9.&...}7.a.e).&..T......,...5Ry3...:R...?.x7.n.0..F...9.{+..+...j.u.3g....F.X]....u..C.b..:..$IF..........Q.+?.q..R.>T.i.;...[.<..../..oK..u{y..b..S.4RZ..%..r.....~.Y..m....oU...H......8.o.]D*..K"y#..->......y....J...}%.>.:M....\..(..h...'.....P.T.j..3.}...SEq.GE..d.X.9..o..gq.-.n.71........"...c.1.M.......#.RN.zt[.O...n m.=..k..+5.\..S...........+.X...}"p\...3..dw}.Y03;E.;.+..d.s~V...3....>y..{O..F.......9MW..I.Bur..La.n.A../.wP.Ro..0.)......"Xo.-.#...U).[):..b.IT.9.+..4.W.wl.L...^{.2..d.(.#.nC?.X.q)#.u.6.Qh.b..R.|;.G.,B.....T..a._B3!4V.z...&.M.!.y......g...LD."'..O.7#...p#.M_..x".CR..j.m>?..3.\...........R..Cghc.....W)L....b..h.C...7...O

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Ae3UiPh.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37300
                Entropy (8bit):7.99540020223891
                Encrypted:true
                SSDEEP:768:8FL0dhdB4+AiYkN/+pZh/cTBGgFeYc0tj6xmTDnKz3d68xUPgdrhOw:uL0dpNvgLoBpkoFi8KzfxAYrkw
                MD5:90E6BEA8178D081C2072DD9328223DCD
                SHA1:4A3C58E065038EE6F1DC3834888E762D117B8C74
                SHA-256:D8F52E17E5571B7A41E2463B8DA1A0E3650CBA2F293F0E8663C31BCCB6E2564B
                SHA-512:26A09298FB17C035FC3881C4DCBE4D1D8A4E24AFE57604B0912CE13EAFDEA26B4A9C84C0CF83DF7BCB093BB5AA36AB23040270C8D3332DF02558C8C4B188C9FA
                Malicious:true
                Preview:.kmM0.V.q.."...J..D...(.7n.s.`t\|.....C..D...U.4m..g..wZm...H2....wz.....P$fR#......<...k.P.^.......om..g.....:4x...{z.Dv...D_&*O...}|.....X...KC..t...2..h6|.....4...%.......0...v+?..Lxt?xQ.!:.|l3Ci...Z.f...-$..m|@5...,...o..B...Si9....H..Un3..\t?.L f.T%kJ...P...?.....373t.......kS.q..P...3..Kb...?.M..{)...{EFOM. ?iBj.........\.|.bN.b.......u(....m.b...'h*".Z......W...<K..r.&.]M@..."r..IY.R1@..`h.....\r.;.W..........-0.r.J..t..odz..^.nS.m,z....p.N.@..A...O.E..L.*..K.@...G...m.P-m..M...(...6..<..$...0[?_M...oDa.(.l)..2d06d..6D.|.ie.`..*.`...-0.M..5.YM....#.x.....>..M..Nw.`.w.{ C&a.s.u|!..K!..K<..o.H..2..A.U....9K...p..ag..V.^.+..].....g..B... t.?.Zq...v....nk.5........&.?_.......;8..7.......~?ku..Y..G.@..m....(.V..;`=..7.f.Zl.L...%......`".d.?.....(.z>...R.~.`H.@`..T...Q|....*...q.....F?.......h.$.0.<..@%..mTT.4..k.F....R....a.j.e...o.....]..ca..m.6."v..n3j.|S-./..=..dB./.d.6.K$.-..).g../q\..Y.\i/.[..R...%r+..@...I.........OP...~..vP.>!....:....(l

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\AmzoeEr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37300
                Entropy (8bit):7.994833739178511
                Encrypted:true
                SSDEEP:768:TGTvjRbmbhBasvPj4yAiDdwQBeSMDgLxl9ncy3JxoJy:yDjRbAhsswadw24gLxltcUR
                MD5:5A1F0296BADA7CA2CFAFF1CFB8C287DD
                SHA1:6F06A8B57E1710565B05DFF725C7E5AAD8BFCEBD
                SHA-256:6D0A6587EFD7B57007AD1C1DC8EF671EF52FEE9F5C460077DE5E18762835EA8F
                SHA-512:E89F9206AE05A43CB2E249FA244244A9E740FE79712DDF961E8CA39F9DFC9B3FC0480275AC74236FDAE87A0501FFA5E249CE3400F678F787CBFC4FC617CA78D4
                Malicious:true
                Preview:..c....g..d..-i<.v?....q.[..^...0.3..`=s....z..rV.7B.L....|c..e....zA'....."..\...>....H...HB%..\..Mu...Sa.S.-....7eH..F.[.Y....u.DM.?.}Qd..hF.>...*._..3.G.qi.?..s...h.~..!u...0...K$....h.X........9.zi.}+..;.nm.B_...H<}+...Y........_.S<P...Pl.........?x.+.Ie....*5*.@...*..FE"..R.L.s..,N.7F.B/.,f.,.qk..........{|C...L....e.Z.....)2..3.U..#"..-.\&..\.SQ.k0n..Ir.c.-.:.@..T+...o.........g4@F..T25R.6r....\.7'..jk.J.A..b5...EF=.../i......bD.X..%[.s...u8.1A.....xd..J....ho..XY....GP...."(..D`$.N!<-..$..K.....%/..On........B........oS.h.E..=..l..ohc,t..)...S!....Q..6k.~+>.>.K!.0tu...A.s/f-...}n.........N..6?.qS._..I...V`..........,.Q.nx.;.1y..n.[d..P..T^e.pE.|..?:..ua..0.<....d`.....J.y_...5...........8.i..?.......xB.c\...*.(77...O...Y......O.d..;..l.....y..$.5.`.j.9.....A+.f.w..v.G<.VT&.r....c..3.'uX*....,9....^.pU.9.-.6.....CV..<u...~J+.......j.` a.<..;..F.W.. D........qD%.<....j.k...gs.rzQm..l.....B..<..Pm.).K....`.I.s...(&.g.]......<...Hh.#|z ..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\AsIoZMK.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37281
                Entropy (8bit):7.995002624933697
                Encrypted:true
                SSDEEP:768:cRgr9GofXL4uNwl8qiBCgKrRkxX3piMLX8XmwvpMhoY:cRYG0kuNQ8DhmmwsoY
                MD5:10FA5D9181BE3AC5465BC913A5E61761
                SHA1:F68E8762EFE9AA7224F85B7668813D40E6348AAB
                SHA-256:D5639859097FCED90F1B52B2AEE31E2C66E95002EF95EBA77096BE63D5E7035B
                SHA-512:0FDB61EC5DD7A47C03D3F10442CE5A5448F2B7497434483B92B6B01593CEA05D8164806A9175382D4CE175CA61C8AD1B29BA8FDEECE42D16C4395AF7637DBDA8
                Malicious:true
                Preview:.XR1...#..,&..~K.3&.Z.#L.gx....,q..E......W...T..wv.l....s...J.\.}.W..+..=...ii.J...\r.U].I....?.!.V{..d>.......4.!sm..*...j...M.\C.Z.:l...M.PWN.r.#.cYS.l..s9i.......q..0.5.W.... .M..%U3e..\1*|.D...|.p.F5.=4%.^.|.K9...3...]&3.n....{..!...%w..xm.$Y?.t:3q.f..mgH.=..$....A..8......p......B..U.H........c....!....~..V..c..q>.G~.E/...hcbe.h.YUG.;...._R..lmi."x..}.['7..}-).A....U....n.\.].N.s...X @"..............l{+...pr.s..G.{........m2$.........D..Uy..4+2k...k.!......\....K{Ey...u..s.$B.6M..P.fC.....v...Y......2..>.....Rq..........T..1l.?7>..$..s......&........J..=rW.`.e3~..'.....F.W.4.M.~-.F.8..%..9..:&!..D{....".g..s..-.p...e....Q.h-..d...Q=...y....."....Z1....5....x....~........x. ....|.;}.E\Xe..6Q2V.....?..q.|f.U..$.f.+.iG..{.4..y....q.7.E.p.\.'[.....9vo..^`..!...<.......<............K.o!..".....t[l.>Q..\.-..8.Jo..)\....x.a^......6'~.......~......2..5)o...t......m.t..}m..%A..`........,&..:AK%..sAw......-.w.R..f9..{..H)..h}.|.&.n

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\D0R51Yg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37302
                Entropy (8bit):7.99538385566637
                Encrypted:true
                SSDEEP:768:wRMitylaDXE2aBfHTaSfBYARyIuN8xLMjsNmyeDD3nLQRFEgNU1:wKitEaD1aBfzaSeARyIMtjamzDDXsLNW
                MD5:B4A13B2CE512C33C50906B67DD3BE445
                SHA1:9B0A676DAC9FC254DE1738CDA6BF16C7191193D2
                SHA-256:0EE48E222D3CB46F6BEAE566E019F69FF5FC3C56B7A524718405991137294492
                SHA-512:49523682429A222AF2602B4F5E5D1A8AE09BC07F5FCBC2686AAE8A6E44B8B832040E69AEF5523817C64BE5DFCE0C963DD8B33B82FAFA1631645CF771DEFEE0A7
                Malicious:true
                Preview:..p+..G!......#.i..n.. .K.d.H...ve.....#.T..V.-`......._./4&.j...&.H..AG.;....vD..]E[...=..vM.....9#l...Y..`.z........a..~9p.N.r.......j]s1....`....BU..L....$?.d.D.,3..&....=q...%_?Q).y.....S|.{..P..).....(.Smxaa~.7HL..=(H]w<...e/..W..8+.uc-..{.Y..,.N......u.[...8.I..}{...u...D\.`.wpn.=.B...2..~G.. .|qZ...B....o.......#..d.#..%.....1.FH<e0...h....yW....+m..yb...[i 9_;....W>...{...:).jA.,........O..$..8..r..d...d...^.qs...a...:.n7E.0'2~?n8......(}.....F.zvN...............D.L.ri.*5'...=k.@..vo..#...#H].~`.u.lqP.X..Zwy..Y.:(}..X.......[......|.h....T..f....j.&B2.%...=4~.^..G..vM/,.Q*z..Glf.5..|.6...I1R.1#.%w.....{r......@.....nx#.."1...g.#......o\..R.a.mW..B...F.o ..y.......z.....G."...z.//J;...E..O.L.^. .@.....Z....)Q....p.j7.x.q....E.U...|]U0p.M..L..S.@..IC....l.B..o_.v.s?..@.J.1.J.-.....E.2}|u...V..pS.l"5.....L... ...D..~.0Qy#A@S.4.1...r.......5...}h..w.4..\..H..O"i.=#h....&5S..r..J8....x.A...`..B g.)D.Xf............0......Z.<*.....3

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Dzm8bCh.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8170
                Entropy (8bit):7.975260897591937
                Encrypted:false
                SSDEEP:192:g3N0wbRe7CPJ+qb3OO9ECR+19pivm8AeNy/7QlXOQUQrHpOto8dZIxh:Uu+g7Ch+qbT9E1Jivm8AAC0lXObQrHp/
                MD5:04731C6FFC707839A6035A2AA4A4DD24
                SHA1:18D99D196D5F88076020A5871A8E1B12454B01DD
                SHA-256:E1A6978F8AEF3C6D29E15FBBDC1D9A6C93D9DB0E289ACD60EA8715CE34FC37A9
                SHA-512:A8F2E455E785381BCB6FF42C82E9F581FA226542B2051F3643A531CA04288EAD28C99E2DBCCF6B18CE1E3AB43A386728F240F45C04896D25E73ED3975A576D49
                Malicious:false
                Preview:....V...=.^z..#...A.{......x....>.......J........i..?g../.t6..Z.....3'.P|.r..%....ro....K........x}...$37.D....#...$k.;..G.k~.}........1;........{...Ia.x......I.M...el..tsV...&.e.c...IM.z3...<.g.H.....p|s..fT..H....../.U.v+...^.L.1S.xT....R..q..E+....[.xw.sR.t.l5.]...T7Z..s..{...Y..%..^||..>GH..IZ.9...mo.*o.-...h......m.#.1...^....S|T.K...3......[eR3#..|..>......K.]..<Da.._b^..R...(.....Bp...<[A.j.Q.&..SG..KUO...I&...|:U.-+.n7[.+.W.....|.O.<i... .5.8.|..rsR...%......l.K.3|v.......w+[.X.?...gl...sL....."s.Fb....K...wBb.....&.x%.G....O..R....-"...9..U..&.e.i../+....P...z......6.5..h5...........,..$..."...QB..].......e.z...nbf...L)R<.?T3.......-....J.H...4.........Z...o..N.b..f+..+.x...,N.l}..aNh 9.T..8L...r.;l?0.n...^...@>...e....:...........W}........G....'..+...[.Lx%#...gh..-.X2.+.S..saw?Ux......[xz.k.F...|.I%.....~.........Wn.A.<...~=.......n.p.W..3k9.B...Mp.........$...G).(_..Nq..J.(.@]..b..!...z..9..H..S.._...PR....~C&.j_..(..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\EYIL0wL.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37304
                Entropy (8bit):7.995458862427349
                Encrypted:true
                SSDEEP:768:OxrKfDzl+Z02jHiwmZiPP8O3kvwDnMNkpe5PBu9qsl+HUe:crKfPle02jCKwi7lkUe
                MD5:86C4E1F24A230B2F097DB75FEE67775C
                SHA1:5A7D628C5392E059FFD0132B15F50745128E0109
                SHA-256:EB3DED49AC643CA3BB579729F96A45F26E70B24DCE465D8A5BE776979D29DC39
                SHA-512:98B0E0FFA442ED9881949B1DE4FBBB68A9F9FA46D59E2F98ECF31E632C692765E447C069823337C6D56CE081BB8CDE056976077656D3A92FAA54E23B91371AF4
                Malicious:true
                Preview:.z...Apv.eI..\q1.7...m.Z.b..I....>.'@0.-....T8!7|....p.....M..Wk.o..`.E....s....v;.$g....~..8,>.R....v.ru)..E......F...{.1.f...".l^...@...>^OhZ..@.FF.....v.uX..&C~..x...N.......z..Dr.k.f7s.Q..>..K..;....['....?T..^.W..)...0..OOir.yn.M..`.|>...Ej....:<..%.H=..J.4.I.^..,~Ub.o..!...5k..?............H$....".x..b.f.K.....0..E.l..re..,!n.4O2m...*.q...Q..m....U..m........1.~...qY.l2...3..O..l...rCG.j).~%.2.<..f...U'....m&........D.........0..5......."....q....n..~..:wL..\.kt0-.@.*:B.M.E..)g.d.B....m{.#Yc.~..F.D.3J;K.(.J.....[.r....iM\gc..,rn...Q..p9.5......u..G..N..#...:....D.....\...8..KkT.'.+.K..9.h.Q.3..L..*s.Ye.!..3.7TN.%..z.rg...+.?C.c..(o..K..;..xD..4P..g8..1..-.....k.B....0k.(.0.J....q.R...J.N.r~>..........9]..\.....q.n/.....3[...mX.h.|.h+L!.6.,].....vW.`YY..u........].CR...{..."..oI..}_...je....X.k...`)......fS:.h...2.p...L..r.j#T..f....#.P.p.......8P.0...m.B..... q.N...G.....3..h.{|{.J}..-...pI..n.b..6.rZ..-..M.......%F!m .=..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\F1g3mdr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37318
                Entropy (8bit):7.9946969413458495
                Encrypted:true
                SSDEEP:768:So+J2XgC6DMsWVddPn88lWggBJlEv1VimAYTpDMMBpnGuj:A2QC6AfS8hOHUnjpDFpnBj
                MD5:2A1590568B472527CC4660EBEFE8F9D8
                SHA1:2A6CA3D3596FC1918E5F860537954204581DEAD4
                SHA-256:2B5A6E2C5E14DC1B4FF4EC0E8927B3D8028280B9DEA9A095E5839450FC527668
                SHA-512:8EB75B750758FC31ABE0380424BEC649A69443CA5A1A44CC611569342379FABAE85BEC82C825FA8A97E901C90F2EDD56BDF222782A1A28C37EF6DFBEF20AFD27
                Malicious:true
                Preview:h...f:FF.r.,.mW.*.4....s...E...k.V........bX>K..i&x{.4..dW#...y.7....n/...i....K.y.......[..#..v.fj.&v6g....r.......=...e......)..9}.NX.@.....8.}{....3..;..Vs..i.$....3..K...l.(;..|F]..\.....;..o\v./So."H...P.....A.B..%]..-jV........oK....._c]Ktk....$..T.y"..fA.s.5.]..09)E.....V.A..C..a..~&."n=........gt.u...A_.,...h........C..=x.m6..j.D...N.%....{.A..g....Q*...M....{o5..f.P.....w1.....i..W.wk0.;..[OM*...P9..[|.d|.......o...^..%;......K+.RO,._.*9.N...%.m.-]o..&?......q.%h.m<YT...."=!........ z)..l0.i.T...Vc..-n...C.h`.Z....N......C1..2..a.i|D..........xf...b.H......`.v[c.,.eJ.h...]8$.-s~&y._...:.U.{.I.T..}b..I?5.i.~4v.D.'J.a..W.0[;=ID....!.y.a...>..+.~..#;...u......R4oZ...W...x)aE......@.......2.(.o)......^..Y.Di..L.. .R.}.Z...7.....;w,W#.).X.7`..u)=..P.@....VW...jS....R [1?......1u.....?....].F.@<..7........@.......T:...4.VX.......Y....._.*N...!.e.d..".......A.....u..~@....[.......T.....x....(tj. x.;......s.Y...!..Y.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\FI3IvMm.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8180
                Entropy (8bit):7.978049801939837
                Encrypted:false
                SSDEEP:192:Z5aIOyAFZB+TnRHTZCrdA5yU9RiUSqRMLwxj/:Foo5TZCr+5B9RiUTSg/
                MD5:D1F6CD180B2658D938DC99F3AF976CAE
                SHA1:1E6E9E8E61CAA3FDA06588DAC7DF03A71A650514
                SHA-256:0C1A4D1CA44C3375E567CC99FEB36532633E3885A688D23E00D8CBA3BB133555
                SHA-512:4F5E37C6C95CDE4DE14949A699AE4B154DFFBB3F9A71FF92DC04C361DBBEAA1C4BE4919CC75D14CECF44A81E5C27BF8D68F02D46A7E32546F2F56AAF75DDD4B7
                Malicious:false
                Preview:..0.S.Z.e....U...R.....!m..]{*.yc...m.cW.+d..G'.@ .n.....~...h.~.E......f.......Q..&bu1..88.@\.#?.?.@<.......[...~...=Z).mX.H.i.O7...M.Z^.........K.......z.}ey.'0.14G....7..?.V..Q.6.q.,..i.+Qi&...o..^...N..w.."_n.hs.t.i...I..2x.#...;.j.i."K..1....A}+..ar..q..X.\.l=....5......D'.h..%.E9...I}..U.l'.T....,i..+..W.3..h..a.....~H..M....#OT.J. !._.?i,.+X.e.i2.6.<).8...[qX..iB.S..w....|m.k7.A&.NM.eh..v.@.AS..5....1:.c.?SY....^.$N1..(.....).Bz..x.wA....1.......E...._9....|tg....V...F*.K..uw..4K..S......?....;.....Y.W.nu`I?@.q..X"H..2..$...y...YS9...LSE.'.......wB.../......g.t.e.p...~..p......R2........75,Q...tj...$..0(...c.O..&+....U...?.8..m..M&.g..nx......}s....]..)...../8...l.I....1.R.....o&C.5..I.....F.N.e..e.2..W....E... .X....l...........W...rP.....'....B....e...D_RA%.g5.+.VA)...y..-i...C@..-.B?....,~..l.B<.....@9+.O....'.\.6g.G3.Q...e.5...):.D%....2+..P.Y}..C.......L....<NI......&.......U..(........k...]u.QR.-..B.."....!c.%..Nk<".n....%.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\FcgPoNJ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37301
                Entropy (8bit):7.994881095424615
                Encrypted:true
                SSDEEP:768:zvO2ezOxJkmMex/cdBIim29mdvsHOmPRh1JF09:7EOxJ5MexUdBIiLUiuAT09
                MD5:6391AF6269CB7EA529BBF778D22AC232
                SHA1:818DD584155FEDAB499FC1331C8EBF3DF8803EDC
                SHA-256:9FD8C9CC8001D1D9FA04FA70BEC04FE749A7151DAF526EE9383BA351376A3246
                SHA-512:1B9350240FDC00E6118F5B4173894C1F445A045F9BB07CD6E1B18CA2C7679156ACCA3D909520E287C7E1CC303C920FE143EA9C9BF6790A5096BB063C9A6478EE
                Malicious:true
                Preview:4...qJH.P<.e...7]?..U...E........:.J.......L./.=.A0....n....U..BS&..#.....7...y.$..;.k.W.bU.i...$u.7.rs.=...*M.G.......k.q~...8....C....hK.sb.RM.o.y.6g3.. !o...R^..e.#(>...E...w~.#$.Lt....."E7/D*(..0s.........#.<....5..V.!.$.^.O.e.......b.E.YE.g...m_.K]JUP....^0..$.X..3..h0U...2.pe.....u...SbH]....i?..sx.[.......m.%.#..N.....^....?K.dJ.Vl...`.@.:!<..-5.68.V..h)...?...~L.+.q...Dqr.......@.zJ;..H.t.....:G.&%..........b"s..]OdH........v.g..e..H..93....[[.....B.V.?+:j.h'".5.u$.T..j.x8.U.FNw%.......=...?..N...Nv..<...'...P....{..,I..........&.......R.5..1.a..ozM.....?<...k........p.a..2><.....m.!.G....V...yqR=.5.!AR...U....#.P.+.[.<{...m>\.H......v..*v.(E../..........'`..L.|F.w}hd..Jn@c0...[.Z..3.:......6.._>.n.W1#G...qz.6..v ..J...b5.....KR....pM.!=.. .........$p...z..S..M...>,.'..J.9.U..7%..}..+YQ.,......?.H`r.....z$....._xG.t...;.J..H?...#T....<6.$<..Is.y....Z~^0T].....W.'.*+y.d6.q...l.[.[..v.%7...oQ....u.nq...+v;.*.X....*.....u.&`..3..........>..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Fdqem1R.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8172
                Entropy (8bit):7.979828243775105
                Encrypted:false
                SSDEEP:192:N5wXSZV2Iv0MliSOS1uMIpK/3xZuUAcCWkcA38lp:rwTKltOS3I8rxAWxE8lp
                MD5:EB6E4495B83069EE4611B4B239DF4478
                SHA1:638BB0C8E3964AEF375619D2FD32D131350ABD8B
                SHA-256:56D43D4FCCFD2DB795F49A5403C6FFEAB457DC0CC7B5553255D9D1C43B9B4263
                SHA-512:90E8C62682E51CEC1E7A3587035C4D7E27FEF5A56D95205521D66091BDBE15CA10370DEEF1E116AC95FA5E3DFEAE6CD83E25F6C9107EE2365A4C42CE9EF3A1DB
                Malicious:false
                Preview:...s9.cv.BEz..W.tQ...-!C.....Z...7..X.U....u....\h.[..s.A?tJ.B.x.4..x3..)Z.qg5.xY..sJ...W|b...&.'.H>A.B..(.v.6.8..T.~.m$.W..F..F].P.<....+.]q..PP../S.......g...../.6n.6..1....ldb.r..+...r...._........m.".....Q..m..s......)E...g...6......vk.Q..j.....n4...b...@.q..*\..s).+#.....D.^n...8.....^b.....2....8..]...dN~.S..U.....9....#.o.....k.B.@=x..Q..;g..1..<..C.. .Q..Nd..W....C"t.\.HX.....*....|...r...e.......'..w>...0w|l../u...u3.Ft6WI.o4....G@.....3...7..........H......dyXT.]..n<h.^.2.=......i..V.|.Ht%.,.9..k.B..~..k&....g.{.%.p.v..^...."7.J....D.??..J....OD6.w....C...UT.t........d..S....+.h.&.%..\U..(.r.E....4.+.....}..%.x.W..=t.Q.N.....IfP.E.%..g.P.hl-......"...P....q.(53....).f..q.[..$..b..z.|.#*D.".....(.....*S'..F*.&...FL..@[.fk.~/.@..m...../ic.G}.tj.....Fs...yL.(Z...... .......S.f.C..z.\.89...G7..T.f.rX...b..h...r../G....u....+.7,./...d./...s....[KyHr.|.Q.<x.G.......W.B...\.6.k..Q+13..h...._T.[v.>.m..w.<~0.z.*,3H7Ii..h....71......x.........

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Ggw053u.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37309
                Entropy (8bit):7.994973174606852
                Encrypted:true
                SSDEEP:768:r9MzudmoTI5FJH/YZov/FOAb410bdb3pHh0JjEmokB3I1uyL4:rALnJQZontb41Ydb5qKI3UuyL4
                MD5:4DFB40A98C1FEEAE79966250064EC404
                SHA1:EC82879E7727ACC86B98BD0D5E9EB8A1B6AAFC75
                SHA-256:2084649E53E9B63737ADF35468A22BD940BCAD5651E48589F94CE9FB9152D811
                SHA-512:C672106A65A305B07BAA4DD9FD0F02DC57CC19897E831AAF8955953689E227A5CF3A202780F9DCEE60D936B6557D888EB0934AFEDFF5C05D3BA8D9D8A09B25CF
                Malicious:true
                Preview:4....r.x..;D.!..%.....&I{....b.4.x..{.9....Z.AQ..j.7..I.../...oV.z.O.8.|6.~..7u,.}<y....v1..V..Zs>g.........ft...@....;.....?.R.{f..HjrM6Z...H.0...V5........rCw.f.i....k....g?.2.VH.b..9.H.EO..~.i..v |1 p.i.;,.6...<..m.P..WI.....{X...c._kJs*..\..y...pybO*x>w....2q....8....e.J.M....`...D..w.n.Q...U..c....WE.x"..g..X.,lfZ.i.q.....h*..UG..E6K.sW.Q.=...[.........z5...gW...<^t+.7:#...p....Cw...l.s.{.......+.3..Ab=*..@Y..B..W$C...*.7Ov.A.. '....F..K8.x.*..6....b^.(.....".&+8fa.......N...].N.2.{.T3..?.|..C....<.>n...x..y.I.hb.Mq.f..l......;ok.{.y....N^H4jm...L.5n.G..H.b8X...[5.Ym.N..P.(|.2.....v...\....i....U..p..q.!..]K.G.r.#.u...[..^.=..l.\...8.^.&*.>..3.`..J..-.........d....4a..-ml.&..!...._|..).dp......._n.Td..]._.3h..WP8....:H..q.h..E.]9,....t.(..le...S.g..4.[.Qk..e._M.$...`...A.{f n..c.r........}L.bj..Z5.G.l..../.y.....T.......~|.E...t..|.7....s..C.]..R..\....].6..Y#W.....:..1..A.2V._2...J..F..M_fZ.....}.U.;!ZC..1...i...7.N.e.|.^.F]}c.......t."wv.h....(

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\HGHJN5b.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37324
                Entropy (8bit):7.994712465118653
                Encrypted:true
                SSDEEP:768:AczAtOcRHej7iP6bLvOtyukkCgMw4VcfkGUsll55TjneuNSIw:5nOwcfk5sN9TeISIw
                MD5:8F9C9DEA9E3B2F265C11D168761DF20B
                SHA1:9838275275EC2F0CAFB1F53C8B58D80040A1545F
                SHA-256:4F73D8313E6A480DD727CE7B7BC6CC26A5B1FA8CDB6362B4E891EEB7BE7693FE
                SHA-512:043C33E9913C95CCAE34A5C18F497DD7202D35F1C494446DE646A8B0B6C320FB7E3D2BBFC965B5F15B21A02BD59701460BF91C005DF7F745289AD7C8B6785C96
                Malicious:true
                Preview:&3.9..;t.'.L....A9...T0x......dE.B..vt.... .).ua....o...\.f.=I.......`...L...{..26u.7.b....L.......#W\...-.?.?..U..D..9..i88....fR.7 ..t...D.....;|.........G..#~?Pq..-..0.... b.w..1.T..%..'.hn.4.t.z...r...N...K(X.A^...~.c...*...t...c.E...oly..[*Z..>...f42c]aH...M..=b.....9..>...[.g...{....L.0..C.W..I...W.l.6h.fI.rC.:..*1..p.,P8..L....?v.CH]g...>..X|....k.~...A.u..:...s...1..P...^]...9.r8g`...i.Hs.0CV...6...k..\..I..v.l.C5...^;.V@....xS..F.7.....l....u.&....CZ..;.v$./..?....#&.n.^..Q.r.......r.0Vg!X.e.4.(.@...].X4aSi.sG.2..}..q4...h..9...+h...1Ewj@}0....k..~."..7.B."..7...0f...ZV)..6b,.....{..w.@.t..g......H8c.."....'.uN..,b....y5.......U.WVP..>/...f.;..."B..[..N(.k.C%A.$.U.W..T..p..j....\.....v'...E....`.`.Zw..5....]..Z.....?S.ji.d...)..y......^U..O.F.C....c..5..s.........i.c9g.x.:.Y..K&C....w.*..l.}..;..v.c......m.r..u..["....K.RYh.......=4F.k..s.N..S{$.I..J.UC.z.2Z....g...)...].3........S`..n.h.z...m}.5A_8..j....;...w<;C89s...........*u..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\HHvc529.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37309
                Entropy (8bit):7.995088404917618
                Encrypted:true
                SSDEEP:768:dagG1spi8C5Z0uy7vFgrCahzDOVbWSl9hSpIMkV6C+y56k:d4ypD20uyhg+U/OQESaXV6bygk
                MD5:3A9108DD236ECACB608B46FC79A9FA97
                SHA1:9A9FF8C39F13C485EE4A612224B19AAD45298DDC
                SHA-256:B3C759778698C8D8834B63D63AD98427C1D28F39E28EC31E79452684F2460B06
                SHA-512:B9DE942BA585F63347396B752A15F1D02351D1D12A2CBFC0787F7CB81816C0575E7A2FE3EFC8B55F0B731701FF7C7BBA448BE9087FA7C9D15931EAD0F3F8FC3B
                Malicious:true
                Preview:l...F.E.....'"W......."..*..X....%.+..1(._.4.T..|..^.....&...a.....4DN.p...:l4...6>..s..p9.p.A0....u5.$q....7..L..=...U...l._..'9.........7F.].0..............-^.....c./........P.]Cxg!:`.07e...u...>.v..>F6...I.F!y.F....P.L$.-..xf.w' ....`.)M..;.... .S..".8+.[......U.C..+7M..2..sP...,$#R..i.].W..9.K7..q..[.../$Y.oC.`.....<#.....G.......5\.&...fL..'E3l.!._;G./...%....>.R...W.h.....3.bv....-p.HU..D/..S*@..[o.v:...9As}....V.!.N...~.r.5.`.KsW...?5;.p.(q......|A.6{...0..t...!.2.....wL.^..Qi....1...\.A.........F\.9`~nT.B.x....K..:..e2.._..@..l.[....{..g.XE.?v....t.mI.|....q.....\.{.......U.....g.xt..y..KUnODNi..p..j7.....%_..t......&.........../.R.*.1..2A.>........Y...S.vP......D.o....u..... .1$T...kC.:P..)z.yCGQ...........t.B...FG.............t.P....@..(.J.. ........P.A.L~I..H;n.O,~m=.N.;*.%Nt.m....a+c./.P'<.II.f...*...w.{.5.O...l..M.H...."....?:.7.iR.b...#..#..G,......5xA.D..7j.....5Z.2.n@..=$HS.iDV.B....P...L.<.K1,..`.....1.A...s......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\IMyDisp.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):8175
                Entropy (8bit):7.978817104419667
                Encrypted:false
                SSDEEP:192:qnaIEPVQ9egdbecgvCVj454YB42GdIQd8e1fL:oaIUVQQ+bdNdZYB4Ik8e1fL
                MD5:50EDCC7D84E497138E13F12279BCD1C7
                SHA1:82D01459D61FBD8C3D1BA3B074672D148A32E5B7
                SHA-256:67F9B95C2BD88924C9AB1ECAD7EC90D7E4426FDE86DEC91CA3A43A4F3A176404
                SHA-512:9E499A4433E6D1191BB9E5569F341DFA2B4F0C4749A09ECAB704DE37676D9041C58881B612207076F2288F11E5304CF8B924682B062477E1C1173CE42D663469
                Malicious:false
                Preview:......6.2......9.-...fv..%...rE....F.....Zs!N P.7;..r.*.U.p.....l...|.ye?.S.l..d...\{z.B`.3..1.a..l..F..g...4...dx.8.....`e.`.....!...:*.a.3FM........Z..Q..8...Y.........Gj...%{o..HR]*e. ...v3}......&..K+?.0.sB..=.z[.6U.p..%...;.7F.lu...@>..|;q0...1AN.xG...b~..g.].*..9H......{...M..jtY...xlF?3z...0%....m.%..[0.x...+.O..qI..8.;R4.3..w.3n...v0.I.......7..O[5e.X...R.(..!s.).2U.N..N.U.........<.Q.d0..T.9u.r...\{:BJ..X=pU\.;.`CB...[N.G-C....A...L5....|..."..^..2=.X......P.\..>i.....U.Gc..Y./*)...l.#..e'^...%..vIr.G....j.....,}..h)?..t.K....X.o....)*~..Y..H..m...?'B..-.sB........U.Vc.E....\...R.6..n..d.fa...I...#?L...5...d;..7..n...0`.z.((..A....{;.....0'.zV..Q........`..@. 9F..2....;.j..S.:.p6J..X..g.....(%..'@.<v...T.)0.>......c..._...9..J>:|d.G......./%.?8....F......[...=..u.0."3......c.i|W:.G..,8.u:.q.d.t.{.N.C...../....8D..5.c.=.-.kX..........~..9`....;.9...c....iNWYC]6(.d..... |...Ny!Z..P... ..A.V4.1j.HN<.HA*.h.wg..).\][.e....'...u..s.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\JKcArG2.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37320
                Entropy (8bit):7.995158456907546
                Encrypted:true
                SSDEEP:768:K+2g6+15PHx4ad6o4ZpYtR4vpFzo0/RQutHBrpDbCFv0tp5f:/2gp15HeZpYtKvpF0mLtVFbIstpF
                MD5:71EA83B882E0A843E08D6586B1F6310C
                SHA1:899FA91EC289B1612FC47939DB404AFBC3776C52
                SHA-256:49E06E1B1457FB7ECCB3B9104DFF6BE6DCA2F151823F538F71E3D3CFDF07B92F
                SHA-512:9999B82CF5B03C2CF17273E33FA196B57821C837CB405850E98B802195EFEC4B41DBAB41E5A925C60B3920212FADB0079215026EF49F67D70486193494BFF369
                Malicious:true
                Preview:-..pK...MW.J..X..p.c......mo..1.x.&\W.I|...!..m..r.a..bJb .Ra.....S..Q.~bO.H.M]Q<.t.L.[...|Eq....u.D.%..q.b/P.....w%..uV.3/8..f.Y.(].~...7O<.W}..U..P.......y..?.@Q.$...1.g|..4+.6.@7.p}.......j..F."..L.s.Vs.A.Y%......%.d.......D].X(..."N.}vO..^..p. ...b...F...........1.....^7aC..?..........T.+......4..........{..O..'.g..zAd........K...Nc^.b..[.i._ev34[6..[.{....TaB.M...h.Gt.'..I........YZ.H....>6.8..?]........C...L..vA.Ea,.I9......c.n...n.3.wc..I"$).X.....j|.#....8.2.q.B;...]....@Vi....Y.;...>S0G..,.yOF.!.l..g%.."..@g..5l.4..}.?..,$l...I:[%g...+.........;.BU..D.1.."a+.M=..........YU..a.Sw....D..U0...?.H..........O[._.C2...1.<....:hPG..]Y.....I.S+..c1.k....7.$2..d.9..B.e.....9..}l....\..H....\........{....."Q..B...n.....h.k.D...t....R]Y.U..>.F..LSW.O..u..10....T....?W...q>Ja...+GRFj. .-.<X.2...m....b..P...H.`....G...jB8Q......\S.i..>.........CN.w.G.Z2...6?.K..y]^...NN.....|.......TH.~.^V..94.=.E..y..X.e...m.X.../i.@.}.....k.....G.~

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\JRMW2MO.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37314
                Entropy (8bit):7.995028414549764
                Encrypted:true
                SSDEEP:768:5Gf7M7sHM56oDfAVN1Ixxg3niC07bVd9DYmgfh3edHm3fGO20VDnEV9:c+sH5oDfEN1I7ciV/VfYWG3eO20VDEf
                MD5:B827CA8BED7725253F52E9891E3677A4
                SHA1:842689F6E609236643125B6B95BDC829BE1B3888
                SHA-256:413CE7FED553374772FF69F1D932F418267387878BE75074A7841511012D15CB
                SHA-512:3DEB948414E8F5886F0B7267C45FC07B3B390F98C1CC929F29B57319D57EBFA6E99209208EE1C71BD9F7854E1F0BA8C78F75D94CE288BD3C339D44B7CA2E8D8D
                Malicious:true
                Preview:k#.X.9V.jQ#\.A..1^..s.r9..4..k..R.m"2G.@...$.@Db....|......+.,.)..y8......q....'.....c.B.rW.z...y....*.>/.........A4.UVp.r....Y.v.D.. .._.*`[.a.]8.\.. B[u)...zPN..1C..$}c...Y.....d....C\+f[HL...~..k(K.Q\.V>..N....A..X(....x.. v.A.>I.\u4..-.%.4.=..MX5*....3..........A7..!..H.Dy....P.=.............a..p.c~..7.X..z....:....a...T...... .#...f+...?i0..N.Qr.]7...&........g.....~o.M..&.Q3....S-....,\s.qZ3..Xd.q.q<4.{...4i..7.^bi...<8.~.#.Gjn{.nx.?.....?hT.S...V./../&a~.-...:....}e.0......z.$o=....~K......p..#...*.`..b....-...C8....%...`...,.-..6..<e...f.R2?e.=3/.|...0b.F4-~...l....X.6;G...V/_Y........*....`..#.&X@.}..oJV....G..H..I.....)..aj....[3.`.$6z.<...,..T;aS....5..?m.Y.Y..+.<.T+.\..p.X....?V..q....I.&.4..}..4...a.i..BGY.@...C..sR.U'..L$.H.h......_..lJ.R4.....'x.z.\.D....!......Y..&`...mW..q..]s...j."..3.S.nR...8..I]5[3".Az....}....U!R..+.s.m.....v.)..v..[D..bv...e*.QMS._...X|.@...9_!..3.........9....8@h.ll.7o.<...`b:......._.. .,......T9....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Jeeic48.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37294
                Entropy (8bit):7.995454199417419
                Encrypted:true
                SSDEEP:768:jL53E4rY11K87mWUesHiybq9PNzrBZHmOxGDXW3B/t4ICazXUVTRBBn:jViI87mWNsH3ONfBZGHatHwPBn
                MD5:151B0BA4F37A34D4FBB512ED6985B934
                SHA1:0A6858E6C8D8E72B2A1839CBD64621F2FF7A5939
                SHA-256:AFA139F4EB703FA733CF49145EBCB51FA6C6B0D2F8806C18A12577B40F776F23
                SHA-512:DFB4E8CEFCE3ED3515A1701BF86B117D9ED4EA6E24D9F9538F483A866CE26F5F62A67091CE7661D57E26AAE755A55316EE15A2E98D75AF83FC67EB4661466845
                Malicious:true
                Preview:K..90u.9.n.PL.z..w...w........3...`)by).F..Jb..#....e..b..u.e...c.d.Z...Ux...........n.xA...X.h}.MX...i}.V..'.q...../...-..."..'n.")|..}.8]"<....^....y\D..-%...K.kv_K\5...)w...../.s.Y.0b.2.G.H....{=|l...........i..&.....{h..,..+_..,...`..^S.b.+,..=.n..........Eu..:LkX...Xe.... .B..5.&.H.}w. ......;L?r..e...5.#..6......z).._|.lK..2P...F...._3?x4...K..8bGR...+..._..?../,h......;!..a.x74P.I.<".%..i.,y.BIZ...E...1!8(v.5....|^......U.g.fi..0.).E.A.VA...J.Y(.SSS$...A..ThKp...o.@..u.y......v..F..."%$.....V.;(.e.......M...d......y~t..Tq$IQe... ..}z-1..YjE.@..c.<..I..<.8..4..8..;2..<..D.0Z.S.r4gG.&L..B....pXa+.<s......&.4. ......[..@hJ..0....Qoq..;wJ..q.d..k.T...`L~>'.z.r...q.yB.....:.9....%..V..$..m.+j".f..k.5.c#..._'4...h.+3j}.yJ...O.X |.Ga..u.+...LR.....%....jm..!..D...2....5.....i..$..rK..(....k.aY{.7.4........m...XN.l.$Bt..C...d\..=...>JN\.....;..5....]+7...%.-....C.i.......].o..F.F...!...PZ..[......p......-.j..z...R....r.I..3../O.4...^.+F....!..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Ju35Uhl.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37303
                Entropy (8bit):7.995387376288314
                Encrypted:true
                SSDEEP:768:I3bB4gexabF8IQw/vUcSMcwEgeza3r6+dh76wK1qxxpq/Pil:ILOgeQ8Lw0ilEgeza3ddgx1Axpqnil
                MD5:48E73739619445FDC332687D7DFC8159
                SHA1:EFCCB5FE87A2972B15C72A447FCE3D9EE19B5A9C
                SHA-256:89F502EC94624638C707D1AF098AB499CD0D5F40F478E9BE76C056ABD2D6E588
                SHA-512:434B4B69A3D64E466ECF08AB8E702014E5E6603648CB4A81355BFB45E210FF071654E31C7045DA7DA10A2A7CE4514B5FE7FC6E9A7EC64354C8B4DDE525437F54
                Malicious:true
                Preview:..x..df. .s.d...Z.|.5...Xv...G,....,u.m...........Q......y.Lq.. ...M~...=......C.....>%(.....!.Z{.C5.?A.h....m..5<a...t....9$.x.z...i....^&q&.~..O...S.`,.4.V....H##....0...\_!....P.....?.V..;...D..}m*.AG..3a...#8...aH..M.N.IV.P`?.+...........K...b.]y4.j.+}....bx....)m.......+.J.o.2NN0O..=y.. i.RwO|G...?.eZr......".cn....=.W..g8.&.z.E.......v...w.)..<'..1e..........$..5..>&b...zG..D..{@.j.8U.A..v..L...)3.....W3..Y...+.dqO..[.j..^.J....T...L3..a.........v.S.....mN.....c".p.7l9M.QW.R..W|B.r]....R.V..$.....e3K......(..%}N..n.H5..Pb.bQc...).D.|u3b....$.W....'Yk.^c._P.8.0g`\0.7.G.....o.-...#%..WJ<.7..7.}(.....9ecUf...gj.c5.O.Jj.$f......j...h......5..uG.; ._{Z....=.......~...].c..m.U......q.kp_..u.}.5<B.f..!v.4G.k...%....t.U..nbI.......u".B.0z..B.3....-D/.`...].X.@.a..+....g......-k3.5...[..#....0.._j.(.,.M...[.{....t...ul.~....K....7J..W..g...-...:.0G0^.H.c.;.#0.,.m.n.)..5+)D.......:."."..f..K;&/".r.I...D<.41....S3..B.:..s..p....CQ.hX.{.I

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\KQHk1pG.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37315
                Entropy (8bit):7.995222266449158
                Encrypted:true
                SSDEEP:768:VK16Sqw98z+2E5FlR4JQ9BUu0IMTb0xk5YlJiVzHPvS9Bgy6QuUZ8tkAh5sU:EIw98z+2E74JQXUumTbvgQVbABgyO4fE
                MD5:685062BEBAC79997A170B4F005B469FE
                SHA1:06847065A525DF2CC8A4E4E7DECACE178446F34D
                SHA-256:89E349A532639EC37D5528378838959A7576F54067A7CA7337357CEEDA58CCDB
                SHA-512:E94D6A35D3CC56737FA8C40F60D2798499A5ED2801E2500706FA2597F593AAE2A5B758ECB8DEE5BD56DF249C96B95923489B9F9C944F8AAD35A69D5131C97529
                Malicious:true
                Preview:.v.6<!.sf\.?%..is.......aX...bJc2..2,........."D{.9...?}.}..|..)?./G...z..h.=2.I.G.+..I..BV.....0/...}.B<&E.B....-K.....h...=c.)..$...I%..Nli.5k.E.0.!.+"N...w.....0j..b.`c0j.*....:.U.d....V]..H..2..&...7AC...{L..a..o..P.j.XV...JD....p;.J...sPVK.3.b......WW.>o.....U4W...Im,...a3.}...1'2...m.&.C..x..N(..)e..rtw.;.l...SH.....m....N.dGd--$.'."`..&..k.K...X....x%....L...~2.+.&J=..j.....m.6...,...k5b%..._..a...y.@.w...=..:......%........D.S^.8..F;b..>...L......b....Qr.....F..p...h.g<m/..?5.6...!I[w...@J^.*...Ad6+..^...q:..u)4............tgr.....P.k"!....1......vZ..Z_Xh&.%0.........k...9.7..$.w.....O.9....R_...u....ty....V...@\.....?.`.0.T.kGr7..[....E|3A..7.%.oj*.\.V.m..C..c.(..gB.[.X..`.3.a.k"..}...5t..!..I.3.MKR4.^...qo...Y...2Wg7..S.V..3....2In.._.].`.f.;.L.e...}.`.j....A.'..7...G.>^<VExX.l.S".V....4).4s..]..p.(.y8.._DCV...h..7..D._..J..7.f.K..p.h.DRM..Z*=.r...x.......8..|...d9<.J....~..S.k.{..q.,.w...F./?.V.0}.<oNFA...Y.q6.2..IJ..5K,

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\KxJAe4y.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:DOS executable (COM)
                Category:dropped
                Size (bytes):37303
                Entropy (8bit):7.995415073769213
                Encrypted:true
                SSDEEP:768:xHXhLm8/9k7ebPH9LbzewszR+OhB5rqGvTWGYU+fc+638F:BXhLmWue79Sdt+8vTPY1Uz38F
                MD5:B60447294A2EEE2B74C953E6BCB7A0BE
                SHA1:A5DAAC56F91D5FF4671A16615D88B9B11DE79EFB
                SHA-256:DA56A065209DF3C9C3B4FE8F3027B39C62D33551A1FD0B89ACC00CE40A6B8C83
                SHA-512:0A9083B1BC4A5275E6FF600270EA357A6389E8CD914A0EA06C5896C54A16DA47FE26CDCC307441027B7C7CC185AB81EBA34644F6D5C1E57AAA1509BA5539A1D7
                Malicious:true
                Preview:.E..W.5@./...7......S..>....p.->.'h...Q.I...9S.t.....7.....k}..mF...:..y.Q6D1...az...z.2...J....:.'.k.......h3.cA.,.....e=Pkc...{p.N.'l....x`.....u...8".>.. .y..K<b.....%....t....S:"n..=@u.Q.tC.k.mRk.*: .jVB.Xo.iz.....v..#.AL...T.et.u..8$.................j..&$..Q.)D8....b......N6.@.1.q...3oK....z.......9m......c.@.r.F..E.+..uZ.KO.....#Z.[..]W.H....8.[.s...0W..%..JHL.=...e....~FrB...B<.#..;x.N.j!......CU..w.b....q.....c...d......V.ItL..Y-I..]0..Ms...D..+.xg.f.LU....j@)S.h.EvHc...;..44L=.V]e......;.T,|.b...._.L.PV./.....i.j..$.dP..1?......^.z.O.b.A..I...+v....N.Pi..t...cZ..L;:...`.|....V..TpQ.H...z..R...;*Pz..qFd!....H.....I....3I.C'...[..%%..U...j....\F-.. .W.........1..6........A!*...[.1.`.A..7..7....-,&..$..n.1..r.J........Ij.._C.L......[.....j.yi.CD2;f.N.F~.O......\.....K.....nwO.%.uN.;v.,C:~...C..IxPG.x..%.L;>.|].f"k.H!o/].....D"...a..s......>+*x!:.....q.F-.....N*@h.aQ...b.)...;\......:..xl!]h.[.eS3.H)...Y.....%89'....[i...i..!

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\L4kOt2M.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37277
                Entropy (8bit):7.995448846373368
                Encrypted:true
                SSDEEP:768:oauiNlvwSbwHfFbAT+gGy24/Vlq+rlRdL/EYxNBYrNlz48P:oulvwOwHtAl2wPDL/EYxncNlM8P
                MD5:C1E19689B1EAE783D03E5C2DD126F793
                SHA1:A70DBFE56A6BDD38741417024CC44C5B09AF214B
                SHA-256:F0A729C9E17274AB8AEFC2A6418714D3263401F82256B0F0073F217C3EE1A3E5
                SHA-512:09D7E09311CE06283CB0AD03F19BB7CF363B1B8DC60B5B4C19B8ABA03D0DACD71CCDC517E834750D2C8E2CBC276F3EF14D62A930C521257B2279B38D38739C21
                Malicious:true
                Preview:.J....GW..W..U...t.&][...N.....q...xEu.i....C..-.c..53z..fS.l.P.3."..J.*..(7u.*....Y.$.y.GT.. ..u.g,`._l.|......<.......%...s..E..Rinm....'...1............U.1.f.R..w..~.].^...~.g........j....m.....%}....O.Z..j.Zn.[.w...K6..[..R.....a..[.D..W.....:.....*'..9....|.b..T.]..?r2.....`..e.]..Z.YU..../.h3Mv.3..L.&o..-....i...Y.a.qk...@..`Z..s[....:....1....w..\.....!...m..,A.KWL.{..<CG..1h:.J.g.nw...,......Y...<n.....<..=..9...gMf....g!j..f`.l...[..Ez....?.u......AF0>."..esj.1k....m<.q.h.bQV......f.iA......K..Z.v.<}...wAK4...].4`...=....h...u)..q....f.xF.....?!.A.A...Yp.f......~.n.0.Q|.G....e.IG.fB...<.b...$(..A....W3...~../.E..Y.x#G..W..n.@A.......R.S........4......If|.....E........eVs..hg....N...S\".s..FwY.y.DU..R9..Su..g...l`..Ft. ....i...!..?...).-n....'=.]Y..ml...`.Ko9~.Y.........X..a....cFr...u+C....tnY.l.Q.z)e....fy.2.....3$7*.D......b...A.V........\l.....T...1...)..b....-.T.^.q.v7..?.c.J..jm...0._.....:.;d..`........z.Q..27rw..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Ln0G7yJ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37285
                Entropy (8bit):7.99489369977938
                Encrypted:true
                SSDEEP:768:i2I1GRkAn5HwiLlE3WGIjYggWYzyKc3WmGnzfwl/mk:VEukwjhEmGIjYmp1Gzfwl/B
                MD5:2C11C96738804A60032730C48418EDAF
                SHA1:99D888A1CD7976ED119BFF9C48F920717D69E886
                SHA-256:ACE57D64D2D80344D2D78BC685898A71E507077D9521C0738481E0092B4F352D
                SHA-512:E64B003479AF8EC0C986C1FF00F46E9EF5C670D8F932179C54E2D0E4653C0D63A820900323A4DF4161D193A00E882227FBE07D2F566AD24D04C71B4D1F86DF94
                Malicious:true
                Preview:...6..Y.H..........C.{.x..6.J!y...x...........x-q.5.V..Xc:F.....J.:.k..6.,<........-.r.;C.Tk6.....(.........^....../.."..TbZ./...:........L.R...i..r........mW..)X...m...>H..d{?,].ik..A..L...te=.gf.H.a..S(.f..W...-.....&.. ?...>...Ha>.[..l*>.3(...V..E&...).]..."S.......V.D]..0.X.V...lxS,..L........w.2.{P...2.P........>.On......L .a...GYi.a...}........*tH,...V=K.T....o.c.....X.5;%k...ik.........R....:.Tru...41..z....T.C...i%.5.%.=.2.:.......B..u.d..C.U.....?..P..5 ..(.P.D.zkgd..^."...X^..0o.XS.WG.bpMO......,...I../.....J.<t.$V.L..[k....................m....{Ia.l..L/I...e...?.5..............y..C1a....e.fZY."G.....t.......L;.......<....j.D.F8..("=...5.o'E.E...^.V...=.1n.,.......X..!.l0...d.^...Lp.....Lr.L......t.3..9.V....H.....6Wp..!`......F.a_\.......7"..Y...y0.F"...H......L./..e*..e.h.}.V:.....2C,.n..n......dL..1,.....t&H.o..@w....(sm....U...C...$...+..a(.....,.JeP..Y.......l6[e...yB...!.8.!...m.M...l;.........|..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\N06NXwr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37277
                Entropy (8bit):7.994886845243593
                Encrypted:true
                SSDEEP:768:wBjf6CNLzQsj0NtkL731FP1Gzlh4gjfd6y3+pw63lIO9S:AmCJzwNtkLB+TN03CO9S
                MD5:7FC929C27831E7444CD6364CE1ACF502
                SHA1:A0ED31363BF64B75DBA44E1C258A09294E026BF7
                SHA-256:0AF6CEB7B9CBAF2C92D4B9D37C1E30F71D46F5F3B105944DA719D52C0A76F4CE
                SHA-512:5080940FC4008BED0BE6BBADAD9DA71B644A7A12370145C3974E9085C8032A0ACEE7CC3E312F4BBEE5813972EBFCE60E6785EF9A7954C5019036C28FE874C8DD
                Malicious:true
                Preview:\4K.$....|...B.}~<..N...9...{..y*+...^W.....I.C.1..p.(T....G..L.Kg.....6J.....3C.{.9.&.F[m...f.E...o....<..l.+.J$}*.i.nm/t........_.T..}%.6.X.Nna.! ..V.J.....xm..09...C...u.hP6._..^v+....9DU..~...?._..K'..f.5...i..(u..q+..Th..q.....R.W.N.d.Wo.....jn.3|.....@r.Bm1..=...l....hg......e#..sD..s.^m.3.lE...pO.O...n.........x.Y._.cE8..8..B..u........q..3..k...mR/!.`..5f....#...5,...4F..V..-..2..(t...g@..q:.M..A..'{.U+J...s.Q..<.W...Y!...]c....r..tc..z.$.X.q....95n..{.^D..k.n.|..".z...yl...gh.U...).S.q....3/..x.H..N....#2`H~DW....0.v.T%.!.A.i...nu.a}s".Ra...HN6...J.{!YZ..>6....q..o|z.kf<a@..O.!..'/xQh.Di ../O...S..R..%.0.GH.....[s....q.k.p.+.i....[f...<...Px...eE.......6!.Tk.6&..m..8q...t .).VUS..t..5,l........0|........Z.......3.i+....3aY.v.... .... .=......&.<......^d....}..u..x.w_?j@..=...$..>_..D.%;.v...@..I.@..Y:..)..,.".$....LY..`....Q.>.d.R2....t7...2...D..^.M..j!...ta..V-.,l....z..o-....D.T._.7.......BM.....1.P.5......

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\N2CUQpr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37309
                Entropy (8bit):7.994696576492526
                Encrypted:true
                SSDEEP:768:EvBRJiVZZeSLvmRoMJPI70D9QnPtDe0diTq8xrlGvRdrLrSX/:E5GUMginPty0SevTaX/
                MD5:825CD7566EB803D2D7E330F8D49ED8DB
                SHA1:B9C346C56D7D914B8551F5F2F9B10532D7E0A4C9
                SHA-256:AF5BA23117CD34BAB8711394889F7ABC2AAB72E37FACA0303B96CC6AE7749494
                SHA-512:730A0987920B84215784C3822F62BA62B62A51A9CD08FC29F45F610F88A6AD4FA9095E44C6DD72E11E840B50BC3F6F07E2043F52783536C8E1544E9225E3E825
                Malicious:true
                Preview:v0u.X.f=.t).zc...'N...Yo2Q...^..zX.........j_..x.p...1.X..X."Dl...v.q9...q9.Y=9...4...F.|.G.g.^c.]....6.G.Z`..}o@0..#F.A..4g...A.Q#..RU.z..xzb.....A..\.X.......D....t'}..H...eU...../Q1}b...aPc.H............T|..V.w...o.......|?..:.a......N...dy.O.1j)ahS.X2{5kE.......r@..t.T....m.h^7E&.W..x...K}......y..i3.4,#?...l?.........#.d...,..Qm..#'V...b...H'T.%Bh.....M.D."...A.G........1.rd.St6..|.UN......$Q...8..+?.*.k4P..U9..J.i.L..'..G...#..W.}.[.U\..V)..?@.......U.zDuA[4S.p1&....w...|.YI......p.,=...LQ...........Ke.Tt.<...f\2C.5.......<......i.B.KX......3-.h".:.|u<.....C.."..A.}."..x..r.d3..R....F,.F..]y|..J...n.`....7fm...J........]...k..w..5d..$...&n1.R...U28.rVe,J..........b.K...#.gj...e.6.p..].s|I..L.i.I....c|..@...}.....c.ewKb._...x..,..k.."..IM.@....SJ..*.......yk....@/.h..E..[.u.g.....v.,^:<.B.....0?..r.F.dz..Bb....dpH.sn...+<....K.0.;..&..8.Um..!rF..OE.(T.A..f....a3.6z...\Jt.y..l.c......@v...~.S.T.....^......cJ./.V.H.....Ck).2..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\N5i5JZg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37275
                Entropy (8bit):7.995411352625996
                Encrypted:true
                SSDEEP:768:NwzIi4PD6hseoyOvT0jvMFRcKvntl/0wYaEWiQv4kZeXUaQ83:EIi4b6sfngjMFRtj/0wYqvncXUaQ8
                MD5:4EE905487885584582B8475A991039AD
                SHA1:85E0DF2134A0C7076043D0A76B2E00FED62F9391
                SHA-256:88904466044498001A187958C67944E789819D3DECBD8EF22F341B31A5ABE16B
                SHA-512:7B54946CA7E0355E3D3243F5FA3B464F6C31B7067793B143A11E01081AA99CDE444B8702AB7DED4A5A9B841E3FAC18F90131E9D4BEF3DB43E7A8CE037F0FA90A
                Malicious:true
                Preview:....h.e.....x(G%;0.jJ.T.L..w` .\.k....b.Zx;k*..y~.f:.fKO.l.!\.a..h.R.....][r..7#)'.,...o.....4..$.4o.\..'.a`...]DQ...>..h5...Z...Q.....^.<.N...E.......A[.U.)H...O......AG.=.0+U.Cs...4.G..\O.)..H.M.g...c...|.d.. .W..Z.,#.7.....^..."......._..e...<....a....da.<...i..........e.k..8.sS..n....N....G.R........F.2.....N..dS.......g..Q...?a...N...4&.z.4.k.....g...:,=.Z .y....1^..T...-.!.+V|.j|....{.P.....ad.U....]...U..yp...s$..K^..*.=....|..r|..6....c.^.M...j.D..w.W...."UDp.6...|,t ...w.jDWtGI.2p............M.]......o1.U...`J...././....m.k.X>....P..../...d...J..\.j~O......,).*.T..7k].H\.)*f..mkm=.?.n..A....u.Qi.r...........g.../..w..?.....A.q.x.y<..{.u.D...3.h.#.q....:.....g......*.#Y~/..X..g./..).2j..GYQ...$..~.........2;.2........b....TR9..5...o.B..Cf5.K....g..g.]+hy...G.D7.x3.N.....g..b.6..BJ..n.\h>...:i.6...]..I_..czC..."?;.<|..j...X.6......QI..e`.f@uZ....j..H.S.PV...O.J...7.p6j....m.-\...9..k.;.........,..\.......yvZx....u...X..U{.w...N...v.AB

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\NNGT4zL.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8167
                Entropy (8bit):7.974634823186958
                Encrypted:false
                SSDEEP:192:VycFPY2QR3UMhQlla14jhpSPS8oHZi0DIEQM6tov06Ph9:VyOPY53rrg/so53IEGPo
                MD5:4A0000161F127CC5E59D179C832A88F6
                SHA1:8C55FA1F1D718468322C1B67330345E7BCEB09FF
                SHA-256:460BF7A4D342B32617EA95488012E9B5A5C305F4D1FBF7150701DBE438AE997D
                SHA-512:6D021F016B5DDDD3347C5C2566447F487B7AF904897128CD9A0D7D4EB410C2C953B729B661A6511A18EF61E4BB3A5EC7E4DAA8905E2D9F86F806CE358334AAEA
                Malicious:false
                Preview:Fe..F...X..sC.-.R..w~'.....`.....k.(....Z.".t.>.`N.c.me.C..X..T.....6i..0..."c.!...7.|..&mW.....UJl...tVy...L.o...Q.64.M:|.a...3[*....6..|..........m.o....m..z.:$..l.h_p.$..k.L.A/;.0.[y4...f.v.8......\.......CV.HE ...hGu..3C..j8.,....=...........=...V..::.... ....T.0.....on@..'..........f..N......+.....6..S)..U...N ..U'....k.y........#....K.:7...}.._..lKU^..'Pf$4g.8......c.....D..p..YB/Xd.....SO....g...v.~...8.H.aj.F.h.w.oi....f.I..*e^......4./.%;.a!Pj....t..W.....e.:|O.....(;.x..d|\V.D+.....n..~.J....W&..}.R.]...z..h...i.........A.P.~S...9~..]...L.)Ws.+>b.$F.OJ$....J.k.B..r.j.....5.pN2..Qf%...T.&:.../...".{.ZS....0..Fj...D!..5......+ll...u..p...20V....y........X/.sA9I.@5;gy..9}`....A.1.[...|..k.B1HZ8..q...Q..."[%..1...Q911.5%[.li..Z......\i[.....R.... .;;.7....H.3..K.~u..nMw..hI...n*.......i.B]p&.^...6..}.G.R..v$...f.7.D.t.....D.h-....*}/k.,2.(..e3M.bDq1.Y*mYy.]-k.>..K......a.........c.G!_.1........G..c.aO..Ajr..r..^/.Eac...!...^=

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OLL6qFi.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37301
                Entropy (8bit):7.995111701945898
                Encrypted:true
                SSDEEP:768:WXXeNrtV1zVNXLs8YEymJH5M9uvM6wV3i7iIUWvo8:WXXA5V1zngkymJH5M8vxwVSeY
                MD5:9B4A03CA9D1A8ED481D64C9F463AE572
                SHA1:95944F9C0BE11B7EC966F9E60F2D4729291E307C
                SHA-256:2F8B7B5574EEDE444BF012537E813ED3EE888DB400495F2FB727DB0A47FC4926
                SHA-512:74F8F3173AF9766F91BD288595188C1F164E70F25EEBECB261008047A63972CA76C5B856312924C889B98683EF23877AD692D45C4F2D48B5A3E572643EA85354
                Malicious:true
                Preview:*.....CX8..o..0..d..Z.u1.+j....."...;.w...n.<....6..{{...qB[..$-.K.s....b.b."|.R......z..W.T...#..$E.....c.....I].......w.s...Tfq.LL.....Se.W}....8...i....y`)...Gv'.#.j...X...D%.R-.[.....Jk.h. ..K..:}.A.s.K........6X.!..M.U.#*r;|y..Nn.>.u.0n..I...Y.Gd..En..w<.j.s7.=..bn..c.g...Y).....2...&,%&...b|..p..'C.t|....BQ...\H...`.......G.e..|.j..x./V..P.E...P...,.KYb....."K...V....2.x....3...$;.E5.(......./.I..n.z.P...... M......j.'...Ba.OH.V..jf...."C.a....lg.v..]2G(...w|......O#..&.............!.t0Y...x8.6.+m.J*...@.t0$.I.<b]...H..4...._.F.U.Sm...@r....F..F.pS.V.f.`t......)..8..(.a@{.jP]..d.....T...|.OV.........'.!.........._5.u+n=l.I.j.;S.....R..e.Yd..-.g-...(,...v'7..Q.s.&Q.&.w....`..[.r..;k..>...h..iuQ..\...........y..)...@..Lt....E......$T+..0.rX....|..L..MZ\).n.....W.%.......4..."....(.yE.1...).m.0.y..-5.J..B....O.m_s.=...W.w....1....?]!.1..W.M<.....L..k...{..?..g...x.k.F.Q..m.U...-J."4........Q.Nm..]G^:+.V.k....]m\..Lb6".m~

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OSM4mzh.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37307
                Entropy (8bit):7.9952051124350465
                Encrypted:true
                SSDEEP:768:6312x7QKbi+sGwV4r0XUQSIj/ozK3I6VwBUOZOwq5EQM9rA7:EYsKbtfsXcIjweI7BUODq5EQoc
                MD5:C0C82DC24E87F07799D85024EC1EBBAB
                SHA1:85C72034E6CB5E56C6F7F9F9D1C0DDF864FD82E9
                SHA-256:01521885793CBF5B41D05A51030D7742A7648A36F69E6BD01B563BC5393B8FDD
                SHA-512:BA0DC4B86424D126DE158A2CBBF00B091E1979A16F83338072DC1454E2D4970E9B45BB05C59463F47D2F3FF2BD3814B2AF3EE219DFC52E05D4B9C32F22065409
                Malicious:true
                Preview:x5.... .r.~..Ck.?..3.M.`a..a:.~.c...u.7..=.4.................S....1.V.........c[.8Q...B...,.1.X...L.}....W.D..m[.N..X-P....P..))..dE...h........s....d.T.L#ZlG....../{.\.4~;..@.M\.t....%..$qI..-.........l...4h...(>z.U ....n.o..(...T!.UH.......M..`Kk.5..N.OR;.....G..e......HL.."...V...Q.=.CYyuH.AV.;.w..'G.....O......N..Y...2.0.mo.C].......8J[..0|.2..0.9......MK..kpzLB.?.n...f.I....L%..>.., .).Q..\oP..y+..U....$._..l...J.g...C*.sZ..R...&C.5...1...,.#..\m.].<.ZC.R...E=#.4-V.L..M!^.)t.p.\..!..J}(.....8G..}^..4../U.Gn.[.V.eg.+..]...o.~.S.S......rz....9.!!jzl..E....i...|<..+..5...n....i@.. ....trP,{..k.U..#.:s..z.J...@.......>...(.!.....a.IZ6I........m..Y...U.MO5Q{H...MF.m{..fZ.2..........h....Ymq....D.D.+....@4Nv.M.l^-..#.....+....B..}&.j.y.....~.|.".y.. _.R...*......B..JKF{...>..-...k8..D;.."....Q..y..J...)...W(7.`...0..........Y3~d....E.. .O..........l....5..,z........Q...GJ..I...........,..r+ ]fd.. .,...@M.m%...i.~.....?.R.#..}y".g..2.L..+k..{N....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OTYABSZ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37322
                Entropy (8bit):7.994068425099626
                Encrypted:true
                SSDEEP:768:mPXv8m1it0/vc2GC7n0HY5MEjsDBbCT9ARHpbvGFP:0Em1x/E21s9mpSHAFP
                MD5:0FD6F171D52C02FA92B266C0AC6FBB5A
                SHA1:2287FDF3CBF56F790AC1E690A7256DF8E1B02820
                SHA-256:EF578B741CCC8236E087157908BF4D703D6EA9517ADF2B249AB836790CB0A566
                SHA-512:3344F052A535247F29109EF9D76A5C8E513F9C2D3230D91F76D93E9D28EC16450D3A576A6DF64E23B255643ED9660756A50E75658B6D5699F507599E77394094
                Malicious:true
                Preview:.Qd..K....8.E=.9.,VS...0...).....urg........O........z....89{.\.\tO,....].d.{?.}G\.|...0.......g.C.. .m.#.......h=o.....).n.....o....z.7b8....t.........b.........L....-RF...m..8T.......n...Us.....v....'#..RU~..k.....&Q.@.MF..../...dK...Di....Cy(._...V..Z.]...|.H]....."r.I..U..."I.....$'.<.F.t.}..A.a........(.{..S.:....r.I.....K.F.g..-....t<.Y.g/.'......u....j.#......Q....Q.9.1...}....!..g.|.m.YZ.[JIO.....2..MAi.I....h]......=..?.:.%..fJhf..dr.y..CU.H...'....4p....)......m.......2q...p.Z!...l...$.....b.....#.G`:.....'...9..0...8......=ZK67....@^...9./I.G.....2.....m..;h...6.\....h.d../}.+.FsMc....P..*.-.7..o7K=..ca.D..9.^j...... .D=..T.S...m=...V$......(....'..Z..._.........G.......I...;B...|.%......Rp.H.H*p......2C5....@HD...Wl....._E5.].$..F..;.3....c..F.pk...u.t.B....(...t..c.he......|.?......J.2.....m...@N...h.)C.....)....b[k..e7.R~C.+...f.xx....m.R..cp. ...^E-.u..3..!dC?...@&Y..`.....7C..".|.x.Y:..{..W....7.f..T.O.[.6....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\OvUQKZP.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37279
                Entropy (8bit):7.995433449942518
                Encrypted:true
                SSDEEP:768:QICBNbe/6JyUax+jkGVLPMFVO2yfR+azW8KOoeUJ3YvY6wJmax:QI7Hxs9cVxyfXzjLoVAjwJ/x
                MD5:D61A0E4477A914484A9CE540A90D2003
                SHA1:F890E6F4B1A855F67E5C164B6C7909646DCFFE5F
                SHA-256:A443B846779925E521AA3EC27FF381E8C3A0F01A2D7B2D74D8908E5620D72876
                SHA-512:AAC59E6194F237B3DF30D36464908B2469A0A58CE895438E380D109AEE2D2AE7DEE8386FB2398199F357D7385EF99D8960083DEBF3071FC426B661E24F9E894B
                Malicious:true
                Preview:...#..@x......=....g>.L...1.......].f....*z.ov...^.f69..u5.....M.R....7..E... .....<..s.q..f.................v./Zt6.k.q........z..u...NB{Bo../.P0.W".........8%...@1I.q.FR9...,Z.FI.....<qf..*.da.h....4...av.......p.\...*.";....m~...4.F...LAV>t.......@_...G..........RC.^,...D.........9.\...*..~7.U.....8.V2...T...Y....3.Gj...M']...5..<H..f1!.... .....T...N...$.A........vo."........_JIW...OT..%.r|NU.z...........!b.Q...H..~.@...Z...}`..............E.}..../f!......;R.j.V..?..1...W.._Ks...f.....X&..\.&.,J2.9...].......@.C.(..$.>J.....j....R.c.X8...%j..o../9I..WP..J.5.L..y_..];....j. ..-..72z...@..?.#I.F...:..\-.../......Ab .L.]...^16A.\.UmNP.H..Y....`...qs....8f:..;X.c.p).d+N...h....c.R.{e.p.;....o....Y.YM.N>=>.05g...V..]r..O.R9..T..sXM.[..X.w.....r....;s.J..-Y..p.u...-...4.d...rh..j.-.@.M....[.E:N..&.A.C.W..o3L..k..9.+.";.......8..* .f.....Y!.Ru.)..h..Y.2of....!..A..dV.c.~.6J..<:...B..v.I.n.c.X...~.........;.5X).C.9..../xdlh7........b

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\PM4u6So.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37286
                Entropy (8bit):7.995521434574253
                Encrypted:true
                SSDEEP:768:NgmuAUFbTF9sWiAZzFib7Wh5rAtXo3L5FkUcJgSr+2OH2l3bPWeZ/Ue:uX3ZZ9sWhZxinu5wXo31EXOHW3LWeFr
                MD5:9DCA9EA57C6253284C4315CACAC815B5
                SHA1:F4D9CB23327AE8698EE106A579FED76B56F176BE
                SHA-256:9CF178CAC34FA5A9B0E8E00B307DAE77BC6539F9935983A45D1DAE5C81271F38
                SHA-512:67C99C808D093B8ADF2C6252FED794D12C001983998FE24A5DCEBFF7AE5A5B84B0E7275FCA6CE434B9B9AB79280316BFA1D64BB95EAA9B41D73335C17F254728
                Malicious:true
                Preview:{.(.5N..XL...."...mp.r.#.....\xR..f;...FW..l..).bR.O..6.1<..5u.z.......2a._F..`.<..b.4.......d..j...n..`..l.*E.....[].cw....T@5.....R`.F....^k.c.....\..4...}.$...q...I.5.>........PkdO..L..z.Zo/].AU.6.+F.E.v.i.....q.#...-VQ..R.Z..Ks._.'5.8..5....)W.G.5..,.8.n<B.9.t.....Jc.T....]v3.....fN....v.6...l.$.X..6.HFe..5.;w..b.w.{.P_.W!..G].lq.D.!..........h.X.l.WI...!..1.4..."a...Qm......o..r......1..u..VNC?F&...........*..<.HT.>.0@.1........t..S.K.QN....."2'.......ja$.q..K..B....u6........c".D@.L.t....c..h..i@.U.j.qPQ^...)...m.@...9+..d.{ujh.3U.J7.?}....H..ek..v..H..Qk.lM.j......z%:.vn.;.@.$...u./.>..0.i.....9%..4..kq.5..ktH.s.XX..m...\...qt.F%n...UIJ..'..u......j.G.w.....d.k...S.........&.^.|X.v...$^...`.#.....h.A.#S.r.)../..6.q.Y.....=.mr..pP}:..P.S.....\..Z.n.9...!M|......ao....PE....rwFt*_...m?.:Z...*.m...........,..[@....*......P.YD\af.[.`.)....*.....=.KdehE....sVJ.%..6%.j...3.~..q..Ax.l`..h...~.!.7.1[.M.(.G.......A.."1...(...t..j.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\PauBaqf.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8192
                Entropy (8bit):7.980682472299733
                Encrypted:false
                SSDEEP:192:ksXrX+C4y8F3x9Rp1O5rzTrtdWycrC7bWkQp0kP7UrL:kOud/FB9E5PTrtIrC7bKp0u4
                MD5:50ACC3C40E0EC55F38B63DEE1B3BF69C
                SHA1:3F86303948380B5F8B361145FBA6981AD7089283
                SHA-256:7C480A4D40998C9EB60D9E241E725200C780D9FD7DC3187BF95C1600A90D4318
                SHA-512:80A682989C6DB4746B8353EE2EC3EF4DF995CB7E6CF6AA2C96905598088A8E38C0FE2AEEA45EA54EA613BB2510A3236FE8185D1C68547490A11026A267768B4B
                Malicious:false
                Preview:_.T..L..$.p).W.y........+y......o.......y34..........6IS_..j..!..?.....a..L.d.].Hq..E.w/..z......D...X.k.e.,.....w....qi.=q.S..f.=....v......2..........l{...>D.%.;9#.jA...!.4..t.+&.V...P..p.....49.J...-6..yK."...NZ...G.%...9.-..;N..u,...H.L/.gM.Z.....:R..pI#>sH...y...k...Py."G.../...S^U:.{..m..|...l.|Q.....h.@...I.J.|.l..k..E..h..i.[v.,...Wf....e..P.Ip.z.B...0...-.l.'..y.f..<..P.8.W...2..p!.uSB_..v.M...5..{>#HWV.!...pl...F.8EL.....t.-9^...:....."...F....-.n.G..t.#..R^...cE............X..2z8...4..r_xX......T...q~.&.r.x.7+....P...u..RR.5...rx?.6...xh........Br...cg....{V_.......k..}.@ ...Bk2<=."..g.bV.k.Il6.....<....<..O...z.5fN...o4. .}.T....!.7..k....n.....w...~8.,..oz..!.& I..JL=<R%0..6...Zzw.s.4..n.CJ.AW/&..&l1O.e.76.n...i.[B.L\.;....v.A.eOm.\q.).}c\[4......d... &.O.C9..uuY....C...<.[IJ39.r...W?J./.._....9.WO.E..R.j...S.F..s.o..z.e..F....FcY.c...xy..Q.R.v*.K<..W..OT.tk.$t.O&{g.*...O..n.b"..&x.("..:..C...=...:....4.^./....T...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\PoqqjZU.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37342
                Entropy (8bit):7.99510286764184
                Encrypted:true
                SSDEEP:768:WugVfmcRGLYJofpjPo4hVviNbYeTsJyzyreGMe71v61LUy3vA4:aVjRGMoRjAMV6NbFpZs6NhA4
                MD5:E47772EEAE11BF43F01F648ADBE76B2E
                SHA1:869E7A40C90B62A274B4DC24AF28AB4E76B3AADB
                SHA-256:0ADCC03DF823C4D3B189033B204344CF8E6DA6802D6E71128A9CD9BE72968E30
                SHA-512:C5311F0FBBFAF92C039A00F683F73877A68F4388F38C29BD16AD89A002FF40598A876BA29C1DCFFD01D806863185207BA31AD444B95177DBFE37CFD258AF3486
                Malicious:true
                Preview:^.Nf"D..n.xn[1.......g....a)V.......F-..<c..+.6T f......x......*_.8:._.N..-+.E&...y.........DN..#."U*$..%z.f.q.5j.2.h9.+$*lV.k.....RG.W..8D...&.Aw...9@l3E..R.....H.2@[..XMv.&..........T..I....!'|$e?.ic.w:G....23..c......eL:=.w....p^&.....I.d.......Es......YX....m=."...}<..r.... ..........:*.=.....\.S .).n....E.4=.88.]0..x..e....>...1E..O_O.`.B...-.....z..C..K..w.B...V..).Z.d.X...,..).C%.K.Qy.f.....C.]...K....bS....$...Be.{l.k6*.E.3.\..{...O.B..j..Ke7..B.O....&.D.......OA@=.#.5w......s......,.....m..W...).g...k......qCs......1..h.....uS......;$...-...\.>{.~g.s.e...Pk...)t..RB]..9.V..D,.D .R..|......>.....OM..7J...>.?.[.k.......~H.V......x6....k...$^b..O.#.^.7..|.B'....5.%L...ml.}...djj..e...t.....<=t.{.)D.R..d(........:.VR.=0..AW...~.vl..q....D..*N.~.Ji....mM.v...:p...I.b.pg0.Y.E....5.....G..py...i.to0d...Y...=..D...y..".=w?A.^..Z.Sm.L..,..$.U>.<..f..[.7.AN.q.._....{.]VnS..h.........VA.cYwE....<. ......\Tj.....m.+...!.)d$...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Q7PtFHm.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37325
                Entropy (8bit):7.9951166818524895
                Encrypted:true
                SSDEEP:768:SG2mIw5OoYr9KmU10VhlnTx7dPYRYpfnur+r+ZOl5XxzH7+QYeIL:SG2mfkrwbSVnFJAOVuCrj5XxDqQA
                MD5:520A1FC12D60A8DA2D3A4A21280CB46B
                SHA1:896AE7C2699FC9873F9C7FE6FEB3B612AAD344F3
                SHA-256:14AB927F3A7E55D795B4E691E4673B4ADCFFCF4D4574F80F8C532EB47036F7A4
                SHA-512:18E58B33907E1A0E0E83BD090C301D4DD2AB229F248CB77754D6420A4B6E28CAFE1C08446E70E4F942A436176187948A4274DB2268154C657CE88F0790871B58
                Malicious:true
                Preview:.\)=..p...#.,.Wk.Y.5.."..f.Y...h...x=..|..n....I.?...:...}.I|...X.A...e.....b=6|x......K8'.....t}E.4@.~.....$..h.*.zy....`F.<..8..U.4.....3!.R..s.L..h......H..V...]..o..k..(|'...q..[...Z;c.`G.m....1u~.5|..y.S..#..{.'Yi.H..A..4YT....c...-j.........@zc...NDf...<v.).yj.U.6q..q.k....t...<..A.4:........'.c../...r..50.$..)X.c...9P......~.9..~..R.Y{...c..w...6...}/..L...r%}.........T\..?.3...%..%n...d.B8e)...@....H....x.......@....w....y*.....~*.o.4....Mw..=Z@.l9.H..V..H..21^...g...7.X.K$."......I...f......l4...~l...4.-..LU..@..".&.x...............?}.}}/Z..)_.S]I.=~.Y.t.d_..X:..T_qoHvT..Q..Y..m.."....^_...U.o.@..C...aN.z.+.2.......:|....qA@.F..h.Id.X.vEY.."B..s......wf...Q.....wJuq.....]..~..Q.Cem4.n.%.:-<P._U.....T....................Xd.p.....C...5T>.C..EpX5.u=.%.+......{...Lz.....5...&..R..Q.(..J....Z......%~&2...L....U!....&...Xm..g.$...$.h.8..s..i+@.W.qo....;:.....Z\q$......_r0.Hl..b.=p.@..$..^.+.Ex...Dh4w1]..v:/L......s^..y.5. .e].0...x.}.`..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\QglPwrf.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37306
                Entropy (8bit):7.994603391644106
                Encrypted:true
                SSDEEP:768:ytem5+GCfkLaDhueMUfx0uW16NyYLTbmKS+u4iV6MODV:ytemslfkghueMizW4NyYngYiMMOR
                MD5:AE514DF9D9F7C271F7B4EA315FF8999D
                SHA1:FFF73F68F73454D09A1938262DF5F433238D5240
                SHA-256:4BE6D9E7C90518D63A11D548CE4D5EDC5E845B6AB8CF65D0478C062E566E29D6
                SHA-512:1BF57157B17EC77FBBEE2E27E06754068FD6E1512D5D9D833386C37DF6A907F84A8924A13E1CD45E822DAE5ACDD69DD98216469ECC5FC12AB08E34258DBA2829
                Malicious:true
                Preview:.[.n...l...H.....4..f8$....SK.b3^..b.L.n..L.....Z...8C..]'........%...5.4.cC|....c.p..w%......N.=......j...:.DJQz<I]B....V[.5...oz.."V..'.0V.K..)N.....wq.........1.B..h.:v..x......>.\LX.U.....F....~..T!.s......-.....{."..$t.;f5r..8.N.O....<...........n......P...V@<`.\....r{..l5.p...+..k&.....8F.........v.g#.9>.N.)j.....5.N[,.;*...`.M.`.z{4...~.K.p...'....n}....=.."..P...P.eL>/......c..........Dk.....8.......-C.Y.7.A........{...N../{..r(.4.....%E >.Y2+.....}X.".....7..Q;u,.).V.u.?\........(kp..=..n..p v*.......~....!..#c =..0.R..5$.!...f..u............dO.."....d...5.).....!.k.y..+R]....A..sN.O^.X..9......S1-3.....Q.......o.._.8V=@.......o.q..,.,M.G.^....y.]$;.Q...L.E..6...Y9.P...eb......X...<d....:...W.._$..2.B.M..S..t....zNk+...[.....\.{..!..H....6%.a.+...#*..}.....b...../`......4.h./7..D.|[(.@w`.:j..E......D...hP.....<T......R.f.J...>....A.^W;........W".O....<V.".............Z.Y..Sf.y........c@5...>....O.f..$]aF............h6..$..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\RNgbCos.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:DOS executable (COM, 0x8C-variant)
                Category:dropped
                Size (bytes):37300
                Entropy (8bit):7.994503936043979
                Encrypted:true
                SSDEEP:768:nKZbEapzAYVmZYs+9Y3vxAkidPhD2mKdew9LF4Bz9BWOsKQ9nybW2/nq0:nKZbEczAYVmEiO3Dfw9LF4BXXsdQTT
                MD5:EF46782A416C52A30CC40FCFBC916E83
                SHA1:185DB4EB87FB86FE0BE0B089E93B4C92073E85EB
                SHA-256:9357F5BE368535EA5793659188D1F38D7279EA4AE1F588E413DDE4E8818F49C1
                SHA-512:0C77402BED05FE59855585D9D493479ABDE4B57F0D5E87B1B71E5D307AACFAE038BCE20B54D2E91A7765F87F3C3254B2D1D6A02189051DD51A1E62E2C67DBABD
                Malicious:true
                Preview:..x..y8-X.+.^.6&.7...H.....J.M......Y*......^#.uv.(S..B..Y.Q<...O:.G....S[6...kL;e...n.j..o.dC...!...9..X#..`...y.b./~.&}].$.QbM.....+..gmTO..y./.*I.....6.U6.5..r...z.....].d........R..}R'0..(......b.....f>#p....t...~.`0b.....=..!.o..... ....%....3.O.).-@.o..K`.5.{...u<...V....T......SB@E_.......U.t..A..8..)2..<X....W=.....s.`.....:1[....,....F..f.#...D.3.X....b..G.X..4.[...........sTPJ.d....G.......er^.bF..B4.....A ..@mQt..."DK.}.3......B.czU..(..v.....i...@..Z...].w..]."........(.#.#+..I:..7...A...zK...m......+|.O..YBX1Q.......%<.8;~.d=.....(.-..0:.....6B...JM:H~..A.J..?..'.~.......O.cP......:......c.@./ y...Q.....q...V.....a.sg{.....|..).J.c..P!k&..K....|........U..j.zS}>.*.A.S|1g.s".<g.$X...\.&...i..A.1F....v<..`.EK....4...RQ..;"|.h..Y........O.9........<.l.K'.e........2`.`.x...a.besf.*.\.zJd`...`...,...p<."l..|v;g.9..<6.|^[...Y....:.=c....@".q.;....}.;.8.y....s....}.{...q....,."..k.......&VaM%(:%....(.Bkg5....q.;.~..0..W.)f,....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\S3lT2nY.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37283
                Entropy (8bit):7.994516334057789
                Encrypted:true
                SSDEEP:768:zNFMOwOUyS34NcqOLIJKRwmIssu413Mslm23Z2XqU3/ostrwJ0yE5TEw:zN3UyoqozC13Mo30aE/oOkaow
                MD5:BB8176E75BC6321B62DC5347F503C469
                SHA1:3382C829FC9AFDA74A1B89D30465817BC8FB6BD3
                SHA-256:949570189ADFAFEC1F521EDB0AE9070146A7BEDA54BA4393B7D515BBCF38C7BE
                SHA-512:E0EBCCE1F3176BE35FD7DAF80ADA6084F9DE7B60AF55B037D1B3912C9F5E2B2C5478C67AF5836F9CF5A405EB86CE47B4AED6AB37A7DA762F22DEE3474B75DFA3
                Malicious:true
                Preview:.z..._..&...k... Y...:..O.&...t.A0.<%..X.h)u2.*a.|...0...|..O......|kqL..o.h.m.....^...o..wD.>].d._\.......M.|..)o7....y....+zT....Dbk.....]L.X....7.DW..LQV=.7}0.kI....v.,....t...* .......x...sR.S6PR.(4..u.s...3k...7..~.:.....1{5.zaubx>.a...q.....V.P..5y.Q`...S...<.u.z..Ak.......c.Q,...zW3......"..a;.g.m.?........*.......r.%_.....3g.}y.....b.e..&j1B....Nm.E.f....3..tsoUI9..z........qY..d.nr..|^R;....$....p.(.@.hFw.S..^.........^......].0..q.1.vda7\.. s3....G....I5..}.E...zBg]h.r.....T....Mo..`v..~/O.=/m...f..V....[3@......Q.....7u..`7.UUe.[.(....X.?.$.".6.V....k.._c/..S*.;....[..q..1..r.....&f......Q.a..-...{R.f-..vT..M.O#|tj.b......:.E.z.,.m)...J..*.ss..Z.NM#.P,.K .N..r.E&..;x.....%.0:....X'.m..9F....<PLg.J..n..O..$m.x....b.w........@ar."..].W..Y...]....H\........1n..ym.p...1..?....R...g...#...$..2}..{!.+.g.(..3...W.O.....*..nz;.2.....B....W....;.ClL..!<C.{.9l..N..?Vv ....K..z.&.....W3........^...eo.[.S..&i...}.....p{...S.O.w}......J."...C

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\TfafkGS.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):31407
                Entropy (8bit):7.9933831532247686
                Encrypted:true
                SSDEEP:768:9O29MsrqZM+Nh/tUH+/lXvcu9ix7Xf5odJcm1Tutj:R9MsrwME/2H+t59idov1yN
                MD5:E7CC1100057EFE4FF224FF4730EC1C58
                SHA1:B5A90249ED2602659D5A2C6B4C6D7359E6DF940F
                SHA-256:5EE4773A8B3CC0AF86E4BC76F078014DEA35B1838DCAC56DC001994D69B43614
                SHA-512:6FA3C0CA6240BE30EB0E546B849495E07407B06A0860D8DF2DED87D0163233EEB26A3FCE93E66DE2433CB2159C44862F2A73DD8586B977B5729B173D46C15897
                Malicious:true
                Preview:./.E.nA......b...<.*)...J+...9..[.."b..F0...E.~R..ATZT.yJ:....!..o..,n.t.0.D."h[8t.8_..&.r..X.&.-.... ..kc....1.u,s./..I....e1"&.[)...O*.....5N3.a7.2.a9...F.6..=...1m.dP. .S[Q.9rU.w.9.H..>.s..B.B[.3....9..:......Qb4.5.2....t...X.&.c.DB4.../...Q......@.2%.!....}K..WE.%....<...9V.......U0q.r........_.P.r.Ql...0.._R.K.H...5.@..$*.......\.z.`.IE.<..L...a..&sk.....y.!..............k...RB...`|z="..IKAl.`..........r.k.)....Y.%.#Z......`......,.S.......c.B...Ny...2.{A.!..$.l:N.N...(.v...K..2FV\`.f3.Z....jp.My.z.,y......6'.t{...5.$K......@"...,...j.%9..n.'JS..c.e.g"!..b....@.?...o..%.kzW&.t...Z 0...b..P..{.......I1..7.l.S..<9.+6.0....NHF..A.<....._...:.`........b*P.;.JZ..1..f..jY../l.1........s.....w>...s...Bu.P..#N...@......O8.p.B# 8B.Gh.....|O....ax..'.C.;.J.C.W^.c2...=o.....>P...../....C....I...'...cC.|....:.6.WUxb.N;RR.S.E.'.$s.]z`.fe......%..G{..h.g..O.0...fJ.>...H1.......a....@k9....+B....Y_~.....`>k.o.......y..a.e)..5....f.E.!..1.<&.M."...t

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\TmZiIay.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):8172
                Entropy (8bit):7.980697451347769
                Encrypted:false
                SSDEEP:192:d2hBFQrU23IOyazmMyNCBYsUwKRsZHHDXYljPh:eB3tO7CMOYYdbRGnDolTh
                MD5:89E3F85417113E593F688D8D3C86884B
                SHA1:D18BD13B884B65110FBCE9C43D67DE1CD2E88793
                SHA-256:2090A284BF9DFBBBDBB90158C35446C0E5DC7785059E1EB3BDE04BD2D3DE6F24
                SHA-512:BB725FBC733A5191BFDFD2A20CF419527B4083DF67BD4AE1210452B81746F48B0B92FF9C00B85880605CAF7D5CCA016E45A731CE441AFA885D40F3868E9616B1
                Malicious:false
                Preview:..j$..X...n.r.?.S0......,......}.Z.Q..;.b+}B..T. l.....o.n......fK...Y{..ty..p<..................[..Cy.~.P...cE....<>j..._.E....c$..O&.../O...... .g.4...m.........-...U...4,..1"..CIt............I.....I.3..6i..*(.2....H.<.$ON..;........q...1.L......].......{J....F|.bsA....8I.S........-.H{...:..J].4..9.u.S+.....s....0...Wb..6"Z.-...x.=^..p...V..c.ds...E.K;..u|..~q...@G...fG..N...U.4....'...G..'. Q.Q.5.V....+..q.H.:5B4...z<./d0..!V.CD..E.T6l...v{......DE&.z.....9.'<?...Y.Hd....+.R}n..K.J..BC....%^%.....t....1. ..9C..........m.K.c.d..g.<.....tM.[.G.RN.......I......<.F.....O.h.D~....;......[.....)*..b.]..b}]C4.....s...._.M.`e.4...Y@X....!."..K.. R.T+.x0.3..S:.f.|...:~#{e....j~D..f.......F&3..3.....v.eU2<.W.....v.).+...e...Z..:..7....PX6.i..?.uK..{.....#..J...H 8.F.]_X.?,.....+... [.>....T{\.R.+F...B...G..H.r....Tc.Zl4,.b...a...S$....=.qqR\....H..T....7....S..IUD*0%V.R].F5w'c1.`.*T.7.a..).y.(..+...h;....{..M.?\K..xd.We...r..7~.C7q#....~..W.g.....v.1

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\TrAQNX4.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8172
                Entropy (8bit):7.979563554518469
                Encrypted:false
                SSDEEP:192:3mh+2nIm41OSHkw8xX5uhgzFZehRwj/07U9uY/OvKEC8oMpG+6:3mhpnnoOSHkw81GgzFZehRKf/+o8916
                MD5:C2269E15CAFE97DBB07288081605CE85
                SHA1:F080DC8870CD9AF99895B216D4E357469F4419A1
                SHA-256:344196DF9628378EFBA871D83E200042211EC9A682CB24619E65A1A54B932A4A
                SHA-512:9E5D555193E606DBB94CF7E5134D86A72085AB2DE23322CC238FF2FBD53A72051299F44144E3220D86915E65C1AC52E44E45E43B0850E9DF17F40E93454EC9DE
                Malicious:false
                Preview:...6....!.l]NZ.2fI.bhI*....B>.V...o.....+5*..F..D{..@k"..4....cm..."$.J9r..E.........o+9..8.l....(#.r).yE..|c..^oJ,....w.....g....#`..q..laUZ.......1....8].|P.G..>..NI....i<....:.(..k.-.o......a.n......m.. tWC..Y...5ZN.....B.)v\...}f.......$..N...Z........F_~.f. 1.A...>.J..l.G....w.'.q$..9-fz.........`.^..SXc.,d!.T.r.B.J0....{..u....j.W#.MU...........p..TS.E.....f.6%.[].y#..^.....?.":..\a.g..[.Y-.....u.....A4#da}{....n_C`.-....9.)=.w....5U=..?.>..bWW...fJ..q.LG.}.,...6I.|L.5s.U[.M...l!x..6.|.!..z>..%....X..2\!.U..d....."..~:}..h....H.~..w.8L..-v!..s.7e..i.M;.i.gFG}_..M........O.Qik.+...*l..x.....bX..iK0..K& ..&XHJ"b..H...|.F.#YO.9p..2.R..{..'.).~.l...o.".'.....:@4DC....'.=5.]..oR.3..Q....Q.P6,?D.h).Y$.-LLzbJ......l.8M>Z...`.(...N.'L....2.X.W...a...........g..B)3..0.....U..'....p....j.....$r.H..8..J<q...a.Q..W..V..!.6...drK..iP.[...j3.w.2...w`.d....t..RU]a@..&..9.S]...\..O..A".".(..M.pvX..`.~.U....0..JU.15.s<6EGXCu.o.s..<..E.....w.d?

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\UZdsorS.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8168
                Entropy (8bit):7.976179919851221
                Encrypted:false
                SSDEEP:192:7X4lS9TMVT6PT52XW7WrKLa1DgHuOTY6ccu:s1w92lhZKy
                MD5:93B4CEB1F6B841353EE177170253D6C1
                SHA1:1A8F522302557156524CC0EAC05845368DFA4323
                SHA-256:EE48B1DF8AC5195D05B9A2E6DC619267E115DE48C4CA931991CFB54AEBA3986C
                SHA-512:06C8A676E5FB6E87442CF5238B86AEE01586297BE2472E34B650B2F057E031C9514B180AD79476D68ABB21059C1E1D1B45530834DFEC981E9EF50BB0F0369056
                Malicious:false
                Preview:...............4.^u....+Q\...v(.:U........ZSi......:.D.....0.....X]TL......P^...Y".q.x...J.m8U~.j.Owt.~...;...UU. .z7.3...Z..T..W7.*"....>G{/...}i.N.....fv.[W.-...........0...O.p...q...Z..,G...x(....6....=..q....U.....=....h..]5.s..*.^.#?.sP....3..y....i".xM...x.'.G..&K...s(...}j.@.<..._...._..m68....[.R.U....d..:>....l.z&z.]cz.:.#k..\...'.uJ`....ue.... }..C.>...wFU^oW.r)...j.].A].N.5..y.g.~$!r....f.n#8UT.\R<._....n3.#B......f..m.m..Q..s....dYS9$}..*...n...J.fX..P...[......2..U.ZZ.b..g2\.Bj. .... ...f8Wf.bj..F........(t"...5...7..3..7..W..*....f.)....>LlI*...._.?e<.... ......i..9y...V.......).....$.D..iRQ..xk...'d..O]Br..,.]..]....@..EIC...d.0.....M.....Q.\...l........4(<..2.....t.h.w.h!........../hd,...../.R..,Pu....Q|l.=q..k.V.GR ...N9'.9.... ..,..[..i.*.]!X..^.u..[q.........,..n..g1..[......Q......7{<JY.n.L..X.y..o.......>.w..>.Xi...CS..<..G.U.!p.....(...{{...].....!.a..Y....0..#q.0=........h...j.x...p^...+....fU.prZ.......#!.e..j.9

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\UoWUmDO.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37281
                Entropy (8bit):7.995606324147407
                Encrypted:true
                SSDEEP:768:AM1RvUTo55zxf7GYiSYqsdn9H2ITnH/yptu9woAWBJIjKKzh+zziJAz:AMHvUs5jaYDYqu9W8f4AwuIjH+z1z
                MD5:6B29D6FA2CBB0ED104AC6568B8C705A1
                SHA1:DAC8ABBE9244A69B40254505BC5DECAD4CFB8052
                SHA-256:DB804A8E1A7371401371D56B43DC346C8CC7DD973E01FFF183B6254C49A9183A
                SHA-512:181A6AC5E51F309451920C87E47ADFFC7A04D2996B93023EB10796CE84B486A1C7B2B282E02572B0AAB80813846ED81F0C37BCF00FFEF0D881EE56F11CEBDBEE
                Malicious:true
                Preview:...B..x..G..<...*v..I....W../..e..9...j0.x+....|t6.V\..8Z.&zf...<...........H..P.Q.u.....[..$;;.IE.Ix.AMtV.}_..E....Z..V.....b.....[..........$.F.....D.....L..v......I.|..........:..kd:[&..Z.Y.l.v..6.s.>....-..b=...08..6SQx.+xT..8.H.8..,...dY7j...../)[j.=....N._.e..ExM..[yj.X..i!8i....{.....$+].nL...m......fX;.l....J.g...f.!...#35..4.zn.....;.....x....7...kT<S.<....=......[...E.-.h..<..Y........{.....4.<...)...8..0.g....n...RdP.'.F.............\.:.R.YN...>uOSc&...o...(....rn.q.....6T)...U......!...6`..(....G.P...C._..C0.I. .....X|.A}.O.A4.k..%t..+.r..T.]..1.J...L.2..F2..'..e...8.(N.i^#.........s.h.............`3w...........[.+...I....C..6...e....mg..DX.h..wg......UD.\.O......iu....^n.oX....~..../.q../......{Wv}3...K=...&...~.HkA.C.0.Q*mK_=.."..mC...f.B...d.k3.Pr.T...T<.Z....1..*9..^2Q..x.x"...1Vq...9..`...w.01g...o.k........K.*.....t..`...:4.B,....#nFR.S......F.t.y.#.....8........A.u..~4......5Q..4....s.M.+..7F.._;....'r.:.`...U=.. ..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\VBbKUbn.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37300
                Entropy (8bit):7.994522143278103
                Encrypted:true
                SSDEEP:768:PvbSsYXRMpxsoeVUBMCuDjNRtiwfUxZ1TBCMVYTjtB2UJ2ghBycmjd:Gs6IQUBagwi9dYTBYUJFhB3mp
                MD5:7D9387B0BD4B9A6F65205DE4985E3613
                SHA1:0862F164834AEB82964410D82F6DDA2597434F02
                SHA-256:3E8D713398517C614510900A8826AB4DB1EC1161A6736055C0223372973502F2
                SHA-512:E7F700851D4BCA990AF4CE8BA5F5C6ABBA84232A26DBB8AAC569DC2995481C32EDEDDC59BF0F25B7BB2CDF0CA290E84F1DA88BC945116DD0E5D42A1034F5199F
                Malicious:true
                Preview:_Q.....A."_..b...iA.+:......Z>.u|V..O.k....}...I...v.l..:.|K=z.r../$_(].]..1.Zc.~.ZR.. (....%..C.#:.q$..#.3........y...TVIAf.'......he...>..M{;:(...r...hxO.A(9.OP.u5.3'...+...\..q.n._J]....;.@N..]v+.@Y.@-.......[:3.].. ......:.b..1..t.s.w.^".C....o.7....n?..........A.....=^....#.....v......e..v...a@.....N.......0vm.......e.xD...C..T......7.#.S.......Y-..5.Ak;..mf...3.sz...7..-u+..vL..V._.w.b.<~.Vn).:.+|......'\~.I .P.e..\.fu...yA!..;.gG...|9..M.c.....`..f.;..8..L.(/...<.9b.. ~2.g....7....jF...F.. b.V.(.W.l...U....G.....B....w&......H..;6.@.b...C.N_bFP...|.n..`w..^?.%.K.b#.eHa..C..#|....^.&..82.'U....JP... . ....1..0Q]0:.Y<NhO.T_j.t:Vg~.!./^`..ER0..r.}r]..Y..:.C'nD....@.X.z%.z...R!..}%W.W...$o0:W......X....,..#...ZC?Y...........c`.0-c.#k..m.a.......5&.G.B..=..s...,..!k.*...6\.......gu....hpL.T...B..3K.~.... ~.3i.4.R......D...D.......P... x...Q....mA|;.3..X..DI..<...W.8.......P.C^.T{.7...4/o...W..t......;._;.S.S{.+g..4....]..2..m..w....;

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\VmHUjGS.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8196
                Entropy (8bit):7.975678289006999
                Encrypted:false
                SSDEEP:192:XHgi2RCjl/nlLZ2nUwyF5jRkhfPhUZreX7zrVdgF6iOU8dFWjU+j5d0r0cmVe:wDCj1lojyvVkhfGEzVdgciaQ5d0ocX
                MD5:52EA92CA86615F1F4A2DAD205F0DF358
                SHA1:C902141FB3D3D6D7B3C18B3FB188C93198E6B98E
                SHA-256:93BBA42E27540AE4B1C20D77EFD6178E65942F5D240C488243645D8D5016EABE
                SHA-512:3C3C56FE91EB45D0814F94A87D4932098F334E4AB12261CF656C00427EB1A637187EE1F0EA8FEA06A066156CB5E53A5A77E2D802FC538F7741D3D5D583EC9EC4
                Malicious:false
                Preview:.'.)..]...Z.j{e.Dmo...7.p....:G.[..+.St.H($^...s..1h.........n.q...6.G...F......7.r?R.X9......2..)...Y..w.....Lq......y...'.-m...CQO.w..C..\.,..`..p..nI...%3h_3.]...Z:.t-..z......:qz_qt.Ek...#....]..V..=.G.Q.Ff.^.B..tP..s..KCv$j.%V(Y...O....#.pg6.l..'...E....p.aM.B.\.0[P.R.y.@.=..7=....-.n.......x.......*...4.....<.v....c...a..PwfL.X..!a..&..h..9qu.Y..._...\.p@.......A..31[@.`M....v.,`.n.<..pf7...VS.r.....#?K.}1.r.tH..u.~([S.......,(...W.:RM.M+..'/$.M..Bq=A...Z.C...5 .0.....@s}UJ..D.:..(17.X.I..............z2.Q.ce..YnQ6...nP.EbI.~......]......Z&...a.*...sp.]K..oc..T.W.|xs....E.J#\\...).{.....f...(....3a6.......".I*..w. ...^...f.q.G...Ac$......f.`.rI..F...m..O.3._O...y...;R..z5D.7D...,2......9.h.V.IO......ux.y(...'d...c5G..7.~FDz6s........W*m.....#5&..p.\..`+.......'&.4.3m/..}...{+..h...0J.j.......*..o...9R].I.\.nQQ....)...i..[o...%n.>.67.....O..-.........M..&..T t.=.....{,.h.o.G.m.I..K..9..i.&....:...M.=D".V.x..|^...H.0.....c.^..z..YC.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\VobaGMs.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37294
                Entropy (8bit):7.994683643504332
                Encrypted:true
                SSDEEP:768:1PqjMVOfrUe7Cbu/07oGFuTjcAbafNYeg2nlxULbqrF:1Pu3oe7C5lCjcCafNYF2E3aF
                MD5:84BCEDB4D3589A3F193C195B044EB490
                SHA1:8DB06583DE14806904E56FBB7242E19AE32A4A8B
                SHA-256:B2ED6B58EAAF55D6DF06B567D94372A57598997E285CDCE72604401C33E55C84
                SHA-512:0FCB67BD03B47E04286D1DFFFD37D96620638013DF9BE24CF4385065A9B8AF84E79002B7CF9DCCCE36BDA1CB3BB2D3A7E43DBCB3601802119232078A465AB870
                Malicious:true
                Preview:...p....l.t....Yw....>...m.I.q..n.zz$B.@.v.n...@.Jm...Y..D...7D.Y:......./.M....&K.....v.C.U.....%-"Q.c.3.e..a...Q...H'G]..U9..R/{S...99q}l..]...1.6.....i...J.A.\...k..tR..-.".n*.......!.Vf.k..... |...fL#... .9 .....\AQ....D...m }.t@<..@./...j..5p.r.Cbl./.x..E1:.*.. .D.M[....2...io.FD..Me...N.V..I...H...F......[fyS.;.....-.p...`F..i..o..^We.h.......ebr...A...~H..n.bc..]p.......!.E......g..}).f)...`h.&3.e....F.J.$.R.^....~..6....b4......4..jX..H.;...Vx.1..K..A..0...@..b..... U.j.P.i...>...+.......J.......E9.'..8).X...yc.W..Dr.C.H...j.i7...&&.s.......s..R..s.:I_../%V...'HB.M.i.....Iy...l.1.nv..T........TB......%.W.g$...{.=S_.]Xq...v9.d.........^.....i8|.d..[B0..D}.`....4;..h..c<.G..*.......k........EFe..T..;l.T..{.)..FD....x7.Mr%...)w.G../..O..N.X...>.p.Y.Q+5...^./.q+......H#.m5.l..[U........g..*.=..CkZ]IGt....V.k.Cs..gKxy......|...F.".E.k]...z.7.q.X.V?"-.~.-i.:...F%.F.:vu.V.y...g....Hi..O.3CT"3...P..a^7.iO.}.........@.*.|8.........*.....M..C..h`

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\WA3OYdR.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37293
                Entropy (8bit):7.995190001162069
                Encrypted:true
                SSDEEP:768:omqTqlg4UpXkX6nR1AmMelFXIblhocN18TuKh5C8LZ7C:o6g4UpXkKnR1AmrlJIvl8NC6s
                MD5:503400E1754960DC85AA710860CBCFD0
                SHA1:138A6BEBB5F4486979180ABA3A9714C6C86AEB7D
                SHA-256:25DDE963908C32FA55D094E1D7BA94468A2C5B78068F24EB00247F0D28569C72
                SHA-512:82A04792E727D47329854A0066E59DE0321E539068AAADE09AF3BFC099A5FF68E85FDBC3A7410F0A4F49650D12A7D811850F3A7B82D2ABE86AF21CF4C3F0D163
                Malicious:true
                Preview:.....}.f.]..a..((..........|.ZCD..............`{.0.r.^.'.....c.L}.V]........}fJ.k...K..}..`.....?j.}.Y..I...E...7.!.....o......|...t.8P.~..]....y'B.R"f..cE.\...I...I...............7...k...6..1J....'.<......X.8.....f....4...w7......+$.v.'.LF<.[...0L.3pg.U....U...{.......Au..$..75..".T.[.Y.;0J-T.,.............#.....Jb+XW.F..O.C...Nm....k.9.W.Z5....EW..m..y~%Q.H.x{........ME..\$..........s_b.M....Sz.6R)..a2d.b..73&..v.t...."...m..w.~|..2......,...@..}4m;./.>.....{$.h..P..........b....[.#..!..}.MKe`.+..W..o....v.]:l..X5..F%.:.z-.D.....=D.1.m.H.[N/k<.:.R.i...a..m...J..R#.zo..0./...n......j.9;6.v..P.+.....#.-.%....+.U.CK.k.Z.......K.y...M.Y........ncN......x..D...n.s...LNnz...#...V.....?I`RTd,.gJ.G.".....M.7..#....O...U...|0..6Z._9U.........Bf..?.9.p. ....v.<.....4......d...m._F..2$.4._..K.L.2fy.~..z.....MW..61....e.... .y<.?.w...*P..NNM..u^.aB...M........}x............%...AB_\.JD.wF.E.W. s..K..x..,.z.pu4...`...jw&.,..J..dD.U<.........s..Q....:

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\WOAOF2u.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8168
                Entropy (8bit):7.977833024010383
                Encrypted:false
                SSDEEP:192:Lc+WjLboRTI88H0iJFPrhboZmOPQM9NaEeGNhmjPpPr4b3c4IVdeb:I+GoR0PxJFP9bqn2EekhmPVK
                MD5:A05FA801BFA59031132BCE9219F8961B
                SHA1:462DEB72521C2A9D769B9826D946550B1A032DAF
                SHA-256:ADCD868CF36C7959CD2898CA938025F8450B874DDF3C5B6027BB2DBA402C8B01
                SHA-512:759CA4470CBFF7FAC7883336279B413EF619005EABA7218561BB4353D47BCE5FB9E8695E94619224FC8D28E29A77867CCB24D4502DA5A2F3C4BCA79D8406F57E
                Malicious:false
                Preview:.._.-..w.X..NwO&z.......W+.LG....T.N...'....u.L..a..j[N.......w6...th.@...~...........x.g.9J._%.....)......;.'.......H..6..=?/....="e.jn.W.D...oS..Y...6f...d.....u...2.BvJ.p.~H......U..3"d...1<..v...!..Y.\.,W..;am..>..e..,.@s......V......,}W.0._....SUM;....3.f'..0Q..3.Q./=:.s.}.uCaP#........o.r.c....5..#.H...~.e.y:......s7..6.MQ.#$.Z.v.....e.U......s.F...~...D.fsV..... ...2..._..]..$...[5.....q.5....i...7u......SE.|K.4.(.......Z.........$.Ud.fLd.1......D.........P.s.c.'Y....L......J.K.S....o....u.....'..)a.c8.g.@......i3...o.!zZ...kh.j.b....g,..,+.Z./h......4g.3..yO,|........]..*|.........1..h..T.gm...u/.]..s.....W.E5.ThK..g...+s.....l1.r.S.vx.>..........+...cK4R..`s.. 9IR.[{..S...#j.v.s..L....Hw.E.m...u.....T....2.k....@....y..fjA....4...Y..`......5......<B....C....J.R.J....6.(.N....f=.)..A.$.ys..h.6.re.-i.d...`{.B,..[.7.-&..|...h.s.R.e......6.1..Hkl.c7......v...}.?.p...{,.........\h.O..lz....u..'...D..=..8..".....Z..R....*`...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\XliX2AI.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37302
                Entropy (8bit):7.994721754913767
                Encrypted:true
                SSDEEP:768:NmbOyYhYbzQJVZsuTB+fPJnWByMoT5+2aXa9VmbQ3f/A96u+xu:NLyYhJJVdTIfPJWBnoT5+BXa9Vmk3f/e
                MD5:22D4D2368438F6082E20799A794E2B07
                SHA1:EE73EB7DB30625A2F61B28434F674EB034D4BBCA
                SHA-256:250459DB336C8E74B5050A90B155D44DA3AA7F5CE184C5047F71C1D37B470570
                SHA-512:9C80AC6FFA095DFA0BA054A0AA1DB9CDCE69D934A0E5B253CC69DC134C23D188212E77AF27277FB51F34C258D507BFBB995F8378E8FEA3C64038945BEBAC8D64
                Malicious:true
                Preview:cA.....E.OV..*.-.M..74..hx.....c...../........y.{..t.=...=.Dw....0_.&.[..9!.b.Eu...,T7..`...5b.p.J.......V.+....'.,."..q...B..<...\....(...@..Z.{.M?..H.n...i@.....o.P......-...8..u.P[..7......... N%..r.;.j.Y..)y.10%m.. @....\^Ti.h...H.ZU......T,I.##.2....CL..*..&.v......R.$.h..k.tm.y........>}.}.....r.gf.....c>p....7!.T.R.h..]../..R..n.....6....Zf...M.<..!..r.....^]....g.Q.vQ..V.i...'.>..U1....7.s,....U.).b...c..d!*\^........3.|9...<....42..g....Y..{..RS(.S..=@g..J..)..+.i.3<.Z../px,E\.gE..e2.....t8.".j/<.T..SN.].Q....#z....$..BG5g2.2....l.Hc.Y].$A]c..o.~.}!.J.y]o.b.......=!.T..f.G........hR.#h.O...k....o. .d...j.Z..-.........^,n$n\...tL5L.5.p.:..&...(.......Z.u.4.#.9.C.-<<.....>b..o...g..(......k....N_....w.$S.p_.p.!....X_j..%..#....l?r.[.WM......#....e3Q=3.y.M..wT.(...nV1..<"h......<...b.T.1....J......EUE.47...A..{..Ow@w'...j1..iw.z....^#.gK.y6J.....X ..:GD.......)`..lS.....!.nhK.L.p.bX.f.nQ.Z..[T[....:.66!>...2....m.A....ca.".8..Q....$.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Y32D5AU.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37320
                Entropy (8bit):7.993859305153954
                Encrypted:true
                SSDEEP:768:YPT2ayTUVzeERNS+d4JmFojZDkdcNYI7oJouCim1DSaal:0hRNSxJmQ3ZoJoiGvc
                MD5:BD22D6A53A93206AA67D43272910F876
                SHA1:0C305F7208C19E7F373EBB9502AC0BB878395A31
                SHA-256:84BE02964ED484462C6374FAEB62E74F233EFAF31F737D2FC9FB85255113DE4D
                SHA-512:883B0956D327533AB98D1D22D1A5E310081A3F37DD5870AA7ED8ADA945B6C08768F21FDFC910D5395D2C3064E7C2A15F7D18E85F81EEDD891BED5103855131DB
                Malicious:true
                Preview:=.3.......Pul|.....j.A...w=.\LV[.7.(^...q..-;.....<]O...........NsO....T..e)W.I..x.^.W.>..N..13..q1Ktt..Y.t..m.T.G....f..4...NL...d..qU.:...D..i......H..".N.`...,WQ...gS.....+5Dfw....eh'.fV..Qb.M.Cyv.8o..b........%......X~..v..<...8..8z.....c..V}..p.\..w..+.........Y..+...&t...&....o@*...Q2..\.L9'.B....v..0*.-....>...U./VY.*.9.$/...7.P.8.{.m.c..o).......I..p........p^(+.~Z.S....x..;.}*.Y.HT..Z........N.E..!y.....,..,./F.u....6.0.l?...~..M.C.-..S......q<....TV.L..Vm.e...E^N:5<t...B..~)p...5......e.P...|.U.......>0.@_..j1/..J..qHzo.z...../.m.y<s..;.?....O..5....`.....H.....{...=AL.....zFB..XP...|....o....hkC...Tr.........E-.......G..~.+aaNP.....X.d.p..V.q.$,e..|jEG<.~..C.G.i...T..*.,.\..+.....3.H.u[..;.......t_..o.<......{..w.d..@.`^...8..q17.........'._..A-....+5..bbC"....<..PB~..hV!..x..D.....a.x....(.U-,.D..w]....;.......>.......,X.|~2P..........5.....u$q...g(.Yy2e.O.5....."...$.;.-.U2.".Ln.3S.!2.L.-+.e...T...^.J....`....d.p....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Zcv48lK.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37322
                Entropy (8bit):7.995247944668051
                Encrypted:true
                SSDEEP:768:GQ2S78vKf05+mGNCe6pQ5+HVhzPHv5knhCZQj9G3VB8kjt0cAmwp1cAx:GaAGNsmiTqnhCZQj9G77aoS2Ax
                MD5:C3237565B30F08F54D1E9935BA8B9A23
                SHA1:9E8F87CA02A2D5A648C55D8141E42AE465ADD2E0
                SHA-256:4AE6233907773F61EAEFD1A1F7411F76BE65B0DB55EFD43CE300F2AF256FCA4C
                SHA-512:6307DAEB481E4AE7E5ABA784FDA55CC8A0E068DFCBB96C14540E74857BA6B1F5B7AAB527CCADDEBADECAC4087AC461037EC9C8E6D1CFA344AB8F3594ED412A3C
                Malicious:true
                Preview:.......[.V.z.D.FS.HE.bB.cr.BG.(!.E..?..M...P...Z.U.vT?...i.8....../......#N..s.?.h......~(....;8{.h."w...J.T..y....?3S=w.ljp......u*..k\N.8.l.4....f.>.E..rNo.M.P{T.K..!a.Q..&YJ<u&....s.!......$.(.@v*O..p..2Xlq.n.Y...Y6.J. ..~.kRg`...D..#O.:-..s.3.....'.n.Nm=...~.$r.?......j.Z.Fe.:.....[L,h..0c.hr.z...U..g....u...H:o..gA..T...gJ0a.p.X..._.M{O.....Z.p....A4W/jK.<.|.h.B.R.....v.[..s..+|(.+>.*.k).D.h.....l....."...~.n}...J...t...Yf_%-..s.........I.U....t.........P..m.S....oMJ8.\.`.......k._...NB..rs.q.....6R.....=.(.TVRv.H....H.3[...u...JaA.v...{...W...d.~.<.9....&. .....^.%6$......$r...j.&......~5..3.+..4I.....a..8...$.i....6....x"..BI..z..96x%b........t...lFuK6.NC..]..A..z}..fx..*!u.}..K.t.R...r..$.N..W....'.uA.v...?..&......~.Z...4../.....NV........V.ef..R.|o..h..).......z5.]*..+.*hk.-.Z....Ie`...>.......]..}..?_...~.9e.F.W+.MZ.\%...(..W.,[b..V.LM.z<..^..'..d..c{........%........c..K..@q.ZUn!(Y.....;2........h.+.-2.n'...Fw.9".R

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ZpjwN4d.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37324
                Entropy (8bit):7.995476392795937
                Encrypted:true
                SSDEEP:768:LrBMSygi/e4HYAtIp1krSYf2OPKyIK5/RsHvR2vG6zxo1+ta1yh:dQeHY+OPWasPRqG6Fa16
                MD5:2E4CD2F5EF6B4B70DB08C22471312A08
                SHA1:176D7CE2F81038200FAC38D16AC44D1CA83A7E26
                SHA-256:B4E85AD4E650390CF8809DD9C93388F7CC1276AC928660FC54CFF4B6B0DFE29A
                SHA-512:88AACFBA59D916A403D26E1E71955AB403A08ACF34C5D1EF635E28E0124E8D01A3DBBB2D1C8E2EA465B95543A17F4424991B34AEEB5430D947E33859269ED4B8
                Malicious:true
                Preview:Z..e%...9..:-.h5..e.!....... =..L.T.R..g.E..tZ.5.W.E..&o w].M.R.`1. pc{6.p.7.\........>|[....)_j.d...^6..f.O.R.p....../.6.Z........,.l.b.-.]R..r..g5...!'}..xPZ..6.~..-..Uj...T-..).#).Z....#..U.Q..sD./Ek....l0..#3.[+@..I%....x...hJ....S.....k:.......x..].'...N.3'{B.K...a.......Y...aVw..7L...*..s.s"yX.x..!7wd....m.:.! ......p2..'_.4Z...:..........A.V.m.@...0;fk6.b.._...R.2...........utp.,..].. .....^.gT.#k...I.x.E....t9.p3.....}......X9z8..*7..K #.l.p....).. ...f|....mw..%`!...&......b-.cZ.};..N.({....Qz.n.-.z.l^.!Q..TYl1..h.J_..d..$<...@....ud4.....T.....g.j{22.._<,..;..Lx..^.tf ...2.``....cr....h.(..B...m........X.,.P.V.GJ....y.P.......g....M{.$J.jh+....bY....C..,X..}....o.=......#....].Ua..l.m"%.38?.....K..%..M.......(6;:...K(...h....O^.?..L......{..{.....D.G...da..I.N.}_.7f..w.4...>."5@..Up....dE....f....9.-=..XQ:.....*7l......PU|BG..g.._.-..?...gv..x.w.f....e....A..=..*1..c.........r..a(.b.`4..W.........HiKf|.{....Cv.....r

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\athS98i.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8183
                Entropy (8bit):7.974840054909474
                Encrypted:false
                SSDEEP:192:eZV6vwBFom9+phmFa9/qdsB0wgCngDfgJO5YjJbfFmUyNfjl9QJJ6zn+9:eXKwBFogkgFagdtwgCGENbUfjHDj+9
                MD5:27C57838E3AE530C1B5B64FAF1B8F7AC
                SHA1:46EB02C898092BE73096E7EFDE62B6866384A63B
                SHA-256:D16E0A826CDC7BD1684168540DAB9763B6FF54DCA4ADB0CD029C2320B58618F3
                SHA-512:EB45F5B330B0DE48385D890B4487E18CA2088AD85407AC4F9054B5CAA530044E29BEB6AB5A43960E436912CBA8C0E1C932974BC0E9233C9C15D6D6AF7680F054
                Malicious:false
                Preview:|s9.T....(F.f.....+.u92.H....Uj.?6.}..@V.,.c6.[..R.t.Q*...(.+...]yZC......%JP.KM.v.h+4.NU...1.d....k..>.^A......{.6"...U.....I.UHq2..T.......%."...?.P....)...A..d....;=JT..g.=.Tu).`b...W..).a^...7.b..X...l6..].p.BMkQ.z.....e^.M..*4..n{.)&.D.....o.....l3.J.....e....N.'...f.tIo.|..`.m...hJAv^.B6.].a.'l.U=.+z.8..D.6.S'....6..$:>...8. ....".."e,.&~.[....cW.`.wF(.^.........d(.2.Z..:"*a..}Yyx..#..2kt...3Lp.e.3...<0..k..b.y;<.Y...S..%......F.<.f......F-.+~.0...h}.&W.ck.~.i......g\..r..2.#E.}.].*........~7.C.o....E@....wv....m|t.....*H.e.V.N..{-...|....}.|..F.G..w.tE.......`..Ri.l.T.....C..=.b...}6..H..U.{.L.e_.Jr....f..0L...".&....2Q;.`=..L;...;....r...u..<H.9R.p-@.N...(.l...<.49]m..........ir...G'=N:.Gc..........v...1.l.rQc.7..[._...^..Q...,..p..XKN...O.<...}..{G...-.+2..]K...sX.%1...f......Uo8.%..a.....V..3......J.;i...+B.-.?....k..o]...x..2+...u...=....{.v..;.-.4..+z......rr"t......j.i...BM.Y..t..;.8...]..S..oCoS...n....@.r.ID...f.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ccnxj1z.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8178
                Entropy (8bit):7.976431373610119
                Encrypted:false
                SSDEEP:192:on2e7j20aoS65nKNOCzPf4mYAizIsVRWdz4rlCN3DWnqwLs/le63bRMB:o2Ej1aoS3OOPf/axVRwclCRDKqwLuled
                MD5:10461386AA5022DA899D90DA08AA920A
                SHA1:655147B51934C8D6BB2467838BEBD61CDA36B894
                SHA-256:D4C2CB153D29B8C983296582F1720D4D9E6AF3676BF1CB947AA5A5625E0EAD68
                SHA-512:355C40686A86413EF23A610B42209E8389DB58E8984C3A2204FCDABCC5E34140B70250E8EA6584B946103072CDE95E37AD9689021ED54EBACF3D4EE827A16628
                Malicious:false
                Preview:+"R..k.n.)j.G.....1j..,. .....'wu....a.....h. .o...q8..9`...,..Z......../.d....u..WR..T+l......x@6..4..}../......uR.....)......^...QC......#.,.d.O....\....wL.I.....!?./<t5_...T-;w.x,.R...?.b`._R.u..A..*..u.y.a..?.PIk.!A.F..|../...3..Y/.\-..}]..&O....De.m.ae..@.p....#....$d.L..y.p.K......q.;..2.3.q..*.,S...T....7..>E.....#B....b....|..........+.X..T........`..H..J&.+$..LE21z.D..O.F.X/s...W..@...M...n<.\.....f..A%...&....2..|.II.Q.6@jxLr.Z.Q=8..rb.....VC. .}...,..> ..........~bX..M3.J.T._.'..tm.H}.BRK.M.y...Z..[......Fu.J;..B...L0p<.Pt....l7K...y/E...........D..8...=....Vb...Qhb.s+j.9+V`...z.f/...{?../5.........a...q.b.....m...t..nN.F+..A.....[`....[.......t.6L.....g...X.....QO......u.o.sSk..9r.c].P.[<U......f../...v............Z....G..+.@.\X.M...*.."._F.a..f..'...7.+.J..I..0.y&....|..R.W.d.....#.p.p$..<....f.S+..P....6U...(......6..I.c_..*N.RuA.Bvb^...0a...H&...Z.......z...>... ...%.B)..._...N..h......G^..'.y......../{EBd@........

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\d9lI4gO.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):37322
                Entropy (8bit):7.995584866085439
                Encrypted:true
                SSDEEP:768:cZna2/MTISEd9WV838sqNrxlu0Bt4IwFqWq/VbX3wjLvvIcJOnclc+:c/wEd0V88Nrxg0BtSqWqJ3wjjvIcJOML
                MD5:7F47BCCE097353F2DD05B14385D1D63D
                SHA1:D97FE791CA5A9A93245154BE11E366B1F2A95793
                SHA-256:5FAD9F02F27F3940988C03C81D9ED203D46F68CBC68883E274677CAC4A3BC568
                SHA-512:7B3FF1738CBF73008B5924462ED2BDCD8006E1C9CFEF80B9D82EC40F55AB07641E8010129175B7A75CB62FF6D3F406F573B2167CBD8A0FBF956AA1F9FA12A56C
                Malicious:true
                Preview:...;....6......r..d ......p.lM...C..S.....G.J....~(?..|^...N.H.j?.bD....vx..?....=...D......M.....i...n\...........e......W.....5.L_....8..H..; ..8.!..sl6.&.....X..v..9..`Mj...{1.}.*..\U.&..B1...............$.:...EnH.7.RT....=X.7.B..%.*..Y...f...= .!...."...n...]/..F..k.......N.P....4.ywG...6..>..7.)'.}.SN.......c..X.u}o.....h.5N6.z....6.Ed<eM..h......D.P....$.\?.....>....ZB..%..M..N.i.`*.q.*NQ>+.9..o...c....../z..T..N.&l.b.hI5...;.U....F6T...O^v.s......B>.V.,..os..T.~n#.T...2.G.........8.`.....UL..74.E...fGJ.....`.;.,..9.H...k...~......8%'Lz./..d.v.9i..?U...G..Jr.^F......K._....*G....D>.........j...gr....._c.v...\v.......S..a.......X.SM$..L.~;5K..3<.O.n..s.w.f.....]...Uu........3.._......!c.W4.@Qe.......,.[.'T:..z..'..n....._"..D...mx.u......B3....g+O..O.._vT.d.zT.&_Z.u.U..Pc..Z...8'..+n...V.....H.........l....".......f.?...0"pxtJ..\e..F.X.L%..J..au.j;Is..)c...Ve..U[.[D..9I.K..L.'~@.....xX.......... .I.4.F.$..{p...A.....?...S.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\dcu3tk2.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:DOS executable (COM, 0x8C-variant)
                Category:dropped
                Size (bytes):37336
                Entropy (8bit):7.994672906043493
                Encrypted:true
                SSDEEP:768:xaVirmZGff+q4xW++DU8epX4KXdmvo5jOqX:kUmZG+q6WdXAokmHqX
                MD5:E3EFC31F71576C5912BACD2609594B01
                SHA1:FF61000A554DD20137B77986AAE9665D8C80C45B
                SHA-256:417CF6BD195E4B2843B2C2C6195CD78C8E546348E004E283FF632ABD7938704F
                SHA-512:77C7B5AF47A43C39B8EFD19669F54781FB3749B9EEA844D1AFAE575CBAA9D312365F4E859B588BC29BA4278EFD3402A9729C6D82D303AD55063838A97C681AF5
                Malicious:true
                Preview:.}....:?4.>R....Q....#..........@..q..w(StoN...De.;..u[B.7.X%....ij..5...d.....hu.U...........A.....=t....a..<m.fV....]......e.Do..X.m.....H;.Q{v.E...].G....Q.%.dC..b.i.-(A......C.KjK...d%7..@.{.J..q-..j..d.....D5.1..g.^\......C./..hX.w.U.t.;..)........)......!..p....4.OD.lC7.d.H...h..Z....l.s..g.w.Q.VD.6\...H.<.C.e`.a.|..c.Dj...........[Il.7ce!....Wt.O.....r..-'u31........@!+]...U..hE..K..c..U\.E...."......+..%;.n..+o..q....Z.;....(Q.}..[V..4.-.$.]. .).:|.~.I>.X.........z.l ..W6...^9...7.c.j}R.A.&B/..,.S,[._..d$3.>...l.Asi.....%..K...7U7.B0....>..9B.K.......:_%:.zh..e.O.L...f.)....V......_.....&.>\.rQ.]!].0,c.o....F...'.....U@.9...)=E...WT....D.>.o..R./U....(Q.*7...5.C.....o..d..?.(k.#....u..........tT5...........d...E.............U).7>...RR._.$.4.$e..r...1..%]=..<.i.?.W..9^@.r..9.W.^..6/"21JL.\"....U/.6.......U.5LD......v...rBS.B.....@b..f...-4v.:..v.......N...."..Hj.!.>......._.c.....l....V.._..Q..-.F.wJ\.2.g".yI.!.6..;.h....B.`ZF..|.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\dyYGTCG.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37273
                Entropy (8bit):7.994477694339082
                Encrypted:true
                SSDEEP:768:cLkY9eW03xJurWErh52PZpqDeEVZo1t9Za1Gsy2gmWb:cLk+K3xsz2PZpQeEVQza1GL2gf
                MD5:5E6F42705A7B04FBC97957B3C7F711C8
                SHA1:165AB7E44B5F54B8ADB9BED259A6BCC029E3E1D4
                SHA-256:77F68B1DB14DDE108525F1B505151B67893C0461A84A4A0BBD9E94E8202CA33C
                SHA-512:581D811137EA0FDC5E3916FF00354E82245B1C5D4201EEA8156BB3C3346013AC7634280B40195EAAE64A541D78228AC908B3330FEB5BEFB008A3164DD87ED63E
                Malicious:true
                Preview:)..*.._..#.iO...a.?.....I.F..........X.?Ihb.^m..+..oa.%..:a..]......B.`.bO.?A..Ii......YV6.6...miR .J./.{.`.D..........E2.*v...%U..L..4&'....A..{.C...^J.>.t...B.HAq#..,...n.......{.r....-...U5.J..E..:.8..SX..}aw.....p..._........TX?..nB.q..T|..Xi..;3.g:......>..p..T.....!......"H.Q."].N.P...:.X{..!w!.\.B&iq.3..~...)...<FL.w....Vo.I.rE.........S.M+...E.k.~D..$.....i.....0F]I9.x.&"..W..>...Ea...........Wa%d..^......Q....h.L..W..........e..vj.b.1.Go.p.h@.,.e.5..w.n........X....q...mo..t...\i..L.*......G.q.w....4mTY/.>..GQ1.f....'tX.g,..K'.4.....R.jz;\....:Ve>...O"...~)9\P]W..p..q...N......c'JI.c.....6i..'dOS....b(.5.h.2.d...y$a|X.5b.!..L.....g.-m.v&.....YD]X..(.....p.!.....a.G...,c+%.....6uF....h.r.E0...@.B.7UB..nWP.nM...l_.ex.sP?.QaY9.5Me.[.x`.?h'M.e.DI.U*!p..o$*y.;4i..b...I5h..&.1Q..N.@..l..Qo..{...&wD....T.c..../..}8.W.{..g.=.W..n......4.z.x...v..ZT.Y.._9.Yy.6R .h.B..X.......3@.|..........dGRK..d|..*...m.{x.0..*......'.P......b.X3....T..$C.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\e6Jquoa.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8168
                Entropy (8bit):7.977351297361485
                Encrypted:false
                SSDEEP:192:TAs/CWlJFN/qmfuPz86BdJ/Odc29ppM8Fd0qCSTSDyaF:DJFl/WQ6BCcYdlIF
                MD5:AD870494FF09824DA989D0CE12E3731F
                SHA1:D11D5A4CC41525EA8B1AFC95339B7772E4AF26F4
                SHA-256:9C41E3516B383EBC64ED9726E50C2A13A8C3120CA9D5A3AF679553BB8BB28210
                SHA-512:4365610A4997D54FCFFAC77D7DE9CED000B463D0C4259EA100897C3E650A4FA5127CC618E0BC25788C875438317BEAAD049F298E10B64531A8C0576C14E960F8
                Malicious:false
                Preview:..>....Yt3...A....#.... d......5-YO..-.......w.9Se..4.:B..m.B..........d.C...p....V...R...+' ......`..#.... ....5....(Qer.....x...H..6.\|.X8A......'.8F.B....G.......K..E..l.Ak./.U..P...Q3...G.1.4.A....a..6.D......*...F.F.._#......B..L..$Hk.J.!}V.h..h..QO.4s.:..upD.E..Ho.N...T.gh..7.DR.n.y...u'.2.>#..(.I'_J=A.i2,..h.......s@QX.q..#,.~.h.O4....7p..uVe..C.<....L...wd......Xj....6m.tBA..3v..(...p..-.[.*,.v.u.t....{.4..P..........H.PO.......O.."J.^.h.q.X....a...>.~r.H!R!....fn..\.XM..Z...f...w...N....Up.C... ...t&..!q.....E.......".F..Q.6b....PT.........d.P..:..h.a... s...."EL}w..j.....:...q..U...Q/1.....L.X.=.bL).....]ED..~....k...UN[...]..:..,[.._Gwm{Z....ha.K-.&..0?.._:E)._^.....LXJ........S.a..W.....h.w.S...k...pI........`G^....R.S...zE..k..+}...`0$>.....tw....-..Uq.....!.t.+.d.c..Q..A.~..W.g.y....A.7..R.q....).?"I1(.J.`...]\.K_.}.6.b[..%@.9G.,o+..!G.r!..)W.l.$)p.(........M...]..&z.Vg(.l%...,.4GK..v.Y.u.O_....dK:u.B.0p.;.`

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\eAHxS9o.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37275
                Entropy (8bit):7.995282661884347
                Encrypted:true
                SSDEEP:768:LaR4/pQFY2Nuin72nS8H5Fcj/Qn3H4MRQ/5SkVcGjablj2V5Cec9Y:Lm4/pQFDsnSkaMRASk6Gjs2VhiY
                MD5:C48657017FA5DDFDE9BC4DDA15A7B190
                SHA1:A4ED651F0940F620F73F96EB369A93571403988A
                SHA-256:551F60381A9DB66FFD0E3FC33EBAE76743661992903A8227E0FCF36D7BDC9E80
                SHA-512:983061E1D141A516C78C8E78FAD83CC6D45F540A0DC3A12DBBFC1D1B46642B9509DCB820AFE5C1475A7176AA3E90AE2FA9B84D7C143262E9F306EB4AD7F197D9
                Malicious:true
                Preview:.d....9."n..#........oy.b%.....-l,. .E...V_.~{....h......a..q.........).H.} R.S..i.|.q..?...x.(`(...\bM......!...a....A.`..s.0..m.......fe...\..<0....YsX..n...J......j......k%.1!..1.&....i......:....4..V.....J.<..Sm..yZ..&tE.s..1K.a.S..C..|...N...Z..8..$..lf-....,..Y..x{..D..UY.u...;..+.=\.+.Y.a...N.....'....w@.6"~..........*Q..?.~...q.""y%....0...^N..f"....r.Y.r.......Z.d.m..R..lq..F\...ih..7....C...(nh...}.6*(@.t...p#........+"p%X..u[...2....P..-.K.h.b#W....f.......l...lx|`.)../`z. ....fZ.7Y.0...1Rj?..g9<.9...q.9..L.....=.F&."qt..6.."..4.e....U.Q..........x. ....J.-..Gw.lY....p...,.77....hB...............L.'....6}.{...9..v.8....Z#........$J.7L,)..n.d.M.<.%...@.I.c.....%@.{.q.v...../......1...X.`..(/H..1..h.c.....F.kp?........e._..$.s"V2......9.......q.kb.l.{m.............m.JW.].2.M_.......Y..a.'.e.{..._.-5.VvB|k......0V.f.........Oj.3.s.B..... a..i.u..iS.10].._{.0.C..j../..z...H&8.0.#..<J.8t.n..;.....l..`.U..r..QsJ....Q.OE..S..e1.r.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\erY0N7K.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37301
                Entropy (8bit):7.994990111739107
                Encrypted:true
                SSDEEP:768:tEVNMUv4w1c0f/h+r3gxEjdDxoiA5jrCttndE8yZNO:GjvB/wrwx7jWLndINO
                MD5:B5DA36300AA31E1772E1A5AADA32A4F9
                SHA1:5EBE45DD11DA04047554BBD05E494CEFE5E5B5F6
                SHA-256:0777F5BDDAC0A7F63F00D5C6E93FBEC5565001BFB1DF5FA02787CB8F5B974A48
                SHA-512:A88CF255DB1A1D0765186D38DC6C5A7D38D85D902E1726979ACDB600732DA974057C1629C3705787F63EAF7FE5A020DEA55B9205C215DA9549804949EAED6D1E
                Malicious:true
                Preview:k.i.X..#..].u......h.....Z...6..%.......(..J./S...!......6,.Du...6p........J......t....$j.....T.Cq.[.2F..iL...}.)B.*C...{+..x......#0..}....j}..n.V.R...@..........>.I..UU.....=...l..*..~.j.=.8..E.o.....N|.[........n.....~f......R4..........'.h.;..v.^.Y&3.c...N..*r.uw.,U.(..xz.I}.....eWs.!5... Q..`....X.H..P.N{.I.3x|{.S...E..y..A{..Pu.-.[...#.R.....e.B......*L...G....U*..tf..\.b.9..o.vU=n:Y.s....3.(8.........D<'$..1ak...,$6kV...Y..|....B........e.w....CI.9;I.Z.......S$TLK18..<.).;(.l[72G.j..0._..r.(.._H...:.6.m^N}....A.b|....D.&.\..~...P.7I..j...C.u......C..SV..D.Z. ..A....&.1..dj.E../.hR..Z.......V.......03BJ..].Ak..zm.v_..t...B*.1.....v.c=..K6.x..Mw. .y.H..t....EE.A{..c......(46..x4T.C....J<1X......]...U@.>......=..j...W.;.$.`..k$#$.S..6..Cu..}H.)...&.TP.Z2..8@.................5..&....Wg3|{........Z[...E.......$..S.......Wl...U.?$Y..i-...h..L..P...a.1."..1.[..{..<yBl.M:G.[.E..5_..P..k%Ml.oo..N..p\.<.h.A#.Cil......H\P.6...*.....4V....U..x

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\fvV61dN.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37300
                Entropy (8bit):7.99446617914396
                Encrypted:true
                SSDEEP:768:VbjOfJ/A5Dk6WQBx0i0kxRVN4BgWNVUHGd6ZQpuEq:0fqfWQBxnRVN94rdkl
                MD5:2B1FA5C9BFF8EE9B0FEB62565972EBF3
                SHA1:F8A36522120A39A7229DF3271D58813FFB0AA152
                SHA-256:A2EDD8A2EBD5622D06E440EA1BA86EE1E742A8C4678697E1A1FA7F6B6B275586
                SHA-512:1DE85BE38CD54543224A7FB593407C97598075F2A2F0CED70AB87B27CB8429DD8EB4B92861AEE8F4AFB6599F84F169DD59F6B4922848090E31FE0E503A339C5B
                Malicious:true
                Preview:F.J..-....{..!.....s...N.m..s;c.{...B......j....H..h...^J$._...N..........j........9v.pq.+...!.......>.4....y.3..X4Y.6M...#.E..v9In......`.h.yc...)h..t..e.S..'...u.ig.m.Xo......t....6.;......f....o&.;.....*v....;..E.VVv...V.....J....9.C.5..{6.4>....i'Z4M[.H.,S.$.w.....P..........U+MuP..\W....N....h.g.O..W...v,C.....Fc.l..r..#s...Z...h..D.N.U.2...J[(.....K..Ob`jm..cw WF7....ez.-.s./.o...j.)....1....e.k...M.p.sK.lV...f.....s.TM ....g.M.:u<.n...8/........BSK..5.v!.I.,...5.[,...D'U.lh .N...;.......%.?&w...:eQ.`...X.(.&....86..*..]u.y.u..E..]..).+..{J....5..A............mY.M.x.m...8D....."zBa].R.....A..n....Spg.O.i.@i.j......HG..e.!....!.Fi..\.S....1.z..g.y....7.{...Q...=..w.SY..:9>..@..[/.O(.r..zZJ#...Z'....x.....K...?..>dY....\j..Z.m0...zc9<....?..>.h>F.t.#...\...._...&...5)/...b 7.....PK...*`..tw..._...'..$.>8..s.qyZm]..(...&.;...4.SM..q.g..K.z`........pp...I..@+..<......V`l....5/_.~.../...F.....>.F.SDGlm/.2hs..~....<...f._../".}*....x...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\hgvbiuc.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37305
                Entropy (8bit):7.9952373447249006
                Encrypted:true
                SSDEEP:768:ZDyBk9xTO4nUsV5YJP0ina8YcsP8dPCNuINAn+w6Skxa3dCQsQQxOKPQv:ZDzxTzn5fKa8RK8b3+w6Lxa3k3Q+pPc
                MD5:7618C1FAC6E11BD330813B5131249763
                SHA1:48AB8A79A42D1D3A412A4E7AACA13FF9A6315262
                SHA-256:A7598569C9048D0A4C9C416F5333553A47FD10623BC35FFD3567694B763C12BA
                SHA-512:99189D213C4F4E1E98703B5B8CE9C986A1E3B1AB81371DE1730D9CD43FE04BDEDE09DBE57DF05F3641C921126CC2B0DEBB0764FA4A8467982D2916D74A1F7954
                Malicious:true
                Preview:Q.s.v.$.7.J8.uM.x..T!.).|......i]..F..s}.......j[......ud...z..H6..9.G.L..|.{...... Z].*.....g..!G...4;...`..k=..:.$.=:........`.B~..k..N.{...zm..}(.`.m.H.....9....P.o.1..........r.\y.>11.(J. ......&.8X=.Gb..7\2k.V.6..1....CDz4.h.tQ.m1."M.nE#Av.8xDJT... c..n...,W.u..].7..).2.j....S....%.q.$}.S.G....j..]^'............w.).....Jt...t..|Z.Bx.^.....fcQ2:.,. vK.q".-..D..........kw2.u.{T...FV.......nS..C.M........~.K..u}bv...D..6...z../...2>@......J...8r............+.X...Sq6~.n..#._ .l.@.B.9].%.......q..?..\.\f./.;.....-.Lr.ev..2.#'.1....Z.}.m.K.kx.c....}^..w.....?.g...d9.?..k.qq.vGc...B.g..[.%..C}.A...)k./.<.;..2~........s...!4l..4..|..jq...........ag.7.]....L7....m...b.v:.fht...%..<=.....b......R..v..N..).....[j..H).RZ.....>@.....a..$Cx...:.@.BHS.i..b"..g.....9~.a..h..~y.........U.3A.%T.M#.~......Z.Pl.l.Zft.4..AU.....Q...Z.77.7......`..)..-'..L..uq.e74Q."...O....N.X....:s..\x.Z..RP08..r..5.y...>z..1.E.W....1.s...)......C..d @.Q.&.L..5M.d.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\hrfUrQa.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37294
                Entropy (8bit):7.99430385870532
                Encrypted:true
                SSDEEP:768:DdncDKlzeoudNXt60h7Uuyb81K4XhqTnEW0WbHST9tiA+tf0PbX+i:BcDS6oKhZzhM4ETnET9tikbp
                MD5:8D79AD83AB9187A4EF83E5A94CD7FE99
                SHA1:9954A4E4C82287D2EC8B64BFBB8525753B3A7FC9
                SHA-256:9B12A495E7DFD9804E8F60C2948DA26740B04DBEE12BF3BFFBDDD706B190D00E
                SHA-512:1B97E1B2327CFABF9A2AE2BA764E1074CEF988C51BD803FAF350D0FAEA7632EFB5C4EDB7AFBBE228D5EE4B2E623F511F97A4B133B79B31254866F21CD9E1504E
                Malicious:true
                Preview:|VL.T......z.l.C.4:.\91V.^./B..".sB........V6m..`...@.2.._..<r..t.7........!GAo9..AV'...+.:dF....Z.o.L*B...S..L..Ch...*.g+...4.vJ..kkE]n...A.9/F./...]..R..........#...<''>....?..D.S.....x%.M....t...~..M....H....|..b......nD..).R.....F..zMG.[.^...M..'.}.{az.n...n.e).V...fc.....}q6......*.......".]..,.2.....O...&W:,..;.6.j.f..u......)..v..D.iT..d.r.M.3.6B...=_r...-{..5S...)..:...t""2Oc.X...q|B;....c.l....=.9d..P..U.`./Ul.>.".d....^~.....11udji.V7m........@jl....8.\....e*.\A..A.&7V....I..j....0.........f.E.A}g.....rY...aN.R..3...=2E.R`..GI..NX.M...c.<...^.."... ...?1.jU...@-....).Y.....0JU...P....2..v.6.....5"......I.A.&r....K.:.C.....g.\-.......&1....{;.....).+..gx...a`....o...L.]..qo..`Q..bR....7..^.....G.^......p.geE......)1....#...%".T...P........+.1...*e+&.JZ.....-.B..N..em....]..C.....XPL^@....J.X...B.a..'....N..T+...A.E.[..".........nJ.G7..}.Bf...r.S.T..%M..9............V1....."..4.&P[,s..=.[...}....[.N..p....i]v."..Y

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\iDKhdb3.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37316
                Entropy (8bit):7.994608576707568
                Encrypted:true
                SSDEEP:768:dxwI5lio2knnmPJ9+v87TPcIAlMhZxSwCr6P3guUo7+wm+Uxa5iG:L1lizQW9+v87DKMzCE3guUo7+PLG
                MD5:91AFAF9D19F0A623C945ACD266BB3FA4
                SHA1:26D30D876CCA0DDC091FF02A622634C3B3461AD1
                SHA-256:31ECE4F681B8BE0EE19A888BF21D1416BBE2A314FC4DFADE02F9496A1E189B3A
                SHA-512:B36CE4EE194B3823E93B965BB6A73CF107B777CEF4375D43A7E51DE39C408275AEDDB1FB5D380B0C3DD6DF3727C3E9D2FD2FD6D35FD26321DC4A1F4A77DC66C7
                Malicious:true
                Preview:....C....5.c..wh.W..u..:..N...l.@]..9.J;...c..8'....j.sq..Q.k=.d...]x....ZD.\.+.C.+.x.{".1...SX........5.;...$...|`..x...D.eL....p/..;.....S..Va.9.w9Y....y..Bl..4.....[.R..FY._Fn\....9..P...'r.u.+B...?....:....?...9.V...={4H...C[...%....r.G...O..P.p9..SK..M..~.{]....+.v.....s.e+....Up&.....{..(...x.&.YN...Uh.....TEu.;.EK.S...3:...+.M.wW.F..s>.....D..L...goN..83.....JJ......b.j0.$O.....T.\.K.Bu....C.~....LG'..P............,...q...............?.WB......T.{...'..7S.q....fr....Cl....qC.7.}1.~T.....Ux.>r.w.7..tY..T....t....4#.|..v.GvL...=hO......o.....S.>(.(.d@....x.:X..0B.d.w..Y..T<...k...x(.]X...9D..&s.'G.[......0wc.m..J..C.g^.9.0.;..F..;a[..7?.L.z..^......#.U|.]..../.....^ .E...3).mB.....xe\.G..d[.9..%.4y.`< I|....U`0.`2+..u.x.J.."|U...z)Q\.......=Nn.........8% <...Q....x.N.}.;.(........(t.7:^...BSY.<.......)n......p....f./....u8`.).....FE...3....`..Pr=..C]<B........2@..z|..M.\.O4...;h...p...+0.)....1x.W.....l6......6.....}...R.....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ixlBRt7.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37274
                Entropy (8bit):7.995314956619121
                Encrypted:true
                SSDEEP:768:4pIxsmqECdw3UBSFoHac4wWfJppQacoikQQYKr2oLnj3pzx0jpPlGdbDvs:p6KEBSbXwJfokQYKr2oLnj3MdPEdb4
                MD5:C4161E1EEE09CC9DE5051AB5FAA3D8BD
                SHA1:9ED7419AE197E34F640B2F85FA021BE4A9E97E8B
                SHA-256:E9A44F978816CD736A5792EDBAC7DBCBED2C5FB75AA37F94E520D5D8AB809FD3
                SHA-512:CB71DB35650444327593A1C64CBCBC67563CAFA163DC2AD499DCD9F834D773BED4E4670036469D1832562AFC647901727ABC7907AADDC5925A4916BD7AA155F0
                Malicious:true
                Preview:|...F..D..3..x.LG =0..<3...Q......=.......q).h7..u.&..kLI&.lVF.......2o.G"O...G.S>...WC..q...K..`b+.m.LO.n~..*..W.3......0.....P.':l.^.~R>/.-.l+.<.....c.Kbcw.S..FW.9.`s......(...?.g"f..0z..#.,.?=N.3.<......m...|$.)YV..M..RI.HMQs..).".....n...a{J..)...*_"6...$....5;.........._d6...~.y..{..S..{.5..^>.={./...-..[q...H..y....q....P. T..>.TL....Po8.]8.I]VO..A..f........,.......0.hf....XOn..tv.L...J'.....~....g..R=#a..V.I...[B..G....#.M.c..7.......&.........U-..C1l...r.e.}c...>.b...th.0z$Pn..z...[.....BC.*X..|...h.Wz...AG)p.k......|..e.....Y.O.JC/*."(.}.;.nB..Ry.~k.{.P'...0...(~...O..{..M.V.....@...'..2....*BXE'..!..^I.n_x..(. .{).........J.,.E9...ls..C..H....T..:.F...f..+3cg..N/..3$q...ex.;......8p.Q...6.o.P#.5.#.Tn.-.<./..8..4.3j,....^..zJ.._....NB.WF.k4 .SaE.......<.Su...Gr..{.....#...?N.5.MC....K...'.z/..Dw5`...|#1...et_{..U.).U...+...*C.&q.9....A.0.....w....'...'....n0G..A....CHf...<.....G..#....1.n.............jb....'u.h..;I.z..v...Xhko..c.V.0

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\jbY0wsU.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37326
                Entropy (8bit):7.995355981806492
                Encrypted:true
                SSDEEP:768:vPNB2a54DdiJs1qR2d0LgajWP9T/ItYgT7oXlo/d4OGUJg6:dBN40R2d0LgaM9T/ItYgPo1o/mOJJX
                MD5:25E865EF51636B3FB5D006C72E4B0814
                SHA1:F0102A479599F46C1438DEC74DAED1AB9C98F6BA
                SHA-256:86A2618C3D497974F7841B67BA9674FCA0DCC823868F3757EB17B9BBF30E8810
                SHA-512:FA65454AE25E8EFAEA3F533D773C6DDD6BA85D0F5120967C0A94390C9F77BACF2A52250CE32C1019C9A53F8C31AAA14B62FB56B8364C0A1C42E142F0A7D43200
                Malicious:true
                Preview:N.qv.3Y.`X..OJ.~..uR..A.UQ...7.Ll1Q.O.o..Pg.G...f...[.u....p...<.V.C.........6D...W.dY..P....0..+,.&...*S....VW.@..o...I.(....&O.Nr..^7.`T..t.h...;Y..'s.'...Pd.p....X.M.Rw1Z.T....:6...E.....Ek..p...'....B...M..M... `..L...L.@.*.c.KxzP......^s....[..p|.Z..g...?I.l........?.w.>.5.>.]iHM.]..i..<!K.....Wb..&.D>.:.X..[g..5e......I.-. X..H.......t....d.....g..T.SPo..e..S.sm3.[...!.....q.BH.a...&.ON0.x>{.M..=k.4.Z.ij.o`.a.w...l.%......&}...^....q..qz.4k.......!.jdP..$......).0..q.e/~.D#W...("....,....?..Zg...n.Z..5$.`..s....&..I.s....,-9.`.z..S&c.]...F...u-.x..|.;..4.....l..%..+F".h.Q+.D..|..'U...o.<(..D......{.........$wmx..0...3.<VmV...s...b.....EX5..ydf.Q.2..:O....2H....K..R.;..V.."^2.C".l.Y...M.....x..M?..5,b.`?.[...M.P).....D...oi_..\..M....U.{.G.".. ...i .@...\.......a.S..R.e...si.KjM..-../.P?....r..%.#~.......l..1.e......y....0....=.R...?.N..\nX&f..c. ..{....-..`.U..s..'/.....d.m...z.....^.......F...~......}....q9.hM........P.w ..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\kvXVEXk.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37302
                Entropy (8bit):7.994992031206057
                Encrypted:true
                SSDEEP:768:QAGyhL95nA77fFWFZiyrsPGpecm1vOnzReoHk1s71gYhJ/6DY6Pk9thnx:QjyJ0GYyBUcuO9z7x/L
                MD5:FDF4C6E0203A00858CF36FD780DAA5E5
                SHA1:019E822F7FBC3FE9ADC0E18E1E038066DEB87DC1
                SHA-256:8B6CF8B848306FFB051D6BBE70B1CAC83BA4F365450579F36100B5DD340F3E24
                SHA-512:17DBB4607BE5EF70D8459A1BFD164683CE10537C5E1CC7B9F7A2E4BD713155A596FD124059C12440556276C07458ADF0E806EE3053468027AE2D8C00282A08FD
                Malicious:true
                Preview:.F^.UK..6....F|.l_P..w..UB!..l.C.)..P"l..va....S.X...m`"./.R..#:...V:B.....vj......."....q}.tc.....].../...Zg...th..P...#..v.%>..,Z56 ..TAZ..Q.YD.....p..qG.;%i.Hr6....&.?3.../...W.]e...Jm..n.Ex..(..~.D....q...9..f#.../..}...w8d.j(%s.`?a2w.~.&.U...pt.)x.P.[+.......|....n.....a..].......E.W.....a...@.N..krQv..E-.cQ._J2x=./jvx....`..pg..c..uV....G.......l*.............O........1...U.$a.D........30.r...f..9g....d..d..@|....|..F.=:......#f.........L......A...9...!.2.k...'7..t\.u..K.$Mb.=.Q.T.E.0G.\...$.p.X.9a.{lI...X.7..p.I.....`.n......m.y)....^.#.\..].or...E..c.J^..H.@o.91....om.0.....]..&.q.7.R./vSl]o.|e.%.Nb..........iN...c]..3....m...xfX.B<;eZ.{..0..V.Z...`.[f.n.W....:...i......R..ZH8.)T....mr.H\x,M.b..HP.s....t.f$.:_..)....X.T...\3...t......um...@R..X....f...G...u.C...mo....(n..lPT.M.........a.r.e"=A.k.@.df."K...r...a..Tk.........H../^9wu.VxvqQk.Kd9a..G...4O^4.Z.F..a'`@h..Jt.3..E.RD..{....1.UJ=......ya.z..!.p.s~.@R..q..JK.z.b..........

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\l7PWZgN.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37306
                Entropy (8bit):7.995187722012335
                Encrypted:true
                SSDEEP:768:u/GetcqBW5nrI6bZrmX6R+swl/ziZ3xr8wM2FBDbGufY6ZENc:ueucqB4ns+ZyXj/l6hZMQZbGN6ZENc
                MD5:5E17E72541A68461D330A3B900CA2FC5
                SHA1:F28D2D667C838E745FF443AE7A2FBCB77FF12B7B
                SHA-256:E57B7AEB8CBE3EB38AA8D81651FC154CB3B4F6C536CFEAEC5DBF819EDCDE51ED
                SHA-512:945FD723862BF68C730D08545B5C95350AF5E880585FCCA1FE86C308072F95162C9F48F23DADDC05B8D91356D413234178CA4E445332A67073BF72A3750427E9
                Malicious:true
                Preview:I..p..F.NE.._j..o%@.F.M..v.z4*.6......A&.V.7.T.'4....uwI....}.E/.b.....`jR.*..a...J..T..r.....]..................MmJ.c.........W..:}?...h......0.R.S...h.+.O.../...>..R...+...n..4_.$i...F.?..hY.y.+........{@J(..z..9...a..u..l....R.;.........v....../."...c.eO...)[...k>...5.@.....Y.......0.%i...#.I..._.... .......mO.=...;x..w..a}....Z.x.rwL..}...n..?.Z...zd..r...e...Yq.>ny....d^....b*.SM........g.....]._.V..b......JJA&..w-....}...=&GT/....R......<.......".....hc]..S...3B_..6.Hbb.q.V.'[.4.....bx."8...*.....FY.(+..)pkXc..:...............mw.^#..$..n.6@*1.[....6.V.....V..n..{%t.. ......^..._.AFT....D#..j.}..U.G.Y..ur.%y6u0_].%..j..6.../.v$(p..C..7.?....P.r...FY.8....L/p..Y..".e..W.....Da.....*...~.....g...L...;m.%49..T..!t@.N..&.A...J,.K.N..OC..:l.:oc.*..,.....m,-....o2....zy../..o..[^..Co...L...nN.k/4.......W.{........L...>.-z.......@=o..Cbz.. .../.....s..P.....:..r..h...x.6L...}M.r,..Pd.....R..o2...7y".3...h..>.n..j.m...m.i.X{.XE...[.4........~"

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lGRBFsX.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37280
                Entropy (8bit):7.994524829745809
                Encrypted:true
                SSDEEP:768:b1osMRDAQojzJ0oLdVUnCk2gx3nIbWuKCAPmyGoFEzBKru:bOZRDAnx0SUnCk2EjsRyGE0Ky
                MD5:16F50F21B3D923AB915248EB5B562D3D
                SHA1:541760455C3B2E7012F76DB48A175786AA4501DA
                SHA-256:7499CEF1417DA5F426F3369B45F0EE6E6ECD2BBBF98E41D8D2DB6965D7E728A2
                SHA-512:6C58E862141D41CA846F935D596335C498DBABACD918C033E5A187B6EBA0207E3EB972CCD8E7447D21ECD3EBCC2317BF06E90D2BFD7829A3C3B9161147B9C3D8
                Malicious:true
                Preview:SV..R...?#......m...C..$y.R. ..N;....^L....,ez.....{#-.eT....0o....$#.k...*y,I..s.m~..m<.{.Z......6....*WZ..g.;~..G....=..DZ..qc...:..t.-j.....x.X.-S@.|;.=A.U.J.@....f...`.....Q. .v..z.P......b....x..>...#...K]./Y..R..r..9.Q.m...}.Gp...4..'O...Dh.*..6.s..G..........\.;_@. h3.o...@.Y...Q&#7Q}.%..?9...,0w.V..H.d6..xgV.kV..R..aE.icw..2.c...f.9..p........ ....z...3..c.H.+.Q..Y.69..'...0..d.M...1...D....&r=Q@m..a.....o..h..+=....R..z.... Fmb./e.b.{...h..U.'..t.sJGjg.....+2.\.,b.G.]e\G!FCkbhNw.*.E..{}.u....%..jZ..$..fDjt~.U..SQ...-.......E8.mCv.%..[......Tv.o...Cb..^.es.:b.t ."h....\.K.] ...P.8B..XQ.a.U.2...k.....).s.Ak...(........1Hi.akJ...TE#..,..a{.3y%......H..n...u.tv.;.M..'.S..a...o.A...F..i.Cu.G$.A"...6...:.XR...2...r..qN...!...1..........9.YH9y..G...6`_.....MN../NC..8<...[..O"..lm.'........ ..a-T.^.n._...7.Tu...+..~..B..tR`.........F....EY.=...g.].pi..n..B..mE.. W:w.X.*..a..?.".....W...(j.gb.O.k.......L.9..c.EU.gf.}.*..g...T

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lJjvyzl.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37281
                Entropy (8bit):7.995396530222269
                Encrypted:true
                SSDEEP:768:8pDtCH2qLYHFQRGeN14py7lcj7UE3SXzpwX0in/lr0z4qhBWwROD+Vn:8pDtCHF8HKyp6zpO0wNr0zBhBXOq9
                MD5:2C8024F6C0A8F4C22259793C6F091544
                SHA1:CD8F6A6A36C2731EAEE29BD7F70BC026FDB9EF03
                SHA-256:C4C88F2A4ED2CDAB5378A55826F56DA871AFA8A71D4DF9CF740844A211CD65E0
                SHA-512:5C754A992A45338B24C72CEC17A39B398C568F3A9B745FED96D5F1BE450AC69E1DBAEE1AE21D40BC09D297C5846E8E4F2DB86576CAF87E3D5195728A32F49610
                Malicious:true
                Preview:Q.u.&..A.2....r...4(.VN..x.he\...T.@7..._R..d...w../..`.K...Pa.)..V.>+O..H.......\...dM........~4e.......x.j...1....3J..H...8.Ul.h.z.>("0.z....bo........|jw.5\...H=/....|!...*....k..a.AV..\!...D.........;B,../.i}N..n....R.s.:..]Q..@Z.5.+Ia1-....@@....a.yY.EOL.....Y.K<.4-4_.....'..a.^...3)k>8s$.A2.qS......O.F.b.+v...l.nS....F.=g.....-.sU.4...VyB|&.._..s.S)<r...d...*.f.S.r...H.7....^n....D%:.-.b.....g.H..[.vidp*|.x.g.)....T..@...z]...O#.i.L.]..M.=,=wB..]W.....0..>|.HM....I...i.r.2.z.J.#'...k..O.N...]. ..U...R.K........BW....}...S.m{M]..N.Q.dj...b`|.....n...._.;..7r.."..3......>T~..$..u."6...wo.|7Oc../...9...l;.3...x..h..O.7].Q@:.!.....~.Q^.(.+S...*P2>......{.=Y.n...DG........)(...Y(..C.:......a..iM..}(.;.Z..;.I._CQ-.....k.....VOT*...d.N...E.@^.......YB...g.A?.S.CR.*...G?,;..U5.%...>J1.....Z2..d%o2.2..j....).e.2'..c"t...;d..;nO..r.[....!..3........J?.......3X. ]...J...~.z.U.A.fjS..Y+8......q.....w5a.X..&.o.6....Z.....@1.h..z`.x.!W..`B.1.RH..M.H.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lT2MCVK.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37326
                Entropy (8bit):7.9945302982038156
                Encrypted:true
                SSDEEP:768:/3AtUQvKEDG6ywpOQZzq8PIpr6gTPqQ38rapr+2PkW:/3kUQvjGt4q8gTPqQ38rSr5PZ
                MD5:CA575113487E3DBA74B24CF9928E36F8
                SHA1:FC297CFEE8F7013B81103C0C78F255FB8AEE5014
                SHA-256:5BD4D8A545FF661E7E26301AF2DF384FB0C6A0E9E5B1176E8E8410D52A15EA96
                SHA-512:B5B1A59CB8B8042C5398EC67126A48C902C8DEB8BC40825882AD893382B145867605F75525EC451FDBE8DB0325D5A820495D9FAA6B8BFA5EE952C3D3327F9DE4
                Malicious:true
                Preview:v'.".@r.Be..v.p#Sv;..z`..o..R.+.p...p....lfnQ.F6.Q...0N..%....g.z...W5.?xH.t....c1.s....F.......!Cd.8..i..&.y;.7 ..+$/.u..p0..|....Mx7...i_1t....v: ...[.)..IQ..Z...v.!.;QZ...(.zr....y....XpIWI...B..olnQG.LPVF.O..;..Tk.x...l1....`a..t.E.o.....$.........00.w....Lq+N...q...}..q..Ay.^.....kN..WEn..gZ.,..(7......;c....u.Rx*.Z..JR.....Jp.'.m..-E...c....a....._......:...w....O.....z......@u.Oh".;...(:pQ...I.Iy......*....,e...9.._.e$(........>..)...b..%..M_.x.E[..p..g.S.y....R.....|x..f..'A..P'.PPzgov-...C../:<...:%..j.t.'.Qr..k...+.'.^...q.]6Q.....s..........h...T?.SV..5)..Vq..cE.........?E..+..Vk..4..=9..9.'.E*-o ..k?..;...PG..jo.q...@...E.~2m#M..RK..j.\..c..B...._D......Uk..".60?/..G.A..wM.....#{....T...E.%....z.B......t.V..=...(..Xe.v.......e?..b.../.2.9.S.n.?|.;oO.[...t.l../:.+....Q.po...<q...Va. ....u.9~..[T.....7...&..\..j.....k._.C<.=.*...`%..9Z..f;.%.>.'b..a......+.......-......(....z'...3.9]...I..G.X.V.N....(R.s....?.-..+.....?=us....\.i.i..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\lZs5mFo.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37327
                Entropy (8bit):7.995068677152273
                Encrypted:true
                SSDEEP:768:eTEBpWgXowdhxKN2dODAPJoJJrsNB3cuGzEPXojOI9dMylX4kUhgM9ECJl:e4BpxowldODAYJgNB3cXzEPYvCoOhgM/
                MD5:AA72D7F0ADA119FDAF7F1D8F3D53967B
                SHA1:4383EF3EF46CF655B2189DD6000CEA2AAFD5EFFF
                SHA-256:8A529E2E0B6794ECF9D3ACCF148D4A302A32A4C0DA3C3253FC40566D931B8B56
                SHA-512:EB5D4424BBE4A6A6ECB0B5C1ACF38FF99FB7AA77307C6B7022294C24C9B7CEF0F9264669C85A304A271FAF72219854912865182720F2E00622522518E21A3254
                Malicious:true
                Preview:.@".c.N. .4.h.!ho.j.....$.....N^...L6........2.wE.kqzY.6O>~2..6rw{.7..4+.....().A......Pk71>&.....+..&.`..X....a........L..w.s|+.._.X4...<......-t.v.H..2..`#..\...m...-..i\.Y......p.w..C.._.rp8W.B$.q..7...C=.P..M.l*.,..>.u.yi3.....\.?.gV....l&N.{..U.(H'si.~<ZpO.v~_..Z...3w..%.7.7.b.v..'..a.t..m....."......!....s@....|...... .....R.I;`....V._.......s..g]...R.O..w.p7."...)"..k5...C......]....Vs....+.VJw .........MW?..q.{35~<...xC..n...`..F-.Z.b..-....\\C..MC..\(....._6...J.."~C.I8.....}........(...J...tz.I.....a..d.......2.?..L[Q.....b..q.R...a.:Q..$.Z.<.......h.l...O4.M.c...Kc8....7{.T.....$.3gG..l.i..=..W.9..R.R..y.....T<......U.....ZO...cb*._.9........".-.~n...?22..I.v..........OO.N.......]W9..AVO..#.w.<.r...o...../Sh..l{.R=o.....V0.t......f!.R.$.../.*...i...r....,..&.FX.@....`&.._5_......8..Yk...TU:......R.m...p.|......e.81.O.I...V.o...../.Zz;....E=.HBL.@..F.>.g...JR..AOU..E...Px.F..).a..j....|.I$.A...i^X...r...9^{...3w.9y.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\mFwj0Lj.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37280
                Entropy (8bit):7.9937977412341965
                Encrypted:true
                SSDEEP:768:jZki4QxpXxxx4rnzbCZMdJEMqxdZF7cDIbLxwG8j:1t4Qx1DxonH1ADbLCj
                MD5:008E7472049F208A69AF3F0FC081D4C8
                SHA1:6030233A3A563D551CA723D95E98564D62AEF2D6
                SHA-256:64449B4E2D2A3F572840EC40210F6846E61263E379FCC24F35F6C43C337C1A2D
                SHA-512:6C46A83034F3EDD5B09A559DA024F79F2CC4197DB12A65B7D6DD7FEAE3BED9E924E251FDCCD37A2C5038B9623E45D80683D5ADCDF133064844750420B135EB1F
                Malicious:true
                Preview:a..v?M..........ta.....t.k.m.%.%}.]=`6..6....P...3|.`...r_..).z...p=.^6J.9...e ..Zn..}.%h.#W....7(.. ..x0@.F;..X5N..4..!..\].`.S_.s.v.....k..W.~..2.4.&| .....K......../.]:`rO....F.s..VV.{.2..!..4.U..?.#....G.*$.P..Q^...;.~..).*+.e.6...........p..K.....Y~vi.F.^..o...g\.g...Tm.,-.7.O......?Xx.....U...R^..........KK.t.F....>zh.j.^'V.]M..&....?d$..B^.....=..X..C..)e.}D....n..V.. .2-..o.|u\}.../N..PNS}.'.>"...a.Y..G..N\U.\..f..s-.rs.~o..W..L....\<......k.....`.....x....I.tY.,.........X.u.m..Q.1.._.5...&H.../..P..........D..p...c.~....Z.......%...w......Rn:...F05..j!.(..5..kZe.*..,.:.C.dY,g`1P3....s.<..g.fo.BP.S..+..>.kL..>.<X.3....'n..MA...........@.F.E..\t!.L.MGk.\.=..U........4..'uW.Ov.....F#....n.U#?%...d..A.oTO4.l..V........uU..;.2.....t./.....O.ZL....wg.....U..D..W..=.....V.....Ded..[#a'..w.F.....38.........8D4..O.mq....}5.'....a.....n..7.b.~C.Dqvhc}T....Ri.A...y.q..n..?,..5.Cr}.<....!.'i........b...qas.C.;......W..fw.z..c....S.....*G

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\o7oH2vK.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37310
                Entropy (8bit):7.995375911780302
                Encrypted:true
                SSDEEP:768:eXUaURAYZsgI4zAUtLa70ANUyXzy54YVpXuQ8a9MOabnxdT:ek5AY1zAmqiyGtXXueMnbT
                MD5:67494A6A6954622B6C5DB229FE79A844
                SHA1:285F9E0DB21DA3EAB92A96EFD27EB61575BA894E
                SHA-256:0F37A4A01152E112F8AF6FAD7A216EA0198D0917282C800988DF469C2FBA4361
                SHA-512:288043954C008B90E32082C4D83C6420FB3BF01A79EE476F6002BAEB31517215B80ABBCEB64207EB98BE9281316B875D210498AFFFB8A1B0EE3B4C574E308C0C
                Malicious:true
                Preview:...3.B..v.Vs.{......Id7p.r#.LN.....s/q+J.(....>.^.D.k..'...55{L.hg.e".......W.E..0.....d. .....%._F......(..Sw$..u>..Ly..o81H.".&.oY...W...FI..^.S.^?9.W....k.=.>..}h.D......]_y.R..&,.U.......k."i...#R..._..q...N...I.i[SMg..].S..?.[\..^g.a.... o..P|..,..+....Ot.L..+.=..b0.;Y.V....s...6(N...m..-.. .D.....Xj..<Z..........j`0R.].....g...u...lg..T...E$..U.g..i...w[9.D....v.....KOISc....4.j...v...N....&..S.....#.x..y..vmR..:..}R..1..ta"`....J.g.sh..z._n.....pjq..|.s.+.......n.-....|..~H..8+JW..)2k.l{pS.{..jk."..........b}.J..[..b...9A`...._.x7..{5.()*..f.`...N.:h.].....v....Q..X...(.C.oh..h..C..!P..o.r..a..8./~B.......-a%...|...W.j...|....v.(.<....J)...c^..m...L...A...Z.?..Y....dj.8.Q...~...p.....S....>..'..V.J..A...|..o.7..qyl.'Bi.M.4..j.8....2...!QH..p............~.W.<*..D.U..Y.M....kg.J/...<.Eb..4..((4..].O9;.(#...&.:b.\.d...}.h.......$.L+........F........x..~........CI.......V..../...*..9q.L...p.|....b.7[i.g. ..'H_....t>..E.V.V.....OU..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\owSPhQe.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8181
                Entropy (8bit):7.979158876653961
                Encrypted:false
                SSDEEP:192:7mUNBs7+GHSmQ04dIhalxNoeruSb0mzmuH+5LbgXkGQ3xc6TOp:6kO7SmQHC4xgSb00d4c3
                MD5:6261150AF553584EA8C84558600ECAE8
                SHA1:110A603E41292987B5B119B1101DBE71A8B39D72
                SHA-256:DC7600EF927A053E9BB2DD2236EB9D0FDD948D548C6A77E2A89844B1069EE3B1
                SHA-512:98702DC49C59B3FE46D1795A2B9BC3F34CBE2BE8DFED416F7427A764EEDBC6E4053DA7235BF738FD0FB2BBFF071EB1E3BC3AF73CDF8196B69C86D5A184B9DF00
                Malicious:false
                Preview:6..t...-.....e......Fp...cc...%=...3._S..w..<..v..L<4.p..Tqx..{....M]&a..........XaF./7.C...g.>G/..)t....bKn....'..Vx..PdDZ.|.5......\.&....B.......0....Jb.g.Pf..Lr.uX.o........Lo.Cu...(.....H*,.g..j...7..D2....Y5{.........s....Q.5Tl.\U.S...)....._eJB...8......C+Xo:..M..s.j.m.>#..^Z....Y3....E.G..:j3..l.!..+\).....rByF>..(.........X..c<..hy.m.D..+ .....1.s.fu.6..l..@L..^.Z 0.JR,8...U...K.N......}.rm<.w-..skZ#.....(j.=...N..z.;...=.`Y.0........NL..g.%xP...9....,_6....vx.O...h...Oq~......U.xu.....O.Z.....Q5.i</....#V...,,..s.....1.S.>.cD:*....vDFH...].9IP..-...|s..9Q7.Z.ZZ.I.o......F.*..g..Ds2.X..,U./..@..l..C)P...F..WSc....{.O...1>..M2n.......&-Mv.b.f..^..&u`.'..O.k...?v..K..ty......3.. ....f$..9...............ve..X..*V.....=V..1.y"I).Dj.{......U8.A.|.pr['..,.U)?."?C9'...sF....Bl=f../..7.E.R......j.....4A^.."...k*.....'j...2t.2.;.h.W.P...$...A.Hbt....-.. ..H.4.y.t.q...[2..E[..6.3.B7.zl";.....p..9..L..$......1..U.m..^\.b.Ayz.a.....w%

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\pGDzCGD.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37245
                Entropy (8bit):7.99604223995923
                Encrypted:true
                SSDEEP:768:yipIK4m11BLn9grz2M9LkAt3+a0iV9+IIc44Rhaqk0B3M4zLRH:yiyKb1BLnKXkA15Ic44DpB39H
                MD5:635C985E56AD5C8C9BD995860BED2F9B
                SHA1:D09588D74A064ABB3C1AE8AAB4F340F1F07F8952
                SHA-256:0C13AAD18135FD7C9FCF859A3CD78A6F2D6B3EFF9A36B05746E98CA0A428B33E
                SHA-512:C4DA6E13CB87897C546818F8B0CECECD874E3BC4482A98313B00B2C671CF509485842515297C38EC8173932F6CF1FB21B7727C0EFBFA1483B581DD7EA695C890
                Malicious:true
                Preview:.....Q..R....z.e"c....^;5^.9.c.'0..(.........7...f8..7.....$..Z_.g;.....D<...e./4X..skl.Q5..;.@.F..7:.....8..C1.L..D.es...........w....$...... .. ..ey.....wGF....s4.....0.......g't........Tzs.v.!.Q+m..S,...E...P..<..|......(K....P-.r..6.z.....]^J..k.p.Z..T.]..m.].}.'.L..^YF.{....2vF*...b.>..7.kN.e.N.n..&....C..f<....8..^.T..Y..W.......+..?..........&C0*&.........^.R..t.r.i.(rR.`..L...Z..#Y..:.:...K..H9..S...y"Y.."<R....L.-G.n....z..i..|l.&.$).._..B%.d..o........b.f.l=.....j|...zG.p>m....}VLk....|\..VB.V1...j...,.o._0.r..Y..=.#s.....y.K\.{.<..."A..biW....bL.^........L....}.F.j...c..,..8k.............,...(.3}H`.{}.D..(y..N?B\...N^.U8.uO.}OX..R..I<...l.cQ.;......@...oK.'..YSO..6..S...Z....*SY.Mq?].\..TB/..w...`>.QW8.8d...9b.1|.'e.s..8.^k.....w_...s....O....Vb..~.f...NF.~L......bS.A6@.......l...A....f.b.,..l. ~B.......+.S6.........;Q.......+...__..M..y\.%.Z..../z.iJ.....D#7+.\g,Btl..}..aK.Q.%R.H..{.9..#x.....|..{....?H...^.....52:..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\q1c43nI.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37311
                Entropy (8bit):7.995092563223067
                Encrypted:true
                SSDEEP:768:fzhraleJ/V6saaJ2tljNFWpMXwlJoiN9YduAywteGr8s2bStUL:fzhraUusajZNFXQn9YduA/teGQxWtUL
                MD5:4B268A76F34E31761BC179C4D7A0A39F
                SHA1:B7A171DB66BC5BE4698537D462A9CE3C8C509A78
                SHA-256:7ABCBE5959B287EAC46330E82ECACB5577B8C3DE934AD1A52C2886DD8D059D33
                SHA-512:B12AF1ADD8BE93C7EC66E20468C6BE9515114A32ACA18DCB2664FF96A0EFFC5FD33E675D54A12783F1817AB8CB8488D6E363C4EBEB4ED72599B697CEF0CE55E8
                Malicious:true
                Preview:S.LE..k~.Hl....q.1..gz..O...~]...sc.9l%T....*....uc(.;....U../.JwB.Je_.y..0^W.E~B..B~.|.l..5...5.qz{.A!.Hx.9..$...aN....in.L.&N..a).b:....EY.V..}EJ&...)c....^.6....B.K[.{......nw!R..!..v.h...\..&......J!5..w;,...V..-.......|.4..y...)....1r.).....N......... .LK....F.`/..N......T.9.=..8.$U...!.....&..w..g.0>L...C...UFV1E.:.....}Ei.Q.q)......9../.=..#e..k..U>.D ....#9.E|...=Ib....e....'.....$...Gm.q.,3...qo.-.).. .QZ..M.....1....vx...]..>.g..r..h........'.\o..P.S......h...E.[(......h.-.m/D...0.u....M......;.....[....b..O.|G.@.ZYN..MY.<.p...V<.CfX.......e..tn.q......g.(3\E..h...N.3e.....A2a...g..........Y.W.F.K.<.s....0J.J..U.;.h....F...D...*Kt..>..N.......[p...j.....PX.O...~.<..^&...i8..L.B*eO.....(?.*9.Y.kI.M.2..d..6..~3I.0.+...........W..A.MvC..<....!|.|..$5H..d_...!.Q..I..........kB.....nL.}.;.ZE..y]...&|...}.'jl...=H"%D+....,_D.;t.&'.....x_..z.u.u...w...%`F....q..U?r..G7T........v0_...%...}T..i.O.@.)l..a....`..........h....j...Y.4q..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\qJZFRuc.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37324
                Entropy (8bit):7.994922119278112
                Encrypted:true
                SSDEEP:768:NKkB2zjoLPuk358jOlpSLgOwxG3SaSaNRlm6ssIIm:NRKEmk6LLSGRIvEm
                MD5:F80DDE1894242F47E2E2E7BC01FEEC0B
                SHA1:C05559C7C43E54500257028B30A2FA4F4E5498CD
                SHA-256:AFE7AC35C00ED60669BB9404A351F84D6D18D30EEFA7F45EF5414F4F35F9EAC9
                SHA-512:3F58A25E53D2937373A7916B7EAF7974295DE5B177C3814C2A4F976F1B17B8E327D82376B8DA0293560E51B4FC1F934C59701FA5757616CB17F83AFD6DB96630
                Malicious:true
                Preview:6.P.......?;m.s...7.I..|.Q......0D-t....W....a.;.n.s..X..%tn'..".HK.|..l...p..z....(U.&.g.I}.... .L....UIZ:...)FM..Rof>...4..U.G..7<.R.7...Y.|..n.H &.....l..6...s.{.)..4^.......Y.U.....j#M....E.a`.2.r...7.0..T..7(1.R. .U.f.}..A..B....."@...'-.#?.....9yk.x.Y..@..p.W...ni..+.#...!.Q...a?.hk....7.e'Q,..B.v.`!..H.(mb.1.r.q.p..2,..U`.&o..Z<\2.J..:.`.M..y..i..a..x. ......>3...+\.bC.M.m.<.g...m....6..L..5./..z...3.I..i....lR.u...k.<....c....d..$.Q.....a...;EG.E..... ...P.............%u...Mr...HyLj.....u,. .%.xns../2R.M...N.|...R..@cl..8\..30.'b...%....\<.3*R...%.(.....sy..>.......&T.Ti|D......#...3.'....Tb.^.........4...>.D}...6...YK.....;|..#8.....aP...O\.R.!...o.0..^..s...._-..qL.w...M...i.$...|!...*......@xN..Z^..f&..8.\.\.......[..s....c...K^...l..+...qa^0s.E.q.d.....g..1c..W..Grt.G...?.....=.............%.%......E.W.~..K._....^...`........[..7'.w...a.|l.*1...Q....|F..7z..yp..!.-Q....|.|.{.......t..\t.=.>......K*..w.wo..l.....LX_"@

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\qpDNv8N.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8168
                Entropy (8bit):7.974047478113162
                Encrypted:false
                SSDEEP:192:0JkT06RLk8xdRR3KAfrBc2KKEHPzmOesANimp:0JwfRwqrra2dEv680
                MD5:8AF5B5ECECCB44DC93D02A96C9F5D749
                SHA1:FD3ED1DD7C375209A23C338FE71828FA912692A0
                SHA-256:34F521BDCC8FD912F23B80CF9F15ED310921DB02B5590AFC582C2191E8FD1788
                SHA-512:ABAA260B5446A997C801C60CB136DFF2E961B9CB663BFFE671C6BE2A34E3193DC9BE04C4C8655FCF814C59F1919700B062E93963C7E4B6A8BDB141C6F7CF1DBD
                Malicious:false
                Preview:j.A...h./Dl(....&...n...*w....;.$...<.......3.~eW..k3..S.....(.V.....,)Y...+<....E....O....y..).h.?nj.......\....$.`....n.-.-...H."......RZ..t.3.L...&.e...Y....d.Vmg.9k..F..N[..).Z..S..0.Ml....3#....^B..>.w(.f..P...]/x..Z.......Q.PZSt3......q..Z.S1<u.#:N..B..eO.f};._#..-..Ng....<}.0...'..NF0...^4....R..,.E.Vc.B7vZ...%:..A..5.`.....l.o().}..b.e>.v..n....x.....`&8......Y96;R.B..0.=c.._.W..v..D..-..... ....."...G..Z.u"7.J|D..7....i....%..aZ..F...".......W....z5X._M)]g....v]..X...G...Mk..O+.....@!../..gy....8..G.n.d..;.oK.$<E....h.;Dc..!..V]U.V...u.2...G..g.7...(.b...f(.s4s..d..s.Dp....d...9=.O.... Q.<w}.....E...S[..)..........Q.%.f...H0.I..KRm]91.........D..... .g.#....).......Sb.S..3.K............ut..)..TQ..b1....*{wj.....I.L{`...b{Wu..r...Wa..4..g.0....mhz....07....,$~...|..-..}:..Gga..0...Rk..q7.NQ.P....v.......$.....6.......+.....A..a.6....p:Y......vH.tL.LO.......E>.;....3....`8.!.+c..|..`.@.{.Rd...........y...s<nZ.Y.....f...~....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\s6sju2A.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37282
                Entropy (8bit):7.994794279675731
                Encrypted:true
                SSDEEP:768:jSuPKpaTxpBFzbgb2KMzS1Hsbc4tj+6p217xjOewqu8Y1Om90+TY:hPcabBJbg8ntS6pZqo4HuY
                MD5:4EC877F3E556E6D74CBE58F13E9B7E9F
                SHA1:71B8C4039451C61E7805DD24A42ECFF0BBE6DE8D
                SHA-256:9153D8C4413AAD0F6868B7919CB17E1E7AE1C7F0959B05AAB793C62FCB1B3AE5
                SHA-512:E3F2C820F7B5997DF263DC7D57FEC1EC913647D2A647DE2F4249876B09E2BCF230D4F9660C1D86F54E0EC5D48214D586FAC1F1F10E9DF1C7A805859857E7DE93
                Malicious:true
                Preview:.O.Fr}.q.Ox. .5..........|_.S.._..6pQ.^.;.UM.....~..S....3.z....yw...."..BL._:..``...P.b...{.l..K.^.>.F..o.J3...AmL....#...A=.-.0....CU6..c....U.w..c-.`..:D.. .w.D....K.L?.....D......m....N>J..#...$%...@.....q..]]...$/......?..{.@..e..3Y.....F=..Wz[.d.&......x..3.w.`.Q...h.....@.>~..O.e..8c..^'......{.cN....T..Sh...;..VHN...r..,.C...u...27(z.>K... .f~......@G_...^.!..../@.;ff..v`.....u;.....$...........(+....Y.#....k.E.E.6GYmB.w..#:Y........P...H..[n....S..G...{.<.....@w...}.x0.!d....$..Kr..X.{V.@....X.Z1.....s.........[.......r1b..J...1........YG...G(.m>C...k...)..j.e....}.6`.?S.ct'..7_....(..k..`......0+.....V.P....L.]....c..y)....B..>...u..!.1.dK^.]...[..9..H.Y.C.e_.%...Q,...;..X.|..j.&4OY..z..c.]....>%..+.....&$..'...2M?...........e..n...3.8.[g...^m.......m.........S....s.Q h.....]....6)QD.b.l..v......r.E..n.t.7.g:..oP..i$..U!...P...guA........[....n.61........YP.N...K..[.[Dp ....|.cE.0....!.>].u..LG...u...}L.C.Otmg

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\sPOSCb1.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37281
                Entropy (8bit):7.994461175342938
                Encrypted:true
                SSDEEP:768:Dxcdc4w7KKpMEJfO7/QVeAPJAYW3+TGu/FxiGXAQ3SAzcufVg1Q:DWdc47KSiSuP1WuTGuKGXF9tN
                MD5:0D5DA50488BDCC255CD1345F0346EB42
                SHA1:53FD173698AFE37967BBF385C5DE967339DDA0B4
                SHA-256:565D66B8DB935B7785F1A57257C5181408065E3CFC0C389AAAA0E6CD9A95B524
                SHA-512:F7FDB5DDDA211B5FBC44A513FDB1F95EE450E781178ACD84BE3C6F20F97B945D791EAAF9B95E0320F408320E6DDEB0B09F19B027D1076D8A3BD49C9B5E21A087
                Malicious:true
                Preview:..m.i..S'|......l......^pS8[.Q..L..pqY4.(...UF.\b.Zb..:+.......%.?.q...h.O.....y.%.[....G....n@Q...........*..V....Xb..{.f.\....S.;U,D.X...}..q. ./.Y.a.<...(.>.C../.Y..u...*..#...w...~........k...,x..E).~.!.F`.K...M..`3..$5dGH}.8..$....$.H-.Y3{..b..D........V....r.F.........s.V.....4...F....)Ii.yW...4h;7.+G0C:..&1.J..z~i...pG......../=..H.....-...3./..,.dE3?vg...$.IoeN5D6yA.|......E....8.-W....V.J.k./.3.n.....m=.C:,...S...+....c..6f/SY..V....(...@~..G+>(.6o".S..a.c...........,Pq.,.....i....T...K..d5..D.../]....6.6w...0...`z)....J...gq?. n,a..oG.4.U.{Y;.Z.a:..Q..@..b......m$.&...."......*.j....>c^....F.W..H....@..9....&.../.R....>..-.}......ySA.....h...%...?Z0..2J...G&$.<Lu^zYDT_.s.?3.'....".-|...-..T.C...'...+.Ix.LK....Y...&..A1.`.....6$..BP....6#..u. )P./Z_.....r..eM.K*5..;?..}............&..C....=D.!`....q...Lx.T?....>v..b?:.......~.#..v..|.@.IIx.@I....q.E.K....{.n..h..n~}.2....._.....n.4...."!....U+.............

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\u0EpDSq.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37301
                Entropy (8bit):7.994773411086383
                Encrypted:true
                SSDEEP:384:b/9bsYHy80+/7TdNoJ2SE0hLmusTyxAortontgMvcEqQ8sdi/go5m4Q2yDvnkE/D:bKYjzoIkhuyTetvGmYgonQfcObmdN4/
                MD5:02056BE6CE7C868D386F1F6BB7604C25
                SHA1:EF1807C882FD6F861B29D452FC30315B8F8D6DC3
                SHA-256:D7CE13866F37A333F6940EEB9C3564F9255D97A723C17EDAF3FEDF3D64688921
                SHA-512:DB0CE54207F0031802CDF4CB05488090C6D2D98968FF059C32A33C3902EDC13791DE0EFC9B8F5A5167CCB595D7B7BEE19AAFE6385FC71E020D46F5692FCBC640
                Malicious:true
                Preview:QR......&....o...::g..0~{.m..SyQ%Ym.<m.[.R......5..p.....Z-...\..b....D).mez).....~..H...P...B0..H. .y..............n....:..;..c(.m.<...q5........C@y.....(.....&N....&...;k:/cc..".....c....kq..#..'.|w..f./........j...X;..w......A|/.=.p...^..s.xIQ.T..$4...........d.R|...........g.R.A...".v*....F..V...|Cg...L...?u*.....[..9s.<........O......".?>.t..... d.EQ... .w8.Z..L`....L.>..l.W..<X...h.o$.V.xq.p........../..Ac0`x+..N..P..)....<.p/NK..0....!q.....X.h.-.$...H !W.. F2.2...5;.....d`M..p...o.Z...5.8%0X...#...q....".J.....N.6A.1l.....-0..\qa....{../.j. .......g.`.CB)CN.l...e....78s..,-..d..\[....,.Ka.O'T..~....Y.....]/...fb6. y...7...f.....X0..=.9........T0i)......I..&...h./bU..m....."|.xaZ..&Z;....|.K.!.8%^.MMm....jL.N-..~....h.."t...KN.-.$N.M..T.[..,....:...y.....x.}L..R...S.j...p.... .......%.U.i..?.(a.......#]s.......0.=...>..m!...b.%*.W.`.x..V..".j.'...,bW~".?B.R...M9....h_..)....(...P..4"d`C.x....d..x>.ci..._.;..w9..p.....=.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\uM6ypVl.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37299
                Entropy (8bit):7.995857294920892
                Encrypted:true
                SSDEEP:768:UBvD/N8haR5KhW/7TRUOU9UViKV1Mp6R7BXJDeqY0qCuWNv:UBvDl8haRQhWnqVUSpQfMbT8
                MD5:D13932DBF9DC119339D9AF6ABAC6F352
                SHA1:471A68E89DDC93FAD2668931CC4DD97E95760A1F
                SHA-256:1B7353545883F4429AE4AC862861A84B056ED1CFDCDB10CF0E5EAB2DD75F2B94
                SHA-512:FD341DF1C6BA338B829E272F4C29A9FAF43588F151AE624F500CB82C3DFC587F69711C7EEA8C28B0BE4D99CD72A9861A9F08E9468CB58E92753DB050F23424E2
                Malicious:true
                Preview:..]..7..+.l.w....2...6..H.<j+G.c$..GCRq...+.VC2..9u?..k.E...3H..a.s..L:...r...zh.....qw..9Y...S.....BW.+".m(5.eL.S..W..:..m.G.R....w..%5...\....I....Ms..j:.....>0w..>...O..-=......j.M..*M.%...H9_Nj....RH.o...j......g%....X...L.QZS...w.!.Dh0...".........p..'._`....DPI.J..8|.j.X.c...r(.~f.x.@...8.....v..'.AMA...?..=f...g!.i..*..-F)..3.........c<..[;,=.R\.91.~.g.M .W.p|'t.p}..d?B.#.....y..Z....._}..s.q....Lx...f....T.U<...-.'`.u.,R"...b.p.*.GG..zr1.G.$P2'".......PW.e.....B...wA.m.L.....a..O....;...*..A.}.X..d.$..k6...5......?......J.O5%.....wh.X...~.w...i.Q4L.qxl.Q%.Q......PU.mq.^........-.O..h.o.y....?..y.>.....{h..l.4EjA^..I..........x(...q.....d.F.*.&@....r.>..X..U/...*.U5..{d.....'...../ub.^.....k.......0OGdZ.I.>.../.\mc_...$n..........,.7.*.u..q.........[.C...6.'..x...d.. (q.3>6.. F......V....P.+..a(Ugs-.Q..|...'s..:..P....s".....#/7....f.^.....8..V'#,.cU..K..9.&.&F..c7f..>...G..A.$...w.....>a.q..N'L..F......}......<....GpN...!.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\uZTVM5D.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8200
                Entropy (8bit):7.975577155960269
                Encrypted:false
                SSDEEP:192:goafxOVL2C1bH8ldZdbq+1ch7mKNhaGF+fTTqzcKlR7fhvZhO7P:n0PC4d2WA6KvAqAKlR7fhBh4
                MD5:73A9C576182042AA061C74817A4D7DA8
                SHA1:FB9D141609E27F1CC17DE1A14E293AF803072294
                SHA-256:55910FEDD93080829E7DCF624E2694203E455C4F032683A2344ED202D4937924
                SHA-512:CF8D0BF68B4635BD7F1A4694962D6FCD6EB33FF0093367A31F411F56727C0865BB2001B924B2FF240B173CFF193E3D7DAD51AE0D425978748255208E478437FA
                Malicious:false
                Preview:.v(ir.oe.A....#.V........1.gT........-HQ.P.s.xa. .zQ~q.#.U)~4...@...wn.!.p....8\.,.Q.7...W...M>q ...9.........-K.n....\......A@.......il....5{.._Pi..,.....y.R.5.[.kifh..C.BUX^.#....jq.,G.ab......cOw.6.Z.N ...b..YR;...!U.X....3.. ....T..='..8`..}z..6X..<4.a....U?.R...m.....#&1.MQ=r.R.qs...l[i..E......B.?.D.D.4+r..'.'5.Ou...1.w.Y;....O.....24x.`.i.....e.g.........T..7m.n......-..J.~..m..."`.I|...8.4...Q..[...ht+{....;..$.x./6...,5.C.8r$)...E..N..o. .lq7.:..B....%[.M.]..;....1..O.|..3Wx.*.}y./.2...=.)i.....F.X..E..j...w=.W..;9.2p..........(.4.J..`a1=.....1...R...........p.#1.^...0...r'.<...1^O...u....8s..\Zc-.O.sa.e._u.8.:D3A...:R&..........y.K.a.K.B..cgB.>Z..n.$.y3\..l.@.K~.."_p3.T._.BG....LGk..al..U.<.,.wsT..i.p..7.f...<J..Sbv.3..Y}...X.1m..s"..h7../.e9-. Xl......+...>.Y.....L'......]..o..>.....dzSq.j.u"... ..O...L.J.?. ..B1E3....x..I..M8......v...$?.....H#...=.Z.|.P.MH.JM..uX^././.+N.....j...:5.[......Y=...gi}@^......A..bN.N.s..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\uplF2kE.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37307
                Entropy (8bit):7.9933351094065035
                Encrypted:true
                SSDEEP:768:jgCxKJ84Wmp9pqYPpEbZ9WI6sm3WqlqAA3fKf:PgJkmrEYObCsKWqkAeKf
                MD5:DEACCE05B1B8BD35FED9D3296EC2246A
                SHA1:BDFDA91437F8E85FC2763EDE912CAB8812B596B0
                SHA-256:62AAD9CD8D6B8B3468D43F75CCE91AE7F74693CF8D26B67E9F2BD41D7BE5178A
                SHA-512:770F0CC85D19A2AAA4AAFE73095726C30103913C80A407F69CA8675FE3E91E56B79EB70736DF5CED7A909C6ACD2702E1A1668BE80A46A4B51FEB155ED32F0CD6
                Malicious:true
                Preview:.."y.....E.mU........f.r,......Q.,.{.(..J.1T.P....3.......3....VO}X..Z.K..bP.:........b!..|.....L-Pk.......h.k..w...4.wn..,...xwtj'..I...M(]..%.d..Q.....P .....2B...PR...##.kflNU.T....F..|T.G....n.z}Z...l{#w.?.z.r.b.....y[.5....^r4I.x!V....f.N.".F......U..I~u......h..$.........YPU..$...z....aL..)........h......d..q...n.h!..X.:.....,.......o...`........6Xp...)..+...J..#.M..K~P..n..uY..P..\.4W.^.@PC..<...H..~.x.SQ.(^..Tu.......?z....".....$z.t....g0.X!#.i....&..?c.........qt+.....[...<...u.7.E.#.'.M_...9...w.....li^.b.a......[....@...o...v..h.gw...2.1.YN..D7.....oy5...k#..Z[ed...&gM...%......'.z.....zk?wE>S..>:%...FQ...F.Q....=V..w.?.JR....5.w..y.f3..g$3.....I..2.F3...._..)...<.....V.?..V...G.....(.....3..C.L...y.}...o....-.S..,...|.L3....@.vf..&D.s.[.:....+6.Sa,.6...Z.I.5......+%Z.zo1...~.gL]...N.0.....D&.P....u.ACF7.._.x....e.y[.;s..4.3.D..t.......eh.0/..".....J.9.|......bD'TE.*.][.wx....Ps8]~.0y.M'.."F...)Z........

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\vN10rU4.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37275
                Entropy (8bit):7.994483613184685
                Encrypted:true
                SSDEEP:768:pRaUiSGI5+TR5PAYkKLC6LBVFoWlUm7zt6TzXZQDGDISegmdQ:pRa5SrAtZpkKhLBU4/7zt6RQDGMSegeQ
                MD5:C8A33478654ADC4A4D3E0835822065FA
                SHA1:AD5F3D4C34E74ED62EF60C85C4570D55CB4ABFFA
                SHA-256:B7D9F10EDD2568114E8BA28EEE7147F29B3B51A054B93F232D8EF2FB81196DC2
                SHA-512:323CE0A4E9973B05EDE6C4D074A92B8002338EC2FA4686C64559A10BB0A45B65857C6E6EBC48A25A28BF863E408AAA0F9ED93416FA297D4FCDB7A65ECA529085
                Malicious:true
                Preview:e9\......r...A"...L.o\..c<....9w).D....+T........,.u@.*2L...5.....|.".#1#...)....D$..@....T..f(..K.U.B...&.s..q*,Hp./S............1..%%......j..<?........d.EX...}Kt.."...=.p..zG2.{......`}...y...u....EU.z..~..,7O.^.H....,.....#.Z..d.5A.../.'.k...............SvUw.?..y........%..j.P.e..$.c..x.(.js.!.,_..A.../6fw.q./BI..;P...(.q[..|SU2.......q.=...I.w..v%.5t....GYod..<{..c.6].h.a..\....c.u:..A.s^.*..je..l...t$eu......_8...G/../_..z#...c.B...i.v.#*..x.L.hl...6Z..Z.....C..8y.[8}..\^.C.........!.X].'.v\.p...o....D.#.A..`B..Q...#...G'.p....Z].a..Dp..o.QN..zi..n06 2.G9.c-Y....P..X.+c..@...@.'l..~....Uc.....>...9..k......L.D...%. ..........r.Tp....Cw.....`..._...........d]...:D..bY.c-=L./5....#..=E.M...=..8.........F...M.4.>K..+.q5....~|$...x..d,....^W.v1*s.^K&N<.w.S...@...w..._.T.['......)E.....rf..TN.a...h.....W.H.N..|`.<...0.............e)..t....S.Y....(......]}..k.|._.o3..$...>.....i..U..(..@.T.|.uz)`.K.f...j.W".+U.j........'....0.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\vgHycHX.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:PGP Secret Sub-key -
                Category:dropped
                Size (bytes):37326
                Entropy (8bit):7.9948459693114415
                Encrypted:true
                SSDEEP:768:dYE1vFAoXFTD+bU0Ifr1fzXV7jEItb2htHboiD+PHkd:dYE1NAKF35VBfzF5b2htb36kd
                MD5:FD65AE35BF485FB8A1334184B86A82A9
                SHA1:98255E707E1B0D9FBD6CBF405E6AB63E3254CF04
                SHA-256:B8CA7777376E52A22EE782E06072BC9C5910235813A7F446CB63DE73C45CB691
                SHA-512:7D19901BDC2E8DD5EFE715D0383F443E09025FD265E70A5416B4034DB28D07303B18F02D2F01DADC73B7D470BE9E393B6193CEBB55FD6A80FA3E28F202D52E0D
                Malicious:true
                Preview:..!....$.-p.5RO}.{m.0y{...v+..l7 @.H..Dy.|......t.*.?F/D.6y.hv.....T...L..(j.H..l........Sc.....}.L.y......,.~.k-...MU{.;BA..F.&D-....6.....V...)...E....s. dc.f&.0.? ......}.|?Q.V..Z....9..)1U-p....!..9U..W+..v..._.V.v.ve.+CA...fha)..{.....M....Bz..4[....xTg...'.N....HW*...... B=.;<P.*q@[W!}.n..c.........<.9q.:h.f.szv/C|.QN....`.......)%e..1.+....Yll..c........[px...U..jI.{O...;...}....Nj.G.h...6....N..`#. P>..#...v;.....k......."...|...%.v...yN.Rz/.Gy*mq.}..Y.b.....o...b....O...T..I..i....or.M.]..J.........;..E.D...&.yR..l......`'NR.0.....&.....'.2......9..w..Wg..mC.kU%A.M_..(o...1}.:..^Zu.XrL_..s..S.).....j....h....BF........q.U....T.'d..Z........l.X.... ...b.-U..DS..;..j.[..{..A~.3....3.r8i..B0i .k.g...".H!>..V...W.9.Z..v..\9..."3.x.+.Hx91..A.EF..V0..d..+E.....g.`...4.J@.....w..6.p.A}D.g...U*.?E..=x.D.B.._Hh.PO?6.|.^...#..(%m..V...=.."5...$..G'..$E....v..@u.&..qw^..J.e..~..)*...5..D.....H... .G8.....X*.f..(.B....X.)..OU0....&d..2....!.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\vpjgWJ0.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37314
                Entropy (8bit):7.994733014086117
                Encrypted:true
                SSDEEP:768:+60VGGDbJpSFJtwh6AT1i3VE80+0vAE3hhgcuNBEt4R1meR:+zgG3JwM4Vb0+04igcuNu+HmeR
                MD5:ACBC9D7C6B4A14A1A8046412EC7A2EA2
                SHA1:FA529213A619A2E6112FEC9A134C0DD3C14EF02C
                SHA-256:087C6BDA5A23C48CA302644598C31D7DD63F24EC4068CFC59E2E1E338AD6993B
                SHA-512:E2C92A671BBECD1104D934C784CE534E2E69A6F87483F83FF7C491672E6D32D21F622CC8792E9AAA5BC01F7767EBF98897F7175934A6646B2049B9DA72471456
                Malicious:true
                Preview:U..t~.....M.@..^.y?L.%....,N......X....._.....#.......13.7...r...V-+.....'.'yyZ.G.....w.f.f.@....eUS...A.l...G.`^.$1.$r...Ch...>.............F.!:^.0...P[..L.SA.~.>\G5n.6rd..dH.. .Ekxqs.<...|..H.....2...N9Z...W........o.......O^./&.....J....F....'..['.......<..~....U.Y...../U.',...c...P...gbL.*....a.B=.H%...... ..Qj....X.JI..K._s<.gb.n..^/./.cQ....9.8HU..n5.:.....A....Y.P_..Yw_.WW..._%y...iH...0..}...,.,8...Uu.)Tb.;....>..I..2.#..v.\=O.x...C.....3n..8>.[.b....E..r..8..nU..C.K.%..~.Jd.W..........9w...j.......[....CN8...@....$f^6.....6;.1..J...U.*......R....*h...|l....!..".{.........K...$~....r[.F.F....^xJ%.!."..y..[.9 ..T.Bk.........<>.)<.)....V.G.8S. ...&.*.:&.I..e8<....Q8.f..E....!..j.9.Pb ...vR....4.2.<Qw:..5yX...$..+.^....P.....w........gk.6.....l........*...Kte.3.p.&.a...pnG.%.".lZ...^..'#.~.A.Q..|.+.([...U/.[.....Db.@.B.mM.].F.c..>|..)...k.0..M.d....^......\].C..U.[Y..)X..0..X........t.x..*.g|$.2.z...-..f.w......[...9.......l...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\w06efF9.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8170
                Entropy (8bit):7.97779713749478
                Encrypted:false
                SSDEEP:192:icHUvlZfSKncZKto5PCpR785Ae4UVxBv6hJekEN5fV3G:ic0vl5ncEoa78yLURtY
                MD5:D67C8236580F9160551976621964EE67
                SHA1:004E61F1CB0EC3D9EA415203DE2BB043D72EF0AC
                SHA-256:DC61C500DA99E56152BE724BC3D19D8AA2414E91AF5608E4536CC4DD5A3629D3
                SHA-512:BAD012B01D657AB358F2618AB73AFA2140CE31C03DD8F9EEC4CA1633AB380CA7E6D910D2FDC38EF69B3393386060F9969F1B61561ACE542C35BDA5C6EDA5DC0F
                Malicious:false
                Preview:...D<.,V....0%U..G@...*- oRq..j....I..F...}8. 5(t}. .4v.b..............e...*.......9....J..8.s.....2..s.*.Zo.AH.c..Oo|..2&....vB.r...XV..4{g.#f2..q.r5..~0.cB.4..(. o.p(....*?&.F.d.(..F.h....B..!......d.$.4.Re..@#..-Lv..]....C...1D..U....-.*.?.....-.4q...../..]..?>M....6l.C;k.x.~-..w.e0..K.......c ..p.erU...ZO..N.t2.(.n...U..~L..V.p.u.Z>.'........p..-='...F.(.6Y.l..(. ...ss.Bfh.Hq..'Lh...C|..-g..w....s.M+..0..8"...0...cz..E.9#...........-....... r....;S2.Y,........d.C*te...d!x.KP.6.0....sB....._A.t.6CT">q.......G.3.jNS..s%H./..7;.|Q..xm._.i...AT@...<XT.j..d........3..e..lh4..M.d.jZ.;j.....b.k....Y.Gu..R../.FT...o...C^l....}j.A.k...1....$oh.P......N...T............]}.T.).....lM.*'.e ...~.....9M.....Rb...g......l<....dE..MF...F...RG}Q.3..~....6C$..Q.-4..g.."...s.I.......'.._.'x....Z..V#....;.....!.&{wO.....$...=.Mm"....!........6i.1.t..N(..s......q.....c+..-_...y. .......8_N<6Y......~~&P.X........6.D.j..)..E.....b..=.'jk.....ZT......0...

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\wEFQo2Z.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8210
                Entropy (8bit):7.975479804659554
                Encrypted:false
                SSDEEP:192:xU6fx/af4J6IDk5SK6XT50vmGxrCUf3uF0eh4rD9RKig2FPHKrmVwB4FmMK8XL:/1f5VX9G5vfSC9RR7FPHKzeFm4XL
                MD5:EA4CFC723EFC449D725E1ED46C2ED1D7
                SHA1:DCF3D18F3EA6EE0A5DD1A6256282B3ADAC4FCE25
                SHA-256:5B534E7FEF0F99FD8624CE363D61D6891B1553A5F33709A5CB13051BE8EEB929
                SHA-512:B1C1E07AC115FFBCB7245957F87C4986A64A6BD97A3EF484C525C95FB0711A3E4D0B0C76315CBDD7AFFED86C8262BFCFDDB81A18B82059E76B97370D848CC2BF
                Malicious:false
                Preview:..T.....A......=~...*w..S....p.|.*v..`.Kd@..m.N%yI/k*..........Uu.R^.g...}9..6>.....%.V..9M.W...@^.$.R9.=>..k..vPT..].v....r.#^R..^u...>..$.~...)....3..W.6^~.(..0Z.^E.......W.>.d^.Gw.......s.$.-.K.L.............w..w.u......r.....w.1gB.U.P.|.......|.......Q._r..5.o%T.^.I..<....XM.y.-.vc...j.d.......Q..j.%[... .....]i8..n2..E70D..0"Sp.......o<..a....I.8.,..........t.c......n.d...+.n.+..\@p..Z..`<)A.93)."+.}.?.ZQe8h.DL..*]xwh}#KC.~RZQ......|...Qq]qAI.w...........[+}..../.-.....U......t....\%.N...y).b..[t.,.\....7.q..8...J...4?j,..... ....?...m...4.c..8...N...5.A.;.W...1e...W~..}.B....gX.'....X(.....4.J....%D..r..&8........nCg...%.*..).D...s&..E|.o...g.ziFb..B..m...*/k..f.....5./.*f....,X-.=$%W..u.C>FK'J..B.<A..$y.q.....d"UW.........HR....PO...).w...V.q.J...<....3GbQd.y=VF..@.Z.....s/>#:..V.L\-..N#.k.y..........b.s8v.T..r.r.?.]t.Z..3...(...$.]..D...L%.|b.@D.2.'..a..t..........%/....Rf..o8.'..X2+3.+.Hq.hX`i..p(.oO...*_ ..sD...........R6..|....

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\wKwuAFN.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8170
                Entropy (8bit):7.980072414785088
                Encrypted:false
                SSDEEP:192:UwjMiqS7LRCA2Q8a2r0Ig5kybZLZrQMSgjfRdhyyZb/k8:jAxStCA2Q8BoIg5vZLZrQMzjf7hy2bc8
                MD5:97FF20AF6A23F341DC74E5BFF59112AC
                SHA1:254B784FE980327F02518D814870395D9B74769B
                SHA-256:29CBA78144014F68FF85B8559A4A08401D3BB18805E103D1C649603C9FD4BF6C
                SHA-512:1494A909A867430AF3BEB1C9848937B92F706BCC9325E4501AA87D809211540F5F5343F62F5AAE51DCE3E21DF4E1B02B54F366EB316739466E3D5825DC2D7407
                Malicious:false
                Preview:.....}(..\...7Q..d.L`w.Y.;6Xb..t.b!....C.>I...-.<.#p0."...V.j......b.Q......!....e.K\....7........|...{%..W .0^..$.....=#..k.....^....Q{`.4...)..>A.U..{..6......_qFw......N.^....@...U.!.q;bs.....j.?...7U.e..G...oj.(.o.J<.C).....b.C|s.@[...4...Gq..y.s...;.f.e..X.J.Z.J.a....s......c:...V,..)..hw9r...f$..1J.^|......F..z.....:.w.vC(..?.s..3.......7..&L.Jk.K.?...I.h.3q.{L.X`.B.Y.P|.I.Bqe.....D../.6..]..W4.S^2gF...~.>..{`.~s...!.8.|.\8gG....E..,......t.g...z.{W.....S.%.^sT..w.._.P....*A.k=...T......o..m...b/Gv\KR.R1....yF.j[n..pOOk.D....S.L}C..4.i...0..7..%.m........&.I...=......0.|.7w.Y..%...5.-8....S.tc..yK............}...O......'2.J...H.."....2.@d...C'F......P.#.....d..}......,_z.u..8..n.C..A..`.!.#..8A...qC..b...v.......%..4..YVd......w...g.;.;....wt...o..U...,.'.cU.r+..g7g.>xy..[.%.Y.j6.~Ju>2.pa.|3.j!...|..y0..YwGu.q.!TP........8......q...U.....;_......;.T~I.d.g}.3.o...!{0...e.,..J...V.r..ud..X.K.5....d.H..D.[....]..vr.,@m.. ...S..M

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\wj3yhdD.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37289
                Entropy (8bit):7.995484108682433
                Encrypted:true
                SSDEEP:768:V1PFHbKEAo0DtG0YFqHaZMgn1A+YLYxHiq5Ay/SW2KsNeUYYlO3NW1N:V1FHWXJG4H/giUgn6sII1N
                MD5:47DEA793CC8A3C211C09DDDD152DE885
                SHA1:E979530D1313317B22C3EFD2C13E2E8B485855E6
                SHA-256:6782F5B1DFA2CC3F7D0F9823AB2511C97576621ED5FE4E87E43E15F9A6D55E1D
                SHA-512:47954D69E9E654265F1E359EFF619D67D708508F09F5C55125FC6153D9DB72D33EA24F4280E15F8C0A3A5F8D0F2EC3856872497579B595D38D7D37C775E3B288
                Malicious:true
                Preview:!.(.;\.h..w...9.....vLk...D.<........L..[..'_.F.g..Y.~...3V.v..;{.i.(.Xm........R.b...C.3..a....}...!.-...r...lf....Q....W....m....:..uX....8.p.G._...c...U~.#...O.*.$...e..Pa8r?.Y.f..f.*. .R.!....}.....9..j.....M`...MGNn0...\.cp....el..F...k..r..&..T..'...^...O.U...d....zV..?.>.j6Q.i.....,.x.....>...]9b.jT.K-...\..Haj.Q.a_.D....:..]..U|/W...m8...e}..D`.r/.........A.../....P<5}.w.w..v.,..,.W.+...@.!.l..+.[..4.M..c...P...aM....gVx.u.v....S76..]=2..".SJ.....\wkFl...W...4}6 .z.d.-..?.{....U...b....jx.{l.D.d.FIA.ai..{P|Kz.x<....'..,n...[9.c..f.%...`..Z...<.04.3.......!.r\M..~V...E.(........vBq..)..P.+.c8..NO+>r..F"h..UmT...a.^.ur.(...%-Ky...=_..a...0.)...J7.9.,%.`...#'..fS.Da0.x..Q.M.`Ty=..x...1.aB(.L..q....xC.o..N...0......9.`28#c......(.w. .TQ..S.<.8... ....HO@."....u.j.A.}..z.........-...|...........w.....$..i.;...u+..=.S"l.3.4<4....P.O4L{......dN..G.. .....O~..*cy..`.Ght..w..(xY.....nx.W.%T0.?6(... .-%.x.2l.j..e...K..8..9Rj....6i..93%wW8...z.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\xbR1WRJ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37312
                Entropy (8bit):7.995712492996677
                Encrypted:true
                SSDEEP:768:TuhB9KOAkEXptifar5psHJ4yAXa4NpVXxPsvsHb8GY5QpijDO:T69KxSCP0jAq45xr7tY6X
                MD5:EF145774D48692CB16A6C08311387FC3
                SHA1:EBB68A791FE07CF6EE669A63DBA8CBB1B9428607
                SHA-256:2A2E5ED75508462714EAE91E7679A31ECB58FF79568F2EC7787B37895F6A8B5D
                SHA-512:AFF68A1470916F24DE38295FE0605DA2AA409067C94E7CCA7699C0BA524E013A3FE2C946DD389FF90C5679B5F6A5AB67D5AB309605F21AAF14FB1B19415D7B23
                Malicious:true
                Preview:.t%N.C.-H..Y.f[.,...M_Ly....Zt@........Z.Xz..^;.3.4g.c.q.[...c..<. -.k.8...I...3..j...'g.'.=.E...`|Y....pf].P..=R..m.1.*=.Q...6I+..M.-%.:t...[..V+7.A.E....e.N..........ii......h..n..i...'%.IN....-`...ia.."C.!f..c..#X.P.yf.:......n...~...5 ..........>~.Q.V.SA......{f3.....%?'e...d.t'.....Z...#.....4uo.=...%.L.$.......l!5..."..2...u..,o..;X%...~Fp..P.&.Ju..F.4.....cr;(.. .h.;n......j...`.{...i...4.....I......r....!%.z.B..../T......_..;N.j.lS.......n=/(.ZV.S.1...l....G.../.L...O4rM....d=.{].[R....`......y6.......H..z..g.&..F:.[.......@.q. .. K.j.~.A.d.i\...Szd.7.R...%......8...K%...^.4.p<_.h..}.....m.s./.. .S~....h.%fa.0...L.0.../.J....<n\*lC..4^..s6..o.....h"5m...}.0/..P.,;{..nX...ev....2._.Ek.....q+...4Zm&...2..j`...z....9fAT.].+..Sa..1?.5....+c..%..."...s@g.G\...Q..g.- r7.b;V.....-..........E.......s..Om.s..U..>..n.Z.............v........Hb.....OVj.IX.....G.au.O.?..^.3..l.*._>...*m%#.....(..6...?.8...N..~.....B..In.os.d..4.l.i.t..

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\xftpee8.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8170
                Entropy (8bit):7.97584689779498
                Encrypted:false
                SSDEEP:192:ztm266wKn3/MlXXkeppXAikxcrphNyTIDGI71I44xNWkSqHuhu:ztfoKWXAiSMPQEn71F4xNAk
                MD5:45E798A53A0F96F0FCE86B26D37AE05C
                SHA1:6C19CCCA06702FE14959BA6C1772AC07807A4514
                SHA-256:5584D89153447454F0974C7E33ADB40D7D71E878D18B0358762D052ABA40FFDF
                SHA-512:BD64AD498BFC5FFC6A45785B0E1AEE67DA0BBB6B3AF475B2C22C3B920409E173E4A9A5AE2EE5E0DFEEDBF6EA034D9902D0911F93744B67CF7773DF5BECF57AA6
                Malicious:false
                Preview:<[y...e$.L;..j.....9.QHZ..*.Qo.......)r.dUp...P.r...t.\.[C&....e..vZ._.._A]>].... '.C.....ywz.....t..[..\.........H..d0VR8s.....L-.C..TZfi 3;.R...]8..+. ,T.D..'%{f....P.....,..IO.h..#..+s.h.sY.....Ut.E.Y.q...u..(_...V...c....v...m.yU....?.]...j.N......aC%...M8'..X.1\|3...N.o..,....Q.....>6.Z`.P.b..1..e...Zi.&.....+..uVP.mPg_..T..I05V.YA}...g...F..<Z!_g..z.5.X./)..~V....r.L.....3G.P.....v..nJ...?.....|..D..rS.e. W.......;[)......8?..<..3.[h[.<.......A..F.C..Wa...k..%V..O...RR...N...#...af...(.;........|....d.........2......)."...#..,....x%.mrn...nK...KI....m.T.3....Jo....Q..h/.....r....e;.rH...3..."..h.Y..I.n..w+.I..{....YG...wQ?.t\.v......E......6.6.....3y6.j'1.....5...`.6.4'.,.%.....$I,.S....P......=Z........jBD.r......H...7lu.'.-....]..L...]......M.......Y.P}........D...l......ZSO)cw.._......h.I.].Mp?..U..lQ....=B...... <.+...\.,...P=...g..E(d..|....wg}...5:gG.........vY.r..].....S...zY......?..^...O.tN9..41..Uf....SO..A..-F.Y..5......i

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\xgvrI3J.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37294
                Entropy (8bit):7.995035859098009
                Encrypted:true
                SSDEEP:768:hMVyUB3Gju+xE97KU5BqxwdZLGAY7xUMxAQ44lkylA6Du/BvmKLbmffG:qVyU51WENqxwf6Z7xWQQy2A4Oyee
                MD5:A2EEBB8886BBA6776A2A2C9A94447457
                SHA1:63DCE711762A0F66AEBD7DBE42A9CFFE7F570D6F
                SHA-256:876364163181E4A7DDB72124927721526C93B2E3617F37952AC2AACCAC4B1164
                SHA-512:5C857BF7B577834646F9B223F1DF1F98040A2CBBEDED4E52FD111D16F9D76F156BF6EAE14F58BA88D47856DACE847AF39310F8E7072D27BD717D4372D2F19901
                Malicious:true
                Preview:..QG....w.1.C..S..A.Lb.3~{...*..I.*R`.9..m.....-.(E.+...{...f.i:...O ...WPF.f.U=.G......`..'...m.^.2...'&......&.g,....n|7..h..[C.i..o.7..q..........9..h[ y.+.c/..M.~.....h..3.P.f.^....l+....F....M...Z..>|..K0)D.........~NR.S.b5.../.]S..t.&...[.5.......kd....!.})\...S....c...f..K...!)i.g....wVw.......M?.<...@gK....0%4-.@.....S....,..N.F:.*.8.,f.X..I. F....../"#./*.bx...3.B....A9n+......+.......w..` ..{...!...g.G\mD.s.m....-#Ch..>.".h..i.D.i./..fs..*.&.=h..PUY*w8U..#k..m.6.&-....`B>.J8.Y...u.lg.....J..%........]e.../X.P..k........*....D[{.)2...-{<...j..6...C].j@...m..x.....EA..Q.M#!vss..KK....J.x.wvZ.....GsqM..;.:.1......L.=...9...gw.6W.7..........Fz.>n6.B..V.....XbIO<..(.....X).....D...r....A..R..d.+....`..}X...}..P...4..H[....f-..'T..~.W......I...w..p.....7.,;<.d.#bg..F.&F.>.Nu.2.)..=..(.I....C~/...>.......H.QG......aGh.).}.%...i.:i<'....OZ.Y..#o....&-g*.y....D..G{g....PP.g.P..C%.;.[.:.ne...J@..F..7&6T>...g.....SI.%....Ox..o'l...{.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\y3MWcKk.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37285
                Entropy (8bit):7.994978346237872
                Encrypted:true
                SSDEEP:768:qmB5m9G9EmQUTNCuE3lQrXGSTzL6BFqZEFmwQUBJVQn45amFiBN8tB7:K9BmQKCx3lQKMz2BvmCBIQaoZB7
                MD5:63FE0B779909AA66CA55AA58ABB6FFFB
                SHA1:F62D72D2B5AF91A494A8F17D7BD738CE428F7EE0
                SHA-256:E447E66A966C0101FF407A723B1DC7846CEB3BE5EE24E705AFA37E2AEDE2A170
                SHA-512:33FD81B426D62EE5389BD2188060F0E36CB5217844495333AA3D3C8B25533F9B6E38FC9188C51129E8768605F09E52A5444542CFC6F864FA09EFBC04DA0EC0E9
                Malicious:true
                Preview:...N.)^B1h)......o...sZ.wz..h.V.........r.B....>......73..@.Vd.?..-n.-.[..U:..e....C(?t.VQ.....3i.i...Y.#!..+.....l....-.......i..Z1.o.....[....y..d"."..=..I.r."...qc0..=...5..s@WK$HY~g......L........6D..r...70.]...a.......BH]. ..zQ.f6...JF......&.XFa&_.*...V..g...h.f....".......#(..D..#....fi......I.1q.I..Or.......#W.`:..6.^...f.<..._}......T.8.R.e.B...z..Is..<..;.....2......k.Cq+..}.P.A.V.?9`)...`-?/~X..&...s.G..B.b...._.Hl...~...E.k.N.)..D.u9......../u...d.C..Bl~.g.(hj.U.k.c.... ..X.`Hx..b.h.!.W>..Q$.qP.l..1.(j.W.E`S6F...Bn.....>.(.FA.$h..G..<...\..5F..$.......g./jtZx.q.....2.N.-"....F.&.z......>.J..VNAr..............".a..y...&.....u....I..o....LY.v.p.d..,..*...=.(._.V.|T.....,....*.....z.^.&d..O.mX..F.q....U....9...m...E..qd....R...!!.. ....l..0.........1....3...u...m......U..E.|U.....x#.2K+..{a./.....UM.Y^.........dk....G.F..y.8.H].b...m/.)....0N.2.....h.j.......,...p..Ig....^.L..[$...y=t...P..k=..=#8..R.%[..h.KG....R"H.u.<...i..F..z

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\yTgHu1O.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37332
                Entropy (8bit):7.994626759108586
                Encrypted:true
                SSDEEP:768:Ak58MwiHw8v3XhPi10xFioteP5q/WKoTocAP9d7jfawT+H4j:AMHw8v3xK10H7WKlcu/zW4j
                MD5:99294BC59FE8B922A187952571560D4D
                SHA1:9DF2A1EF184887339DD8293B9C2B8F90493C664E
                SHA-256:5172F725B6BF3D31543DA10F607AD4F13648D3C02AB0F528C95752BFC7CB4E07
                SHA-512:2AAC7D651275DE369CE72D4C222E1508E44037D9DC0FFC8C1E73C08F4C14C94ECDEEBBBE5610FAE70EBC879ABCFB61D1DD94630ABF40878F4F7254B8FB14EFFE
                Malicious:true
                Preview:..\.........Z~....Q........ks...._".&.|..;.u..UJQ....=...c.C.......w.{'-?...z..]..*.+.d.TW.....&.X..v...v..f.P..k...&.`.W.......k..[Tp.L.?...%.4-.:...._..y.z.k..\..$..".e.(..R.G}..9........Q.s....@.$.....z.0}.Q~.4$.&....MN.A.2=e.+.j..........$......k.........lH..7...E.....O.].J.:b......sz%'..=F.^..fXj.(...]y....d14...O.TU.(K/.7.}..1D}#....Q....[S.i~:.a_.S...v.6..5..ei.MH......eY.HM.W.......^.~...gG...`D.!..C...7..^. g..#.I.l..A.+.y..x.M...S...mJ.HA..h.../V..B...@T.e.G.L.K.......F....:n1.5z}....JA1.S.m'u........p.GS.Q..n...Q....%.8..{n..j.y...Y.`6...ua.u. ,..s..-?........\..y..._......k.O...&.`.-.c...m.|...%ejd...8.m'....Y.....0.;).x.$...t..>"$?....2..............%...<...+*M.._!..F..~...moH.K......=..a...D.PP........b./v.d_NLI.K...F.......W..0.qV.>......uh.V.(.^.b.......! ..'.O#.'Q.\3....n..h.3......2.....[.).^..|..$..=I..DY=............au..40..N.|.@..wY.F{{/.%*.S...0.D.<....0b..t .n.....N#q...~.U...a...#m.r.*..h.......@.a#.I....6'..i.t.

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\yaPWCgn.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):37274
                Entropy (8bit):7.994666390200624
                Encrypted:true
                SSDEEP:768:EnDMPJOgk/m9fkclE/uWtSTCN5Leew5RQerOQX0TzuHF0dS:RG+hkyE/RH58RlijaWg
                MD5:EF285A8D31F4BD0364CEFB6BE3AD4A7B
                SHA1:85B9DEF7919A126A342A45F51AB792812AAC4E06
                SHA-256:C15D9F2DA58DDC69F916AC06B55D4B84563EF61F169810F5A5A9D688AA6AA0B4
                SHA-512:CB2802643E05944EC6DD0591E3DFE6A0C3CCCC3FA104954636D4BA35B6D85947DA2B336010F61651454D824EC9DBE289FEE1B3084C48E410B949CEDE7D40F04A
                Malicious:true
                Preview:....lQT].dyn..H.......i-.......W...&O..|......|q.*..:q.~.....o..a....9.R.#.....7y..5..vd_^...di.<...xU..A.{...'...#.D"...........PW......Z#n..hH)ed.%.....@N.g.VW.6.XM.K...B..Z...O0-.i.q@....x...c.v.Y..S.>e..%..?.+\B.UP.....s;.u...C.E..}.x0....IeH......W....q.\.j....._.P.......w..jP]..m..m.?.%....z.$..s2.....kt.......}T.....Y..@..w_=....a..=V.....9.....NA..n.u..n.@.}......L......>..s..{.m......#6..V#[...C^..S.[...Q...w./q."I..'..T....S..6..o...}l2..6.....%?...d...Z.2~-q..'X../W...{..?u:.../z..4..J..k2...tK.9.r.k.[....f-.y.....^......d..>..`1.W...{.....BcfC&.`eQ..R[R....c.. ..Z6l. ....y.?..z....g.|....22.E%.H'F..fE..0_..2......t...$..........@.X_(...T1o5.&.V... <...@..Ly*..B...U.9s..3.??.6.|......y-...3.|RiN"..l....J2`.:...T...K!.`.0_..t.`Kh`.nK.r...3....5.........VO5.7'..N.JR.....$e;..../.p.....U(.d...@....^...}K......\.D..{.dJ.V.S.~..wGP}..r.0.T.,.=.,F/.....f...e.'.D.,..j,.pi..yt.]d.4..7.uc0.$..S..1p....^./..C?...(..'=.5.......L

                C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\zqaxk91.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:zlib compressed data
                Category:dropped
                Size (bytes):37328
                Entropy (8bit):7.994561868100128
                Encrypted:true
                SSDEEP:768:TbTMSc7onJWq9iB5jPMpQKVUlx2Uzb922WHUy+gicpnogTtwN+5Lt:TcRo40i7lKVcx2BHUd9YPTkGt
                MD5:0BA4EFA6B0EE1649E013263BC2CE254F
                SHA1:EF278D196DFBDB4071732B44FED3702B1A43CAD9
                SHA-256:F64B5137B2D297D8CBB36E1D525B60ACA7B80EA1D238A541058D34B30C2DD87B
                SHA-512:AC10CACDB301B95B4597478FD7C30B6B22CDF0E41D672C72F6F992E1988E71EF6F9F809C83D07AE57A11A734F17BAB2D66BA88A81D1F9E67B2F92A71B77B23E1
                Malicious:true
                Preview:8.......L.[.."....>.1.9?.TJU.n....jQ../t..+M....%.'.....<n.o.L....u..ir.{(.X.....r..Y....oC....x...........$..l.U."X}y8....$..&.a.....|.I....q......-..$_..PG..^Z._..W..`.D...`EO..."..... P...+...~8l..#-....3....JM.)......$..0....0j_..5....4I..j.b)..P..I{.|HL...&t.Q.......rIwi.Ep.@..g/..$B'...w...Q8x....t..o>B/.IUF..[...P.f.Gz....x.....y....%.S&: .....b1..#s.......\hj.d.{.G".....y.9WG.&.._...[..p9.J.<...J.....H.5...y..R....+...XGN..l..l0<.:`dT..f.e./...2..R.R...j..Vd..2D....za.%[.5k..w."1G.Q[.9.6H1!~...!.....I..Rt#....\P....7....X.t.r.99\.....|..J.$..<IuRLJ}...a..(.J.;BJ..u,.xH.(N.q..\...f?N..4......b....]......N...t-.......I=.;W.Z.......J|.u..l*...*3.P........c4...s4.....j.C*.PX9..|..@.W...0a...k.b.(O..\..U.......{..[[.....K!3..S......,.$4.._..M.......%..cK.QWr.........r4ZL...nJn..W"..X.....`u._...F.(k........I..1...f(..;.LD.{........W..P3.%."..a..".Pd....$.~..#Y.ryv.&A.CLz........z..z0`.;.X......Eg.p.Y.\A...\~..L(^.../...&......Oh5...

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\RMscDGD.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979714375683848
                Encrypted:false
                SSDEEP:192:pDTtR7jPjZ/pdzkU+O72CNK0u04rtWNPGvwZ1ZOg2:Bzjt/HYUD72CNK0f4rKIwBN2
                MD5:0CCB52143FDD5901485EDAB8B63C8BD7
                SHA1:D3E31E50B80920BB2D2661C61AD2C6E4420A9A24
                SHA-256:A99281684C3CEDAB7AD9BA208F5F826F3E91113DF085754B2E602B87788BD223
                SHA-512:3D9216B3388718AD011E0723E6AB9C04287BC45DE42B4B7E1E36B8BBD3A731CD6DBAA6495BD6C2FC5AA779DA73AA99894C4A0BA7DE0E82F7ABDE13D832A19FE5
                Malicious:false
                Preview:Ze.y(rZ.w...5.Pf@...z....A...=@......{.Y..;.......TU{.:.z3^...V6....&...|-Pk..-..Ou..!v..f.r..&.E\0E...=Hjg....d."C.nAp.........R...og.}W..mtF...D.|.g.$va7...[..z?.3.Ke.E..f..UBD...P..=0.5..7yI.D?U.i..R.k..U.&.k...x.1...u.g....^.>...%.pS...}.t.....+.%..|...O.J9T.sEZB..s....u.V...T8....-.bI....."&aO........I.q.y....R..D$\l..V&gu.....}I..ew.N{..Z...s.y.X.....e'....#..w%...6=..p:......B.?Z....v.;.u7(.........1.|..n...."..c\.+.#......{...D.....s.h..Y....67..;.f.wQ.!.d..z.|...A(......"........*5!.Wc...^.....u.A.W...tU..CE)#.:..'...Aq.g......9$.Y*..w.V....3.................;...Z........4.....F.K.k..*...W....(...d...&......w..s..s....:R.0+O.E%7.`.../.B..y....~]F........3..E.L..H.._.C]...*kO.......Nk...@.....O.....D6.b......k.......p.)B.I.e...W@e?{`.......F/....o.X...1.......d\P'/.'.....p&.N00w6...?&..-.m1_..5...a..=MC*>~..l...x... ..D.W...b..X.U...8...2...W"Y.....W.....,r...+...Z.Q......^.c.....d.B...YxJ.I.b/Va...(..qJx+G.o...Q.@.\=!.e..}....

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\ZCBkO4m.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979598948542079
                Encrypted:false
                SSDEEP:192:JesbDLog7LRiV4x3LY18nfU2ExwaRUEmbp5y/VRt/agy:J1QgPRiVgbuPzwHEmbpg/R/6
                MD5:1432E88826C49F9FB4711501A4F3221E
                SHA1:93656E961674B57B1BDB7B6DA1FD74E5B69611B3
                SHA-256:F71FB7765AC7F980A8C8037C6162B8F6BF5BE40C30E5128026EC5CC4C5F4940C
                SHA-512:FBE2AFA60A514674CB561A670F78B6DACE3C4DCE147CB4A8E317A8524BA2C070E7F4EF40C4F409D0B37D0F2DB88B726DD781028B56F4D89253B4744F0144EC82
                Malicious:false
                Preview:9.9....5.].N...$/.QD....v....@....^...).l...&.0Y9P_.t9L5.)~k....w:..k@"(.....%9.w..&.~...f.....(:#....g.o.$d..;..6A..3Wf...i.0.i.j...V...[.XL.....(..N[~..X .S..2...8<...G.k.2.V../_....4..l.....{.........j..7...."..0.....8..ct.$R........*)...4.p..].K3..`G.]..o..`..*.5:{.......^l.._..}.J.9.q..+.}......!'X..x..'O.`]T....j..qRw.. L..f.!c....m.<..........'A...D61.N.F.'],.4....nb.H..?U&+.W.......5b.z?zz...].!Q*..+.[...HjlY...GB0.0D...q.....gs}_...s......OZf.&<.%....j.>SAw..un.M.............\ .y2a..h.A...\.....%...e.z.!.[ac.....g....*.k{zAYS.h.s!.#...9....~.^........K..0.11(.K....w....]...kM.-Y.z.&.8..eJg.\.cJP.7..}s.DU.h.<....e...K.#bY..D..:MC.UdY.grw;k78.C%x...k.;...Jq_...+.......*c..d ....P3......M\P,x.h;...s;..6.H.#:\U...uMA..........!..B..'..p...dB.....w.l...@g:....!...n9R..K...r.....~.$...\x..j..x.;.%h..R......d.?D....GNO...e.....S ...qx.">_...O.f.vO........'..4..m2...Vp..\.w.Fe9z.\..8}%.X...FB|.Ao...*.}...Hzn...n.T..+.c9T..KZ.....Io.....

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\TAWbtrt.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978145434675534
                Encrypted:false
                SSDEEP:192:SRnmbTu7YwA91M/qQJHc45xpRSyzSW2PoBTIeRJrPXI:anmbTurg1YqH+HUyWsTM
                MD5:DBBDF6D1582C268BD44C430506484A0C
                SHA1:71F52B4C6D31E537E5D2E2CBD8F4132D1E0C0AEC
                SHA-256:527F3F889AEC5A612310A6FBDD065F5E23BCFA87C3FA56BEAEF62B6CEE494A65
                SHA-512:797052A4A8995415815505D2A102971A3ADB587DDE37AF5F4966A1A34C86FE4AF5F06EAC668E200BF63CA503B4BED8722BA6349AAC62D5420FA3193BD9C6A42C
                Malicious:false
                Preview:..<.......@..y....U6G-I.hb.......TJ....>.,..sy.QLX.%.Xbb.g.1'K..x.5......-.df.S..g.ZHh....f.z..N.EE....-...5S?..K7.....K.FC.S...y,....>.=\..).n!.[..4.f``.GN.u../&.*....7.(C}....E..A..J..R.....q..'}....`.|.~.B....R......9c.=.)].7..<u.....B..s...........c..^..O.......(.MH...........~*.>......[[p.._....<..........R......(*......k..7..D.....[..,...'pG=.....$.{..K_'v..c.z/..D....WD_...|..].m.'ER.q.NK..=.y....t...l.]5.A&..(.Q..&..`...C:.:+.2X9`...t..\.e...n..idG'..h...}...L.$.^........E2..M.\]L...ow.+~.XQ...d...b.%.........%...CU.V..Q..y.Ia..3.....>s...%.CI..".:[..f....Y^r 9.!........6..H..@...7.....d.....3\....6......pNE.....=..x.`d...kb..%...d.E.N*...3=..I.f.....;.X......2@.-i..Z.*..{.-....X...C.T......U@.l........`/4m..?:....K..;...%,9....B\.. ..ww|05....~....T.<.....j....S..#.K......^.O)..f'U.W`.J-t...].@....#~q-..)A.=..t....q..ax......5fU{..?.`....>Y...!.4. ../9s.].......K.a...f..0..h.7..H.`....J(3d?K..=....3.8#;.......N..q.ui....

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\VJXD42V.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.979023980593808
                Encrypted:false
                SSDEEP:192:djeL36hm8aCs6h6tcIkUSlrhNJv5PvD76enDhNYVj+zvHKYH:dSL3sNss6dQJ5PqSDsj+zi2
                MD5:5AA6091EF3A0B059DB696CC18BCCD46C
                SHA1:463B5CFCF262B9CA1ACD8BC1F6E139F0C9CC5F5A
                SHA-256:019B8089224AA611C74F479AC21B89DABB17FF43CD31A96084BA9FC88B1ABAD6
                SHA-512:D4A88EBCE8C94C049805E3FC0E05A558748514436AD622284CB36893F30FAC7F0B227351BD56C30B93193C62051E2FE5CAEEF800E719EB089C163B9DB4CB278B
                Malicious:false
                Preview:'...L......v......K..~). R...>WL......pW.z....5.........E....N.7.....~.v.SxT.J...I...;.b.UN.1p..r.*.1.*...d<6(.....B9r?m..(.S)..6...ET.N..f..P.Z.w.t....>.......x..:....7>kp.'..)...s..Z..@:t.....".cS.I..T.&...t .{.......|..J.Rh.A..N-l3....{. P.c,G."R4.*..3....r%......h..nP.........}...E.C._....!..b.....O....^.......E..F..#..e.9.Z.>F.....8@......#..E.I.k.......)...mA....!G............T.[.'..$....d..2"`/.p..$......T4.P.S&!..yv`.0.w(.!Z....W?.....R..,.....k..:..$..6%<..9...V.s.yj.muWDo...._i....w..M.F<{.g.~I.N.N.*Y.?.\.B.#/e$.7.......~.EF.].<.<G...H,.9.|.."}.y..y]..^.P.pi.....j..I .&....Dd.31..x.....}.RcY...'......0.fH...4...F.j`fJ..1...W.U.o.r..8Z.)0V..h!Q..8..b8..x.h.r.b..@y.E.kH.L.;9....(#....7..` ..q|}..5.......;...$..t.7..uq.%......$.'..2i.VygbTe.|........2A.O.......o+X...U..X...W...f..Y.a....%...4u.5.=....i.N..QA....@e..L...6.M.{BX.......^....-......e.R.h.i...$?hwl.3.x....B8..J=.H.....8T.zC..c;.I...R:..0..Y....P.]..&.{.4..Q>.4.....6

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\CSGajO6.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.976778341127817
                Encrypted:false
                SSDEEP:192:Sla05JxqGCtmZ7LcjmQLjB+fz4hfsgAKhWVzrVg2m71KlpG:Slj5vqGdfu1LF+fz4hUagzB5k1K6
                MD5:CD81029BA158106E6537F2C632200753
                SHA1:289883EBF27C28C42E2A82CB2429E2D294D53883
                SHA-256:48BE5D397604BACBF35D8DE460715259486567471CC640C9BD2299A18DD892E7
                SHA-512:3C4D17F024646A9EC529B8DE57FFA269A9DAE4B9A4B578B50FDA67B64BBA9301DF23F44951F7F78C4EBB5C334B37A3FCB8BC9D597EC6096B6B2B4799A0400484
                Malicious:false
                Preview:......l...%...X..?.......^`(.".>..V..k...>......y...../.u..A(8.M:....,..?.}....~.....B.J.Ge...*.....xM......)..XY3....Q..@......i....$z\.|.V..A.....A,UC?e...v.w..5K..a...l.......Ne}|...O...........Cf.O<Pk.[lt..$..=.-.)jI.........UF.m{a5.B.........'.@.>mYz.%.>.%y..4.9.l....~U)./.H.e...f..e."I.}7.4.....D..^....s..a...Z.a.....P,..$....B.*.rN.2..r.0..#2..P.......;....5.}.irA)....(3.:.[...^........"......=.c&7.R+.@...:k.d\....R.....v..r9.....?PM....*....s)......{M]q:..*).r.n.G .S.].@K..8.,..U...,....K.a.!H..q..`w..& .......!%.W..'...P.1b.V......N....r...Z/._te8[.z.o/.&.Y...Q.Y....+..7I_g....9.>{.P..G.o.... +......e.G.'.v"_.=.. .....I....h....}.:]HJ).0........&2.........2...;..../j......p-.P..}.1*..6.+..).[..M..,...d..N..2.G....h....<.J2"........L=6G..Z..C4..{.7.f.H.}.....]2.JY.6U.Q`u......B.../.L....`..h]..m..Q.y. .U..rK..U'......R.LY.<`p2Pj6.....F...D.~&X..U.~em.M...H0`..J.1.sJ....T...8[...#...S..0....9.v?..B'..xLV..W2A@.....qj....../.

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\NVErKRA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):551
                Entropy (8bit):7.635072083311056
                Encrypted:false
                SSDEEP:12:ShASNtkmHkVH1hUXdZXVHkQSkhc6FpAHMPOt70t25YM6yJ0H:yNWB+/VHkdijAK6U2uD
                MD5:52E6635188DD8603BC494E29D3A8CD5B
                SHA1:7574F003501758135CC196F35977F463CD8BC070
                SHA-256:3BCB946B06D70EA5391BB2D7E3DE89603CBDCD16DA9B17B5C5D340F22246A983
                SHA-512:2EF0E1B9423329B0A00F51130EBBF1EA5C4CE9BF5EA5A0031B776BF0A324F8ADF838859023F41FFB9540A036977B1D795F70113AAB8DF4A2D551BF161ADFED0A
                Malicious:false
                Preview:.m..Wb..{..9..F..Jr.o-....+1..).a.oW;R..&..+9.u....=....o..Y.'.@....+...*gwT.Y.%e1..+..(..G.h..g.....0..x..JO..F.FS....%...[..........5$U...<yWB.i........V.L.-.7i.K..pb>Y<..=Q!E.2...c"mM.8~v&..r..Z.Cyo..;p.+z.....y|3.....`......:..o..#.......v..p.F9et..E..".(....x%...........`[y.s.....a.r.+...a......=._.%.kd..E.{..P..gJFjf..Y..AM..(E......+E.a&.Bn..H..1=.....V.\."-.k!..2@...>..1e..H4..f.+}[?..#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\2idXBvw.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.975785396519322
                Encrypted:false
                SSDEEP:192:4ETqhb22a2R4bgljw9YW7tOH3LyYuu2BR22ZQIpOj9:luhy5s1W7tOXLhCZQqOx
                MD5:2C8F595C90085879531C952A20619B3F
                SHA1:E06FB037A4F625A3AEA8DBE01B20A0B3840676AC
                SHA-256:4A91825875433C04A7B125B213EE868D8D99AC1FBA42722522AF60DE2406C35C
                SHA-512:D816293CC6331C7455CD9C2A91162D350E08DD6634891FDCBA3D47E9BDB61EB0CC466122A1B58A812D330FC3491A169625ECAC6C4E492A6494C9B65BAFEC41A7
                Malicious:false
                Preview:-m.R.1.. ....b.{...1.n....si.....}.{....C...'}...<.B3P....MD.....E......{.r..!.A-A...D.w.U.Zf....u.....Z.P.x...%..A..)....'...H.0...A.6_..&b.......9E.pr.-.<..Qn.3z.yx``-.^.'.F.. .%SN..a..w.M.......sE.jm..z.Gkx..}.[..m.....T.....yk'.S.....Hn.N.x,..$......?.....,@R..........u...cB. !!......+..;".|`..k....t#|......t..=.P....{..O8U.~..D..TIqp.$.g..eT.=pe).z.!^.3...k.t..D}...<M.xI.g.m.......2..h...[.zy..QsU.Ca^..Ra..')..Z]...%...U......#]...S.T..g...@#..Z.6:h.i.2."D.F..?..E..ha..?.R..~U..../.?.No:..rW....t;..[...qxm.G:....&.S..t..5o......~......./.k..^.o....T.!i5..y....1.._\..s.{eXW85/.....Y....Ei.{K@.."...8.,.K.......U...AL.0Y.3.0...zn..2..e}...#i.H./.....a......>.?..?e...K...]...w.'i....8.v.n.o.c.rq.. .....L.@.;...]f..*./.^.*....Wj.8q...mz...t"........Nl..o`.k.VXb|...m|...j..s%..l.......R)k.C...^...v.&....~w..h.w'\..v....Co.>*....y......#.U.e9.u.A.3f...........Y{5n.FY.+.V.....rG.....&........0f[...h#.."..4....i...u.....C}..=..g.M...B.......

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\j3ag6xD.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.97980283330707
                Encrypted:false
                SSDEEP:192:DMLdydXCQMyn5rn1zKdyoBLRzgKArid700ytmTUFDyBfNqXpffODgHqK0G5:4L4plt9oNbAmZKcEOB0XpHOEHqK0W
                MD5:26932C519C9DC1A500BA651E16BE0F71
                SHA1:83CB4BAD1CA23E870D6892FF26260F9A0D767034
                SHA-256:61635C364C43BB80E080D362A6FEC57DBB2F18F0BDE219010449DB8A559FB945
                SHA-512:054C434A9B8E82A1AF103268B61045021AB8CE5381E924F5E6217005577F072DBAB5A5642CAEA5203A772E8B3909DE172415B597B5A1F6DE40421F2813DA1EE4
                Malicious:false
                Preview:.J~..1.7..acTJ...M.}m..X.:8.......,f.H..{..S...W.XD.l..s.z@....+...<.<#\...>&|.1.a1r..X.....gD...X....N.i.3.\R..".an7.7%U..\.&..^........0.pg.g..5...H.G..i...zc?L..n...=.?...#.[{.C........FJZ.4....b1...T..e.@...N..5..>....#..W:..1e. R........7e.zK.7.T..'...FU1.q...O.!..m..DU..j..H...F.u......)..N...n...8...g.^J =L../.......Xx...m..G....E[...R.... ...,..Df={.D1.N. .p.......Ha.E\.u[.&.H.6.0F.g.u.M.."...o.8..Q.tYk.<..!..8.dP.c...K...H4..I%..,&ei..a..A..?....z..f./.j..2........`.K;.S..?..e.V.F..=E...+...-..'.:......wvJ..Q=.8._?.X<..f&F....C.`..^5.J.G.......biQ.z.Z....g].......~..m.nv3V..."...c..y..I...............G..2SQ...z.......w.u.T+.{...nt...n...{....z.$..O...r.....zg&.(...y3..S..$a.`f..~..W"m.v.y'+57.bv\....C.W?.b3=.0..Pk.8....U.;...x.t..b.y........J..*...$....{...{.. .....L......!.H..03.6.j.eo..3e..}^.6....s...E.*7.H6M.r^...[.]......K.._I.......{u.2dy.z._T..(~...8.;..x..T .r..f.i...AN...`.......^r..A.b.Fl..=.[..w%h.....o.g.>.b.&..B

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\po6ONlP.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9787276612485885
                Encrypted:false
                SSDEEP:192:mge4AESbWDbo4wwRLHtsK33iDQDW51YbGhdUnrG0ykhfjo:rPAEzbCwNZ3W/51YShdUn5ykhk
                MD5:1908FC6F63B084F07046C608300188A7
                SHA1:31F18DC0C45CEFE4EFE63B9C0E5687B59D417D48
                SHA-256:DC929C352576A2A8914DAD7AEC08D6A4F7D55EB11667FF355BC0B3BF33BEBE42
                SHA-512:C598F8B3FD04A54BD55E94374A5537CDE71A7A6AE8A93E4EE1ED0527CCA58439583C22297DB63943225DD07016BE288DDA21C9FFE53AC19B8FFEC6A2DF8A4980
                Malicious:false
                Preview:M. .T$d.....y.r.#........"....|...N....g...K.".y. ..*....i..DO.Q8.BE...1.........aj...;..Ec..&..!..:.j-?.{3.`...|.^.....#.......A>...u.:.g].q[.6R&.&..-.*......re.FIB+......q..V....d.pjN.w%8Zi.!. ..If6..".Y3..O....:.J2.=....!..x>....o.iZI......<\../.0.g.......j....m0FZ`1...B.......$...4.d.........u..PA..>Z..~..E.`X!.TA0...q7...r&..jz....(b..dV......C.;L7.../.G.L... ..>..............I0.D..6..V7.......Z..t..[.......!.%.dDkH3#I&...rX9..l..9..*]...CQ..D6..];..Q;Aw.H......M.~luv%C.C.F:3.vZ..Z}@.K..S.D.~..C.v ...g7./P.w..Bz.N.....E&0.+.y\E....D.0..y.y.f4..u.....7....FF.e.'W...=6..:.k.G...)...s.A!p.~>..3..gm.Gt...A....(..r........gG..p..G.^...W..6n.t.]..J.......M........;....Q...].m. S..x .R..P6/S.....O..Y...b.Z^...".r.....-j&~...8.N...E.\.$..@c.7...:.~..6:....;L..f..v.8<V.....)v.A......'"!....9=W<.-...](Q/hz.P#..?b.|.#.:...0.N.T....+y...rQr..n....w.x.2.#..(.^_.S.b6.f>...5.e..R*...n.nF3m........xy;..Q.Q.'..^.._E.<)=J!O...&?...E...F...n..

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\V9P1efu.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9781315408986835
                Encrypted:false
                SSDEEP:192:qaA+/829Fb7JbRRLw4pd2AfczvBiSeLND1vpMKeCMLq6oiz:qaRLRfczvB+V1h9xMNoA
                MD5:CCD4C31F5AB2B2E6C6BB801C6F0BB817
                SHA1:30DDE3E6FF723FCF4CCD3227240099E4D4853B3D
                SHA-256:440BC4E722F8F0C6E7420754C89971FC586522908916E8FA5E398AF478AB7A76
                SHA-512:674A4E5CE542374886EF03392EB0143AF3DA3C2E87ACEB6039E276F2DFED3D979C8DE17D86ADAC65B241A2D312D7013933A6718AD5F602A8FB3A0688205ACE8F
                Malicious:false
                Preview:{.y.'..0-E..KKY...xg..+.%.L.Nr.......R.M..X...0..zk..n.4.e....B.e.Ew;..._5f#.."]<.....I...,...;.Ja....7..X../.\'...<...i....Q.%rN..]...n.8........f .4..`px.!B. p.nV...K..iJ5:.4.M......2.!......Q....l..~<..h.A.....-...6Q..7h.qj-..zN...].n...d.Z....Y.I.a.xB....G,uw..|b..E.p!.....Nz..!...|.O...\...?M....4.>...T.+. .Sz....r.Q.)...Oo.Ea/N..%..A|.....[.(..O..$.......;.X...b ..=..........|.........5.J..>...O..^.(.Z]..$..d.gS....mG....B-...........'.d..P?..].4.q......v...ARw........y'..nI.,....e........e. ;\...I..A..;...Z.n.pu`..)Q...gu.e*>..5....t...@...(E@.../Q..(U@..,Y.!......%...k-...VA.........6,..n.4.....{.{...2:<.|......4....8..%._........!.....`..U(..eA........H...'...y.yrp..N8>.I..v.'.cy-E_C0h..}.Oj.Cqn........7..=z.e...l.u.?GFnS..#..M.)y0F.a.#.#........;s..@....-...n...........?>.cGo.|5......".a..va.T.F.<."v.L.U9iPq.1h....U....(S,g+N..*..$...e..s.....e...Z.4-.@..V......|]LlU+.m8I..H.,....{....4...).ZX......Y!............("}...

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\5TxXtv9.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.98251454097557
                Encrypted:false
                SSDEEP:192:0eBJsSj9Qua08i1IBqOo10gYo3t8xxjcdBDY+ocF+:hJ1qe1Svo1nYat8/Ki+I
                MD5:B95419E5F2F78E1735BF07E960CC30B1
                SHA1:519ED4427BA48F4F7C63D7C23819550289A83D2D
                SHA-256:C094D0E169AF6128EC99A59FB26DBCFC660FDDB49AACEF1CE2A70403E5DFBB5D
                SHA-512:074F9272BFA281A160F239C52EDB3BA9F1F14D5ED2473345D7FCF163F638FD32BAA94A6E5776C514D6A07A3F0430AFFE64D732392AB266143B8776E48B7F043E
                Malicious:false
                Preview:...hp.RS.h...^...8.......t....@.....b.o.,r....M..^*.:.tN.,..fI..%.(.]+.....Z#......r_S0..@a~..>....1dA..f.P1.$ 8!>w^....m..fc?..)l..6..5N.*..`g.....6%&9..w.....H.....z'.H.#...'.............8....>..8.r..qI..r..e./.}.....(D....lP0..&.y.%.G.Iu..$6.!..i.S.\.e...%.../.....Q..>.p....S..+g..<..zC>..j-=@8.2...M;..e).9.p.........&..e.O..r|.o.......Dy.f..d.h..*].q.<.I...\......j......j.d..%)..y.\.Y..k.....z>...t.3....i).;.-....W~0f...)H.........n..4..k.h.E7]....>8..p2.*..`OO..........-..!..?#....s....8..........h..!...n.l...~....Is.t..e...}......b.....fBw..............4;|f....X0.~G..mo...h"o........_...Q......I....@6.9...p\b3.y@..Y.../d.k.....q.6..;q..<F.......d..G....U^..Q.1.t.;l. ....u......:Zx..QM....A......*S}5.R....g..?.....p.q.G...[0;+...OA...(...d.B}.g..>.TQ."..nhM.}...S0.~KC..&...IV.5nG\i..=.N.7...t..Ps............<PH......b,...W7.Q..P..K._... (....T....../.l=....[K....7^....&....b...X..6.j..>EE..=.`...3..T..tu....H.9..y?.;...d....

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\11uQFvi.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.980619934602641
                Encrypted:false
                SSDEEP:192:xYtmJNFpRZILLyo1KTT6eYbZWG2rSLKXHzCHmYUH3rIq:YmzFpQPyokXTYbZWG22LKXT5THP
                MD5:17E98059FF013EF75454DEA3F6C865F1
                SHA1:8CD2ED2F86CB6CDA21535D9E3BCC1AF7A20C355C
                SHA-256:88936B0942B9FF69D7EAF7B4390C125350BA50C137AB659AEEACDB8694CA95D4
                SHA-512:4155EEA2C5D8192CEF1A5ADCA3F6B8D4836615F3DA7121B970F7433EDC07530FC2A84EE186CE8AA3BE894EFEE0E058D7452BEDC76754BA1164FB5C7D0FAF75E7
                Malicious:false
                Preview:...) ....G...Idv.]..fa..oQ...@*..L.+...._.8.. ...:...Z...J....)...h...e......X......K.J.....H.U.2v!K.<....x....`.....R..N5EA......Qf.;.G..Ji....*...h.)........;.B..4..$..a..=.X...S..j..<w..l..h .77..G=.)_X...../..q.".N.6O..,'(....),..S.<..z._...#..t..]f1.rO..e.....~.X..+.CU`;...=.H..a...g./}.h....F*..Y....@.i...U.....~*2i.k$e.^,.Zw...le<..a.....X..@&.2....A...,....:!9._..-...g&Y..`..n4.8......F.7........v .k8=L......>h...ZKUE....Jf........7..n..s.cv..S.K...]..2.$.....>..!.5.$s:..&.+(9S.'0..Y...3(U[.t.>...S....-....GAG.=...x,$.=]..w.J..mea...x..6.... .c..d.4m.J..'...... .r...T.G..B..5...!.x.y......%Y....y..d A%.O..=.`.k..7.....#q.1(_(...@j'`;.g.W..<'....r.t...noj@4.>.I..[.TvH..S..An.5.^..#...?.QF....Q.k...y.>...wY.........................P.....1......q.j.usRn..vc......q.....{...3t.kn\.::B......=..|...~.4C...L..x..3k...?...+.A...K..A.%&.YS....x..`....C.....2.*Zt..P@.w.Qbt...y.....j9.........4g.Vc...k.s1...NI.J.:....?.BBq..fr..).

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\GvprMhN.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.978136101624846
                Encrypted:false
                SSDEEP:192:lnU0G7K4O4/CYcK+DSKDR7+ZrdP3uAcz50qYSPMewj6O5/KO3RdRl:ln5GmSzYSPJeAcBMeK5iOHr
                MD5:061792E458F81426AABA666B1D759E09
                SHA1:3721C35E2CDEF7A01BEBD057FA62AF73CDCCE622
                SHA-256:BC732554657AB6CED4E93E429CA6671891A3F5D62067A0B9AFEA9E2E4CCF8B81
                SHA-512:F79632E2E58256E63F789BD4335C2A01C56998AFFBDDDD85AE691CD1F1BA3F8951EAD03CBBFD0635E605D3CE883D377470436E79C34CC6C15C317DA6E7BDCB82
                Malicious:false
                Preview:. [6...]J.Z...tc*....Qw':$h.t.....v..nuZ..T.).._B>6.j....<....B...B..U..4.9lv.2.2....t....dbI/.....k..3.hj.sy.-7]v.b_..=..+.tD..>R.$.`..Q.(......(..}.'9....$...L...b7.y.U...Un....^....U.....R.V*.....Y.;.SE.6.T0..h8.t.<..}x...<E..z..C.7'..........iO8.....0L..q...).Ns..#..N....`.Qg .p*....h..T.C7s9I2....m.0.=..2...Y].H{]..%t ...V...._.y.f..A....jGr.=.Z=..'|.1_..&.AS...G...=.B .....3....~1|...rG..wel.$.kA0..*k.F.._"&.Bz..wq.n."r...~9...X.g.."N......|.........Y..w.x...P.I`.I....w.7..v....:*..?..&.2Y......l......."...q~....D.W.g$.......8..".Uh...1.+ b....Do.`.i.K..t...5.f<M9...........ASR7.:..t.R....j...?.$YA....i.X.....N.v6L0>3/.._.c...qB7.K`...{.D...S5[......".I...M_..VQ..gcd&.,i.....J0.NI......I......c..W.3....}.HZ.[Q;.......*!.cSk...*... ..2...A.....!.">.e..:;.x.EV.^..b.....N..'......;.....<m......$P`......D9....a.-.}TMh.zX?......>...+........c......'.....q.n....4-...3be\...c&.A*.....=5....CnTD.s.Q..~.UOH17.nG....-.y..*3.T...3....

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\eE1bhHz.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9766542313565365
                Encrypted:false
                SSDEEP:192:GzJuf+E5df8y3Q2VN/Z/rty1PZ1XQRdJCtzGoD4ocSCp0G:GFS+uky3BxRs8OVZC1
                MD5:20F8FCC70877605210C74E6E3A417421
                SHA1:2A5CBB2137C98F5480C3116C9CD497EAF0A6E654
                SHA-256:A1CF1099ECC28AD111DE73C0F7EF369C635036C2A3D92AED6035045EE6E7D01F
                SHA-512:D3D1C98510B044F76B346310F55A16BD1BCA2DB5D0757DB8DFD1178ADB04F3104DD4178C9ECDC24459B7AEBC1BA02585C3D0D192278D93E4F4A669E9F07741C4
                Malicious:false
                Preview:....-...m\.#.....H......{@q....n....M..h...m.HAfH...t.....W0.w../...*.?E.U.r....O..$:.....;..].46M..\j..7..5..E..;...j.e............E.#.......>.Yu.n..C._R.Rp...O.x.Gyy..&.)....C.......l|.Ygju.....vl.Bg"...Y.xd[.t..gE._j....u.^:...o.M......R.....L...Y....O.....3..X...P.._.I..tl.......)..<.v{U..=Z[.?_g..=..Fj\.U.....[l.......z...I..L.*..?w.=H..Q.V.^.6p..%A.Q...?...:aL?...pq~3.xu.'..{.3.....6....4..S..Y.<cUK.........u..\.$..a.8fk%A.U...$3.'....d.0..Q/.\....F.0.>..G.p.u.^~....ta..E........N:....@..r...B.D.U..D.^DCq.A...o ...p.9.dA..%........#@.....p.".<F...A..)B.n.n.lM....u..0i..5..p..0v.....!*..//m..F<7.ZJ8....bH.)........"......P..v|.p...M){.=.%...z.....`y>.".woW......{..r.4(f..~..1....e.......S.v.}..v..f.c.\j(...}P?1...N....%K...g..s@...I..x.S.D6.?..n...sK.C.h{I|G....z@.d.7f..f.GY...kz%...d=Y....8..p..TD...[.l...8.cBh/.*...+.Z{...8."..M) .2.@/Q.c.9.e/>.n.w.[e..I$.*U.t.&..x_..0...B...E.[8S...PYLFi,.f..xm.,_|..3...)h..Q$.I...zjQ.N.N.......-

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\ByopxnD.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.980256582047337
                Encrypted:false
                SSDEEP:192:MOcpUmos1eI0ud1g9gqAO6GGMbZ3d2MV1qFi5uG:SUmPeIDiyBUGMVN2MV4yB
                MD5:86C1A3F6C6A27F4FF67BDEC9E3F5FB99
                SHA1:2CC236024ED4561106DD1B561AC244E22370727E
                SHA-256:2A4717544FBD703E342BADC00DA8CE07B5A0AB5717301050F69B910EF301FE9F
                SHA-512:495A0A4E578CD36C3D7C462DF05E74F2DAAC1B30555D462F2675002BD1A0D3C2FBA68BB73B3C50D49A6789FBAA7759DA8BE1EB697DB72525448E71D6885E9D5E
                Malicious:false
                Preview:..o...xU.j"......._IJ.......OI........j..w....s,B.^U.^..Mc.}.Y Q..T.....2R......pr8|..BrF7.|].R.<'.y.W L...:..6.A..s."+..... .w7.A.I.M@O....U..^hl...d.&=...e.."H....|..o.....E.;y.%.....`...-....d..'..N;WKb..........4.B.9x.q.#..b.+Rg.3...*..>.A.k+..D.G....0.[....{8.'.).L.8....!.....s...wa..H.!......eRd....._.cs...@..Z,xg.J..%'.%n..o,].gO...\P......^..S..y%nM....J|.*K....O.I.....WY..9.[...+..[rp.....^K.=X........R..]+.._\...`2..hd...&o(...LUL.H.^&/UW..0 ?$...t.m..4B.....zC.&.U.s.bc@e.t.X.M>b.t~Y.(..[b...g&<..$0....n^3...x....M.`.V.(...b....7e_..>-.M....Gf?..g../.sD.a..9.......4..S.I..)+]).{...k....b.Y.h...h.$..0h..Y.!.O....4..6..@...seS=:..k...i.J!..<.....-...&..n#`.C.PkG@?.2.`]N.C..U..).-..o.+.....r.A...>L....Z..uu....K...&U.0.:..,..(...p...*....C.H......h..$67+Em...p~.2..V..*..,.vK..oy..\$6H....J>.....W.....U...Iqu......KF..:.g0....o;..k]J....4.R...3(t.T._.[#.>x.E_...i.l...2..a.kX.....l..}.I..).;o.#.+......x......Q...m`.v^.;8..O..v...

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\GS28BsA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.98049704218379
                Encrypted:false
                SSDEEP:192:GxhbB0gIOwWxflcqVgWYgNT8HmDZMP4W41gMYk7aaWYkv:GbqYdflcqZXbZMP3Vk7aaWV
                MD5:F45AC7276DB5FDB26123D3009EF201D4
                SHA1:5BD27AAA6D8A25D942A87D02E7C154DA33D4FDCD
                SHA-256:B578F56CDC019924CFF4A29D57EBACAFBB1998D6DBC14F4EEA349A7542EB7D42
                SHA-512:F97E00628F98414496CADD3469D2B8C3D9AABA9FF8E1E45348F595C9FF0C3D8C036236117FC76869162DF64A1C7E4E090DDF7AB72A2FC14F3DD9A88D9CEE8317
                Malicious:false
                Preview:~..|.+....r~..{E..4g....rj.i.H/V{Q|.Z\N.j.b..F.;t.....x...jB&Z....v.~`Q.voBVfL.|O....gO.3.U2...L......Z.....`....du..}.Ut....N6....v..<....T[I#.=L......t.y...UC....G,V........;].O!......$,9Dj..@`>L..u.u.Y?:......@....$...x......c.-...{.AL&{.h.K.6....LF.....U..9(.>sg0Vta.........>.(......\......ds*=wq.|.......j.l...........&.*.Vr.D.....B.....p......{.......J..YQ~K...."!.[..t....[.I........9Yd..#=.[...Ar..<.......)-R.Q..Z......[.O..vnp.....'.,\M|..o..L..B.o<$h..9..GS. .."....{...:p#....J.o.....0.....y...N...J.\lzkL.2.,.,%G.-J4....}......q:....^*...B..f.U=../.$...tu.W9@Ba...<.Z....m.G...]8z.Zj..."&..>.Lc.G.A......6.*.u...vX'.O....G.G...N..!...].. ....l"I......r..?.y..FO.[...ml..]..8......,Lr."..3.....". ?..Q`......}...]Tfy.K6Vo.W...{.....l..m7.._I.Z.2>K.`.c.o.#N..O^.R..0....ZoD.i..{.....(..#...= mR...V..)..d".=).l..^^(R....71.....P...}.n......t......w...7..98?...+..B..........h].;~$.b4..+r.SUAgK...I.N....b..o.fns.......V..}.....w...-.ND..IN..

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\9VtSRuN.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):8431
                Entropy (8bit):7.9782420510871965
                Encrypted:false
                SSDEEP:192:ovQu0+1VjI24ZPcXsyqrRbTNIRHM8j647zKpgfN9AR:wQu0Oc2r0rVNuM8jfzK20R
                MD5:63D585F98C00AB0AA1AA318F1ECA8224
                SHA1:FF5EB7464F619A5EA0987044AFEA634BA2D4351D
                SHA-256:9FD0DFFF456F701F0A681240372B3004668F2FF94F98723926CC28E0A6B8A85C
                SHA-512:4A1CEC0A213C7054CE125FE50449D8178A3D001D42C65E2C14209B1BE8696D5C86E72E84D9702777C1547C566F5833E41649CBB6DFDA8FB614716E838BC9AF22
                Malicious:false
                Preview:.......%F..Z2....i.......,c.l..vP....U0D.S..`t..CH.^..[.@MM..$.uN.FTO.\..W..n.m....x.0...T.9n...?...,.z{.. ..,.W]...~eb)...M.Z.t..ka86OK.0.c..c....Kk.^......P./wX.UR>..w..Z]D<.,...m8...*..+!....\./z..s..{....Q.cR8dZ.8..|.dtil...}.p.p...x..&x...E>....kD.[.pNq...!.*....Q...@...%'q...>._.4e... .a....a.O.\O...P2..Y..6.2...j4........;.......Q...F...b~s..V.5.%H..#..m....i....).h....<.H../`n.FG.Q.\W...2&.Q%.`...C~.T.Zv1...S..LE.`.]h..H...xFS.....49d.K.....lg//.d./...7..nI.........P..l...^.v.(.J..tB.i.|..@.4b.a.../..!...e..h8. Zh..!Mh.x.un.}.)...`1....r.h.....4Y.."...^.H.e..{p*~..U%..:.-..I.V:L..~.E.....V....Q..%.R@^.'.h..<..\.y..O.u......[.9..X....C.G8%..y..~...7.....7.o..j..u....7V ...O.R.D.b.)5...P.03*G..........Oh.{<tLDU#...........q....?K..........H=7WQ=6. .&N..a...9.3.....f.R..Y.j..+..5..........|;2.........,{..k..q..=(...<@V3...dy..a...w......D..Cs.%..v..N..5...M....3...........L~.....1..&+...Jk+.a.@. PMi./=b..........9.p^..f..2.&d..Q.Fn.

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\PeerDistRepub\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\1h6eZYx.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):296
                Entropy (8bit):7.314834257561987
                Encrypted:false
                SSDEEP:6:UKsmWS9NBWzI8L9gSr0qxq7NDarBv4sJakyHDttjL45YM6yJ0H:Km5B85gmZq7Novt70t25YM6yJ0H
                MD5:BEF38985A46881A3CA5BD3A465DCC6D2
                SHA1:598D902640A281ADAA2EF6089D94F6762D1FA0A1
                SHA-256:701F37DF5D49E23F82DB3DF70E0DCE514D6195AB0292823C5411DEF8B5554DEB
                SHA-512:6A385B8BBCB275F41B8FE6659D64FD62B411C240643EC4DEA8D10092EACDFC66B94EAC4C67B0451B1894376C7AFC224131C2DB3E065485234080B3F8D0A5A634
                Malicious:false
                Preview: Q^..u...Q+.&.1..3..t..$.u..|.VK..)4M....,.a.e~..C........5..0...(.2k..3S.o......a.....9....^..\.7.cZ..q0....O.0.....3?.%Z....A...D.z.......3.<.k......>.._l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\UAwPyP5.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):266
                Entropy (8bit):7.10241672865959
                Encrypted:false
                SSDEEP:6:WO6sBAE4jQPe8xRvhEwgqzlluV24sJakyHDttjL45YM6yJ0H:h6gARcPe8xvEVks2t70t25YM6yJ0H
                MD5:A141A1462792FB3183B8F80B8097FE51
                SHA1:62D684B100E0063DD57CF36DA14E2A86B2D872B0
                SHA-256:65E15C350C289C2087EACD578580CCFD2FF16A33D98F295E7095F6147D0B94A6
                SHA-512:F1573FAEC681F270EFB94708749CCFC10FFF3596CFB9379881760D98EA876070CDD6DDE5BDD17681820FCE06B4B89EDF36FC9D3994EFE8419E41F46F33173D48
                Malicious:false
                Preview:..\i....Id...6m.......+......%....qu#i2v..6S.o......a.....9....^..\.#a N...El........#Vh....V.....uI........8...C..F.&i..p55..l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\x3QmxT1.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):256
                Entropy (8bit):7.241000927641414
                Encrypted:false
                SSDEEP:6:KCYZ86tKwprxZ58J7JtvLkO4sJakyHDttjL45YM6yJ0H:KbZ8KprxZONvt70t25YM6yJ0H
                MD5:A7299911E13ACCA3D6A2FD8F29443081
                SHA1:6278B62A2042DA985255F31B0A9869511B17FE5D
                SHA-256:E5666B621DDDE2B28229722C50912F08A503A524318BAD7ED1831EC120416E8D
                SHA-512:6C5651CA14AAE2C9AE1B938155EF9DC88FC3467E1858158F6191A39ED876D8D8995377F8C5E031AAF5FDC02EB8E8B59CFE5B5C9CE5064099D100A8A6150D877B
                Malicious:false
                Preview:.S.A."..[}....3..:.J......%....q`/.<....E..o...Sa.....t...k$..w.)d..Zj.........F.'..;...7...s/rK.)T.r...jr.6l..".1d.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\0t7Azdv.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):509
                Entropy (8bit):7.572523340387282
                Encrypted:false
                SSDEEP:12:YM7zUmSmstnLwc+mqiF32r2PRCxbOWoLD1t70t25YM6yJ0H:/PSmstsc+OFExKDU2uD
                MD5:EA9E9810FDB6AFEE07DB06DDD897662F
                SHA1:5C3A7AEB4CA33F1098A33E6B1B051B0D61BB3D76
                SHA-256:59D76C6BF92A3DF0F335514E5287771946F53C9BA6BAEED34EC107C4424FBAFE
                SHA-512:4DC5A63B1774ED5CBDE983FD212992C934AE3854D6494BE5720867F84AFCAEE7CD297F933FC3C60E8CE2522408DC380613367A918872BD5F5859948B39CA7350
                Malicious:false
                Preview:...6...f...N.B.,.i*A.q.$AYqH..^.U.m......uz`.Z...B.....q...~So....|.(L..3oa@c.<q..........guH....%...T..".%:.V."..Hw...>.....qU._...}.H.dv.+.Hr..b\.|>.T.....,.<.7..wU..pa..:.....b...P...?.&..w.gp.?u..b*m.m...;.. ....XRo..M..]CvH.`........}.$h.A.....4..i|lzI.RK..P:..O.i..Sa.L...9....]m....#Z......qJT...4......s..c..gY..,3,.c.V~3.6......A.f.......5.o.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ka0jh48.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):24396
                Entropy (8bit):7.993177404285944
                Encrypted:true
                SSDEEP:384:rc57kuHtFdAWG2/DEYRRbVgzzOJYsKQ0+wReb90jAI8X4XCa3PTna5CfjBNON5v1:cku3KHcDEwKziasqRi9bVWvTaILnEsmp
                MD5:25E5BFB62688727A928775F2C7CA73AD
                SHA1:0278D48A9B53846154ED2CAE58B9A2378D43F066
                SHA-256:4A7C844B0883B5431FDB0951647223DD27542321F3328CB62DAAEDBF75247E24
                SHA-512:ED91DFBBFCD4CD0E97A1A08E47097F1B14698F989543C79F4B2448FED620B75BBB371EDEF857F041DC4A16BC71C58D6B23074B1FA8D61CD71AF46EABEBB0E488
                Malicious:true
                Preview:..[Q...!....*.0v>.@.....c^H.."._..{&.RRUmC....../)5j..0Qc;........:$....2...v..#^.3..J-..*=...2.X.W9.~.8.{v.)r.AJ]LG.K.o...{l...n.`4..}..u>lR#..:.A..V#Y.;....Q^_{..B...4....@../6.S.6.v.D\^(..s...R...&|...R.....u0a.T.i,k`(..<.B...b?..$.$/G..h....H.w......u....7.Ennh.:......8.......vL.."5ri.U..{..kYx<....$.msL.SG.4.....:...J*;.....$R...{n..E$D.n..Ua..l.m.F.p..^...f...[+rP.E....>..p/..U.....Yznk.8NA*t....f\)...|.E-.....)...Q..[.13,./<C....$2_.....,n......:ly........%U.k.r.8.....mh..p..p...L....}/).zY.....L....=m.%.eF{'..sc`.......*.W-y1.E+..F.....I..G..L.......@]..B.&-. ...?..B.....q...u...K.H.K..V.f..M".<....B7....x.]..SiS5...Fg../y.t..Y......Eo.D.w.W..N..{...o.........t(#.ZX....U..o..[qqQ.`...~.A(.v..H.q....|...Z..>..g...x.De..B.i@...B..].$ZW....w..H.Z0o.p+v.xx.....ED..v%...|.^T.VOm...3..{...........jY.9.+_./#...6.h.ff...`.>7...F....-.}i...+&.wA9l.a...I.A..n......v...Dh..6G.6D........C....I.{... 0xI6_..w....?.....K....AT.~.}.?6X.i._J..4

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\lUqv9tU.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):10483
                Entropy (8bit):7.98333637656405
                Encrypted:false
                SSDEEP:192:OmhZurpu4TRDdwOlR7qwxEyJy0uS3Z1plwde7nRr+vZ5IQB/cVdNbrniZFrgR5NG:OGurpfThdXlxqc7Jy0u2v4e7nRr+vZ5X
                MD5:37C8030C519334183C59B18605FDEA39
                SHA1:C9D4430CEF9B4C35CB83C096B0478844A8EC1ED9
                SHA-256:9A201D72F83D7830B85AA0987AEC3AB146C9A18AEAD58CD35E6254257BD23F84
                SHA-512:C736737DE728D7663E7C16E08FBD26D127AF8A350ABB4DB856F633F59DB966A6B5E039FD63262669B71801700B4C4587728294AB8AF46F6828AE0BD31596D0F6
                Malicious:false
                Preview:J.d+...`bM.9....LBR[.V..z"..b.y.O#}..m.?&.#]0.^D.m,...W..Mv.S..Z..}...<...........M.yXb..6.G..."[_......3.(..C/d.:.b.b....ml.T.5..\.[...,.<.....K.-a.`...c..X..#.h..-...S#......t...7^1...i......v.M.tr.-&..u_.+h.#..2.%Rc.f.v.i#.r....z..i6...79......>w...N.....a'...&....I.Cb^E.TyP-.~X... D'...i...~Qz....n.SK5/...U...8o.:...+...A.o.d&....M2.g..0O;.#...r...YS...p....B....n.j..)w 9$/^.^>.R.._......>...Qw..o.../.Xa.&|TPQ.._..T.P~..F.VM?...P?....B.\.q`h.....j?.Y...]...a.g...!'.y....Qe....2.,..7....O@..9.G..J.....(.7.O......L.....x/.g..1.j.<.R.e.S.(......+.9.#`..S....i3..ag........Qn.C.F..g...}(r).\...0.xT..u.....{,PDi.@n..".D..=..o ...Lp.....Kl..(..N.].5(v..{..........@...N...}'.X.-...Q...(......-.U~.D....d%l....w..c.MU..F.&U....@R.;[28.Ou".q..Uk...^...v.A#R...u..g.j.k.ZX_...v*.+......4.Q..>.v.....e.wR+xK.k3..C.I..s%.>..H..p"...O...1.f.py.+..Vc.V..........p.\.-..ih.j...M..ca.F.....(.iZ..F\Wg...1z.....-...%}i3..bhC..Q-.&M].|....w....

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\cYneyUY.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):274
                Entropy (8bit):7.254387865821559
                Encrypted:false
                SSDEEP:6:9L4LAmox+HuNmZ67KymvF1HYDynLwNY4sJakyHDttjL45YM6yJ0H:9L4LAmC+uVDm91fcNYt70t25YM6yJ0H
                MD5:73321F2C7B8D5EE65B1E0CA9B6F632E3
                SHA1:D2FC04C0B8A072A258B70DA287F217002FB8F2F8
                SHA-256:1D68341D565F7925600B7F0965F3FA3EF5BEC13090799B839416F065028D3F64
                SHA-512:201AAB1D6ED2839512092CE10FC0BA3B7DE02106D866B4666E1F97869D617B418870FF769A058CBCD541A278D8535143FB9ADE6C1D13CBB1422DEF652DF0C4EA
                Malicious:false
                Preview:.. R)....z.{.p..ZzP.O...."._..r........(....+u/a2n...E^.o....Sa.....9..k......x..6..%....|..eZ..}.Q.\<..LlP.Am...Z.ef.e....m.H..sfh.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Acrobat\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\CRLogs\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Flash Player\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Headlights\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Linguistics\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\LogTransport2\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\RTTransfer\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\Sonar\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Adobe\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Extensions\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\3rttiLI.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):267
                Entropy (8bit):7.265030283705458
                Encrypted:false
                SSDEEP:6:yVMHu29UOvpX24Csrj37M/a214sJakyHDttjL45YM6yJ0H:tUmpXLCmj3I/j1t70t25YM6yJ0H
                MD5:3D34D5F2D315657A37778A712BB3A8FC
                SHA1:83E39F5A075F14CF9C6484A6B12DC0C306A80340
                SHA-256:20D4E861449E5CAC996A871D9FFC4EE205B9CC9D5A03A9E370689D15519A7CEA
                SHA-512:CA988407C59F88C26C61563798265A5D62573376143EE5EDEEF45B0914CE4F6F044EE9BF428E595817DC19A3C9ED14ACC2147459F9D325C5CBEB85A4C258EDCB
                Malicious:false
                Preview:,"..7.;.-+.....3......(i2u..wD.f.+...d.<."..P.:.^m.k..r..P..gJ.%%.^..-#*>.rL..S.F.>...w.....11w....>.N..uw)..:b.o.:G{S...PmBW{.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\6VuAN58.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):407
                Entropy (8bit):7.52405917087955
                Encrypted:false
                SSDEEP:12:0gG7U3i5MDAyzBZdSCBcw+3U1gUat70t25YM6yJ0H:0gG7U3i58JSP3CWU2uD
                MD5:875C8799F2551AD45D910BF64A81F872
                SHA1:0C778E97D77AA17F9C353C1C250464C787AA792F
                SHA-256:E8FD0652ABD2640FFE18974DD5521E102A8084FA39CF9E9F8C890624909E2E36
                SHA-512:7ED655048822DF467AD106633FDE61999F0BEC7FEF4C7DED4CD6D65F346D4DF6E246F0DCA17C0E67030AF54D133673038CCEC8BC64ACEDEAFA9D31C241EF0B27
                Malicious:true
                Preview:.&z.t9.K,.~..w#....^.._..}0.S..F.O....k.H.,......N:".......^~C..i.-7"......|..I.Y,.D....o......C..!......N.?..Ac...V...8..J..C^.(e....|B..+..K.......W]....}HBk.WX.6.3t.y...kO.`.<...Ma.....9....^n..kC6.]~E....@....r/.:.CP.....E.R...t)&..#P.E/........6K..1.....sXHp.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\MDcpzUE.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):288
                Entropy (8bit):7.282556447657656
                Encrypted:false
                SSDEEP:6:01BQEaf1AgrGLtpV6aF7kE4sJakyHDttjL45YM6yJ0H:EqVcteEBt70t25YM6yJ0H
                MD5:7BF340EFA00959EC9C0D9A6D9A644097
                SHA1:F8128B536A09381541414BB526F90AC868EFBA2A
                SHA-256:19265D0C79FCF79101DB3B5A50E5AF705A7357ACBFF1A91FD4D4327E7FCC3D77
                SHA-512:D1F6410B5C0B2EE14CF41F112FA1D94616DBEA6841ABC6F90049CDEE60C4FA7816F86E4B74F6F7F9EBF333AA08D8EE295703A77840297E88B0C2F7504C7BE12C
                Malicious:true
                Preview:.I..8....R-.z0...o-.uz.:xC.-`YT.^.......?*.'.D.>..}.....Ng..n...I.R...PH.o...Sb.....9...iVL.?.)./`.|<..5..k.t=B2..T.4.S.(.,.....EE/#..L..RJ...c.4...g.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\0SyGSJH.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):4444
                Entropy (8bit):7.959791124597598
                Encrypted:false
                SSDEEP:96:NsvYr7WuqQp2esYDdlf2+XOKevvUjg1VJ5l/0hLGRyYmA9:mvMD1oNgj7XDysjg1jqGRCA9
                MD5:FCA2664406ECF9DFDA3D23EA7104E16F
                SHA1:C88D4C044188951DF0915DE817DEDE2FB7A1171C
                SHA-256:95518AA4D8B5498831171122C2065869AB266685009401EDCE7AD5E2129709CF
                SHA-512:18D5F12AF61F9EFAE082C28AF56D415DAF1AC0F6DAF30F4B8743A4D0924931552C119A6B3F98DE5089C73F019A7A00F9256EFDDAA0BC4CDC2A5D003F5FE61068
                Malicious:true
                Preview:[..@^.......B.P.I.....u$.J.6....x..$.t5gp.I.B...k.v.I~.AiV....x.i/.9K..>K.YM.dE..7.!k.7Vt..>..:..N...Q.....7...i`.)..9.B.qY9(5.a....4....#8Y............1V.|.......0.5...... .....0m..i.uLO...V.e..3..Bx..........BAG....9....R....]...*.E7M..+(.K..#..7/..G...Q.{..D.<,"..i'......\*&.S.... ...h.^{7............'.aE.:Vsc.5bV`.7..UK.8..8.lH.9.W.....<]{5......n.'J......B.o..9-&..c..f22....k*.jZ.....B....^..T..Sb..~./w...;..m...I^...........[I....q,p8...;vX...p..m.y.9X.yP.....2.P.....Vi.4.......6;..:.."6b.Q.OH-..49.<..a.Q...V..).r.z....nq......U.t.......G. ...T...B..D}Ln..:..I.v.{n!....W.dtW..$......ziE.)Xe=..I.$6..*4..S.........B.;..v.N...h..kr...P......k..=..I...m..?.L.f..'J..j+Y.8.7^.c........cL.`0PW...=.:.....wl.ri..v.KrL.C...^......Ym!....A..o.f.Git..O.]2....k.b]v.Ap*NP.M._R(F.c.4......_.........k.+...%Z<.[....Ih.c.B..D`..NHqX..#.g@!WR`.c+.X7.-;S...P.k...... _^.f.P....tegx..[r.......*_-W.1J..zJ.q...q.re2...E.....>.kjE.......m&./..bO.rGa..`...>...O

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\4qo62rr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):15298
                Entropy (8bit):7.987837771300235
                Encrypted:false
                SSDEEP:384:yYY/koTVNzAczLj49aIy02RlbxhA1vNduGOC2Sl0:yAoHkOj4wL7A1vLuOi
                MD5:4E0D2ACB6620453F6969DEFEC4DFE4AC
                SHA1:F15295BCC858F6ED995719693682C06CCFBA2CF1
                SHA-256:B5A800FF1045CD2EC75D2C11CF885367F0882AC977233B147DB70FCD6ADB0DCD
                SHA-512:D265DD117E4CD4FE4C98731077DBE1E7D165C2AB9838ADC8A7F472604A12E895573EFD03F368B9C63F4E6B2DE4D1044EFFB374A34C5B70982542A250265DDB62
                Malicious:true
                Preview:.,...wRV.r.c..r+dF.h.....\6.i.....R.I$..0y..a.t..8.L96.r.R..g......9....a^.H.F...M.ic..(.)S...&+...[A....$"%.Y...C..>...wl.n.,+.94.8F.H.P.4........<..gf.....&.)#.7..P..w............Te..X.......Q*.Z.Z.Y........Tu..M..j~..HJ..I].:....5MR........uAy.#&<..J.4l,.g.....y..}...Y.eN...easz.u]8.........#W...y..._..L.P....F.N.E....'.....i.<..V./.......#t?.......cg...q.} $.........0K.2...G.N..j.;b.,-.&.....@..X.i..b.#..Md.br..\........>{u.R.Y........h.Yh.,@./..&...V...X8..."]7b..yo./..p.0.JA..p...GM.d}.K....vy.'M...7,Yx~...[.X-..DLD.~..]..Mt...........%."..KL..K.s....tLt.kt4.......DL.4l...+.lD..{..7^...#l.......5t.........D<%N.)....^..U.0..R_..Mgh.....\^s.r..j1O...<M.pyy..>.O..9&NB..~...<.L$..../...X "o..Y..Q.T.=5...h..&.r.&S....hZD9$f.=. .,..-..j%....\.\..~,.e..~...PM^/..8.e.oA.....!7M..hg..#.`L..\..e ..B..#4...n...]..fnqhG....B..k....".K.O..,...,.S._.^U..).y...d...V..?.....P...."YAY<m[.2D|] a..JE.l.A..dO..|8'.{9.?."y}...08....X...J<

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\6q1ODe5.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):748
                Entropy (8bit):7.691193017379359
                Encrypted:false
                SSDEEP:12:Q/3GNqpPSbqGsDfwVZaeDsi12JtbG/r3DN/X7iK2w8K4QA4zihN6hVYt70t25YMg:I3cqcbqGsDfwnDsq2Jx+TN/LvJzi6hV7
                MD5:93351490ADF23721B7E376BB2A6E607E
                SHA1:FFFB0EC9459110A2D68BE1B88FBD8F0FCE5FB79F
                SHA-256:2C329A7723A63C60DCA0B1D0F83F02E4325DFA141D05CEB425A26885A8C0D8E4
                SHA-512:E0B9F202A383631038DD3CBC77F96B44972B71873E3FDA701EC86D058F02F59421D953B75DDB79BAF87702780C1354A84F4F457F523F2FA9DF784C8A1E9FBE32
                Malicious:true
                Preview:Y$[...7p...).|.2F. .3}.-..Z.G...<.\...'J....).J.....v.s;wt...~5LI.e.....:[.;......._.R}.^....v.O..z~2. +..:"....Oa.&c/v%._...:..q.Kvs.mq..Xt.<...%a..t.L.-..+..#*.l...LiS....A,.]s..F!.P+_.&.....,@fu.f....}u....!9....a........_.....C)..Q.....0..O.+.v1..h.R....t.$..-...o@....UW"......=x.4."..V..t&...Q.>5........(.Z.S.....t.x.....~..l....(..z.U(.'.....VTo.e...'A.q...G:lvq.A.e...Q....l......_N.`.....+..=...q..Z....fJ..9....S,o.....N6..m@.....f..Xp.....7d.N......Q&.KU;.=.....X..3x&.'...o..u...1.|*....9..uY.....o.s.NB...C.e...~...K..T....voI....!.....q.A..U..9m~..[g..>.X[..d.E.!...z}.......#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\8XGTzi9.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):4096
                Entropy (8bit):7.953054621322498
                Encrypted:false
                SSDEEP:96:WVcJs97NfF7xMuxhbsP6IqV7/Vj4fsDXUsVjuUwVdgwhLNcPF:WV6+lxMux5O6Iy9cfiX/4Uw7gYi
                MD5:3DEB07D712A5CE35F9CFF786DCDE189E
                SHA1:5DCF4EC25299E9A3C973A4DA00FD0C1F83B70313
                SHA-256:DEA1CB96AA9D98AA2563D3985269FC8F3F4B78960F3949B3604CFB812FFC4361
                SHA-512:F79F9C3F1F0F399AB395A4E545A8B66975BBA1FC79AEA8D57F080FB925529DFAA3418255932E10D26FAFFD8A8A91D026295A5484A02ABFAF82D2E2A544E2F6B5
                Malicious:true
                Preview:....N..X2...J...e.0...[D-.W.M..-^.,!...Z...@..|".....F/..}.........+....S.[.)..&.7.DX....I....?a|kh.(b....${Bi`..jikW......e..>.].i.....o.1...15h4.$./pgL.>..V..+.J.q..Z....xp..u....u.vI.../5M.p^.........H....s.!U..'......$.9...z....#..=..d..l..ik.Y._.mH1.Q..:.I.7....{..i.,J.!..JU..n..k.....kP.b..J.>.8.Ty...2._....[k....$H.z...7..(.I..$..F<..icZ.|..%R-..._,...n0......',oD......7..Wy.}.W.@[.s..)..2L)...J``.D:....c/Kh..*.o...2K!w..8...8...NVPc..L}T..Tnz../...y\r.g.Z...E.f.]qx.P..!.......V.H?I..].Z:...a.....Z7^.jb...w...[S9..!i..,...1.-.G.c~M...&........F....>..mw.0.......P..y`\3..Q7.;.1`..s.\]P?....M.../....%....=.ZN.KO.8.h..F.....:.V.3....r...L.E........R\..F.....8CF...[.U/.. ...I.>Oo.0..F.\..7F.7a'Y5#.ccP.....2.R.,..u...%.H3...4t.-.Y..m..<.......o....q....f...F.c.........V..P...!..vR....B.V..OU...`.Jw.N{<.,L5..*.....5Z..960`..>.....d.@..q....Ik.)C.'......(3X..3n.o.N%.d....XX..d|3...KB;......".9+.O..|.*+.6...5..8....+.&6..)%.~.Sb+..g..

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\HHd0Juh.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):18681
                Entropy (8bit):7.990455803323405
                Encrypted:true
                SSDEEP:384:sMB9KJ+1v5e7BcZa0CFwPyB1wvbV8lwtEwiShsmH3qzAAkVa9YtyEg:FB9KM9yBcZa42CvaKtEwiShsmXXVil
                MD5:D72F5A2A998908C2D6F42CA7DE058D6D
                SHA1:7F2E2FF77B82595B572135040BE157079ECB829F
                SHA-256:ED7A5AF6C3867994CD5716E98E063B337EEB1475A6C70989251E15F07FD600E9
                SHA-512:646D9F766E9101A1DE48713C130F0A33BF5CEB2FD89E79B26F654B45F428E97AE35072FBCD92E8B48F52296F11731EEF7E01E899A87465A7ED1AC9DA94031A80
                Malicious:true
                Preview:QV.&..........;P.>..$6Z.. Fn....#-(......m.A...H...$..7.$+..E.....jf.d.Ox..f{w..fc..+dw....T..a~..&..I..;n.H.b.>:.....1....RY.J.3.t...v.....U^..Z.....2...m..=C.`Q...-..[.&......q..g....=..$.....-7.},.p........Z....>.+.f.qzL..H"."..QP......f".SH..u<.C....(.9...uK..c....d..JD_.&|T.....1....1...Yr..Xk.u....Mw\.K..`l.f.{....2m.......JQ=.T....ux.[...L..ti..M..ys.*^W.)W..........6>....5\..%a..E.M.\.....|h.Q...M0.....B9....{.....lqa........s'\..FG.i.qA.<b.g.vS..I..[........r.X.....x...0.L....o.......L_...yD....d(0......>)...[._q%7.V.>..tb}\..b....w,o.E.._.t>..e..H...TO....>U....|...r......1..a.Cv......<...O~F+#..:.....C..,....N..j.]..F8.....f.M.=.H=x.M.|..#M_...[.p!.3.y>......2#.G...ce.4........PW.Dq...o....^...~..VT..n.88.E.s....3].*[./.I...ao.L...A.).(?D.%=..Hcv-..3q.g.Y3.s..Y$a..L!v.&..@..f.w...&......:.;........B..B.Y....D)E....x..T?......Z.$j`..g..(......E.....6....<QR........p..E...@.....<...\z..u...5..R..~X.Q........i....2.!C.

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\c6RPFKr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):751
                Entropy (8bit):7.746566525210466
                Encrypted:false
                SSDEEP:12:FdHv7YqVybS/c2E3zXYNzbRSyfcBV1WaNOzkXc6OlC7/ZUqEQJOt70t25YM6yJ0H:rHv7s+9Eb4mC0c6Ow7l6U2uD
                MD5:633F2BC06B5739D6784A0ABC316DF8B5
                SHA1:E264EB97218AB364677D1072E50BA0A4502E44F5
                SHA-256:8976463E86B59F770E736586460A640045B6F6B49B66FC3127553E6BBB1AD50E
                SHA-512:1E6BC63F2B4B3B038D7EB3E817A1446ABA9950EE45FE27E17DA68BB80D69BA0E229B7D82A55A9AF22B16E20332226A04F204F5CD83A3B4FA3FF1A8B5EC9E6ADC
                Malicious:true
                Preview:)F.s....w..I.I.AI..q@.G,l.y.u..}.3.<..O.:..Y..}G.p.SG3r...$.6......9"eN>....t.......,.El....lP.oY.....].$q.._.....H0..A....]{ ..HZHH..{.'.=....*..5.....7+)j.W..8:.(..!9....}.;..-w...I}.n..]Ifs$.H........b=m.\OP...w.3Y.../}r7....;..+.1..x......D.%y...o4....wn.V.[..Q.6i..}..#}....W..#EGK.N.aSw..B!.3I..!Rc.....b..D.*O.....X^*..v.............z..615u.?zDe.R.+..e..F.h4.|..,o.p.(p@....jaj..m({.......m.!.zL..9.'..7.Fc...x&g/o.u..u.9.....N6..m@.....a..Y{...e..nLW|k2.lc. .sx!...-g...5.T/.XQ..H.{)...D.`.U.. .=8...-~J.r..oCsRNB...@.f...@..E...Q.We..f..t........6B........iJ..m%.f0w......V........r..#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\ocRW7c8.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):4451
                Entropy (8bit):7.960991552529125
                Encrypted:false
                SSDEEP:96:/1Ftbsct/UMzRArgAoYgzG4PxmQUtWkX4H2taxKUcZk6sE/0:tFtb80RArpyzMQUtWkX62U0Uk0
                MD5:08E423B3A94BDA435CACD53CB0B67661
                SHA1:F0A5E58D5A61237E029BCA1F5F77BBA1FC9A63C4
                SHA-256:462F278D71C2CBDA4E2EB7EC470F328813B63978329E071A1A5C96639AABEE53
                SHA-512:D9B079C60B1094877963F0EF8BA3EC7B14A0A00E27612120D20F6AF0017215EA9E0529B6C2D5A571829E4212AD2237AEE53EB3F4743AF1ED367FE4D17F9F0878
                Malicious:true
                Preview:l.XKe....|-.m....2(P.T.o$H7I..:.6.L..C.?.t!..6_..N...w.")H..N.6wr.=.{..,.v....;C._....x.-Q.;...L..c...g0..0.&.C.W.=q..k._.{.>...X....p...].#...R...pT..../......M~...-.>...U.....J.........,H...W.|g.....C........c..^=_)!:.M\l..Ol..s>.U.5"..Ij..`.C...k......=i...2..h...U......."D...@..u.&.b.r...O..:..]....b..o...#C..I.Q.....h.#|.......H..D......`..b.;..T...L.aj..2...T.[..{m.X...V.]C!.Z..z.(a..j~h...;...M.zzh_....SMiae.zE.l=.2.......X7h.!..p.P....y*7.1......9Z..z.......4~n.u.K.|0...AOjB..f.w\)..i.66./A'T.>..w....Md.<"..`...v..].D.......'`<.:%....5 .e.j...7UH/.B.a>...m..!-....}.....y.......&|......E.B._8.. ..R+f./.......[:.h.%....+-.i.f.....Z|.......$.Z....A.O.k.....-.e.l.kx..-..>........t.3..i..h..`~.*...L.L..l.s.}..9.....4)}...p...5~.b.q.".p..<....H_.l.7Q...k...bR..#F.....m.6Y......<.S.QL..`..2....-....@.....)n..h.....MB/....:N....i-...cu......._........,(......0.9...,}.......f..7n.l..i..nn.-%.....L!w\..<.?.>Q.....1}.....BQ.k.].p..fSF.(.jW.

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\q3AYTpr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):18711
                Entropy (8bit):7.990262505044552
                Encrypted:true
                SSDEEP:384:+TRr0QePwppX0h1KvfJUfU2m7u/izgVUg4DpcWpJRyBI6Z6uXYoqOSjhqhck:+5eoptUw6UN7Oiz24cWpJWIXuqOyhEZ
                MD5:9AE3A7893C65F3AA62AF3FA0A5CDD1D0
                SHA1:5BE6D7D366C7B91C8E0640F132E574FB84CA5D03
                SHA-256:3B128AFD877F3FABC5B1451D59F37F8C6B5C6EFC2384D255693CD7E9CECC77B4
                SHA-512:411C52BC119E37DF181500CEE1914D2035662404F17268ED52217E3DB93F9771A65C06359E22B5DCDF3D79AC1F27FB265365EC3D10D1C16A513EF43A27FF9190
                Malicious:true
                Preview:..M...<..JTX8\>.$.2....<..nP3....8...k..(......k....U.2LMt.$}.soe....]..4.].t.k...=) ...*Q.............5XS.c+...i.N.c..TI..s{.t.....l..U6:Ze5..c>..h.._..g-.......3....m.'n4..Uc...;wh..3..[..GDE.Lb..B^.~"..6/A../u.g.~.5.?.....%a...W.f!./;.{.........mi.oY1n.}...s:...p...3.q...y.Q.NY'.j...X.......D...Xw..r..g.W..Y....wG.......A5h..9Xr.m..A.:"r....4.J=H........[W....i{....1H..PZ.>.~.;.+.,..z...."S..>......I[...R.PO.~V.$..Y/{..].;&...9..!.$.m.7.Z8.3cd....MSM...F^....U.F|....R.(.@..:.k.V.aT.9...V.Y.....Y..4.x...c*.!....D{..|..x.s......Ni..b\...R...?..K....UJX?...<..*..>p3d|.........r.t;G...<....X%|-H....e....6(.~.3...I.1..,bm.w.8.meL..Oz..s%i.$...d.Q+.D..|_.....)...(...we. {.N.K.....U|Nt.{...6l....>...J..F.Ot.Uzk.a..=.....c^...?.G.....W.]...T.r5.I.U..i..g....LX.w....06....!.1<S.......dN...p.=....Fx%Y.e..J...#..=i.0..(e.f.K..1.6.v.?..x....b........fN..9.M..'.....!..|.`-.....\...-....n../..+_^...\.....h*...)T1.Z.V.k.....:<1/../.........z.

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\iKwUGfx.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):755
                Entropy (8bit):7.742926931060147
                Encrypted:false
                SSDEEP:12:e/d9sBWRvH37HjPATtGSvblhCiXRxIP4qZ2D7PM0ORz3zfzl1Ot70t25YM6yJ0H:yMK7HjetLDlh5XkP4qZ2nPaL36U2uD
                MD5:C079622F3064B3B836CC0F0695798680
                SHA1:A9CB7450CEE6598F0AD46CF92B3B99522BCFD120
                SHA-256:7A912984307E738AD1E792D889C54F35EAC3273B1AEADBA743E7841312581B57
                SHA-512:90B8D4310419C60B637E502D461391C8A248186BAB4A9860586A8573433B296004788D0F218632FB2A5256746E85A40B3896D5304E1F94B730E6C25E7341F3C7
                Malicious:true
                Preview:...NP...hU.C.......X.+..0.....!}.v.s.}.sx.K/H..V...;.#..b....T...+...y..j.~_u.jy...k.2..u...'..*.Ws.Z.. ..&.l"&..@.[@.....'tw..<.p...._r}.%....V.N#....l...GU.I...I=.v_$......j.V6<.k0*}..e...`..h0...z.j~Gq..FgK]q?......_.(.0.U..V....C......1.IC.@....r...N.E.,..[T4dl...n>Z{H:...>.A-kfe..t.5H.,b...).......>y......^....kZ;.<|AB.......)...SY...& v..a.?,............f...sLAN.J....osF.U.[Bi.}...G..!.)c_...#.T....n...........g/.T{.....;i.........?6...^............Q.D:.:.e6..dp.^.^.W....<....y|......VT..^i....2x)..$.N..(.<....EH.l...Sa..!J+T...3.]./V<.r.D3..iGL0...C.....$..n8...m...J..di.M.`<`.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\yQNgYYq.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):700
                Entropy (8bit):7.704935374693338
                Encrypted:false
                SSDEEP:12:FGlLvhVbtx41fY7iL07MXYkKKYOk0bXerNPnZt70t25YM6yJ0H:FSv4xLNokFYJ0bu5n7U2uD
                MD5:334742580607D4519447354109EB37AB
                SHA1:AE62AD48DF3BBF956F9886B31A5BB4BC5310B917
                SHA-256:A6661E9125313E2FEEABF14AB5B615012F42F2B21EB7A357CDB060880272BEFA
                SHA-512:2484678BB46826EF162D53E6BBCBA529EEE12C5281DA8014BABDC0B461799207A16B4F37F59C189DAB211A5951EBD0EA621470B4C925AA97783A213DC4A0D00F
                Malicious:true
                Preview:...M.aV..;rt.#.Bb.-...;.g..!.x.............G.5.....w..M.Z.R...LF:..(.U]..y..'...%.......xjh.z.\} ..].(xF.y..h.T..{..........f.).....E...<.O...-.../...S.@..H~n...AF'lr.w.h.].'.y.g.,.%....k.*q..BCgz2.3x..H.h.}.m.[&{eV.9T#..{F2..1,.0l..'\.k\a....j.._..6..`.;593...<CPM..KP1-....W...A..i.......:B.o..@_....V..|.q7.,..N....o.l(.9.g.kO..\.pU..%Y./V.d3..9.{.71..`..>HF7.....u..t..H.........>.s......V0...B...%.....`.....j(X.b...-......,....j[S.R....Y....*..Q..?...k....]m..h..r..t.`U9...7 .]QKY.h..I...Fm5...y.S...&-......;{2.6...u.ZA.is.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\IwIIR9T.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):3839
                Entropy (8bit):7.954322729068821
                Encrypted:false
                SSDEEP:48:UF5vHODhm30iTUFAFyQ/IjkFjOjWhdI2oob0xTI6pTUbRvahwfSPg5KT0mEiBXP8:PjiTUFA/IApPhdI2oouFBwKlwk12Vki
                MD5:0D9BB61B7F5B87040C70CF517D13DFC4
                SHA1:B01E33801850DC81862EED7C087B0FD4A0827DFD
                SHA-256:52CD1E8475A7B012181E234891847B9FDC230D509DB4A35E51281D6F00CEA009
                SHA-512:064253B5097C46546F38FEEDCADE34FE804972BF81FC6AF82E0C583A1E84DDA525C2B97AD1A43081879F4615218E9D7D236EC35F43CE25AF835F6DB6CDACB6EF
                Malicious:true
                Preview:.6...4...7.y.T...J".X..Ue...k.'.....d.b~...F...._..RfS]...?]..A}..../..+.......hQ.(F....}...,..)..j.&^LX.0M.......'b$...<O.Q..X$.x8bDu..F.........O..PYGa!@...{P....p.8..C..8.p\.@....x..BO.bRP4.Y.`m.N.8.T{h.~...$..K.}..b.Ov.B......gZg=...Ll.......5y...v..}.`.Q....g.a..Y(...+...U|&w..P...j.....b'z".....\.m....RX....q...+.....*......j4J........c...`.E&.o.........+?......6.....T+?.~Fz...Fh..^....z........L..8.....S..o. .d.=k.x.7.U.......U....heoh.(.L..-{>........t...r-m..y.?........r..m..{o....\}.K...I...h...m.OI./.L....|.Q.2E.b. ].`Y..x.8...:F..Aa..n .;`.C...:.....6.68....2.'.CDD...^...q.G.:..\o.....i.....".s\r...".K.&XE.x].... ....f..W..I.W~..n]8X.o....M...(0q].....m].(...U-X.i.+e...g...y.>..n...{..Q....t.........;......y...0.B.y+1.]...U..>..%.!E#.......e_~Zm..+.E,L.....(W..e.#......B.......Z..'.X..h.j....}.Ue.......4......[=.Q.rb>.B..HI..:.S.d.%.2|.......x...B.PR1V.....F4W.......2.i...=....U:...,......O.;0.o..2.c..........8.

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\a2lbrMI.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1946
                Entropy (8bit):7.8961001357390685
                Encrypted:false
                SSDEEP:48:LlpCy0Z9alfXX2ENejbwx38ggz+vbWYVbAOnFEDzL:Llpz0uXXHP8ggWbWsbpnFEDP
                MD5:70A73B63EE8C92153CA2853CCD75DFC9
                SHA1:75E0AB7E6C8F60FC882AE1AAEDBE9DF939F177CF
                SHA-256:73BDF5175A22BEAB3CAC6747656477C3791F882045077C3484728A2A3BE163F8
                SHA-512:16724DE1C1C7B65E223D130D1DBAAA11EFB9ECF1D9220783FCFB84AEB4F6925C248A19C3AF2ACF529E7A2374B196B4FA0D06DB2F47C19957C11EABF9304A8E9E
                Malicious:true
                Preview:...."...jF!..Z.:|'.yp.1.K.+.(..L... ......Ru.itk.H.d?t6$..F<M7L..tv.<....&\K.$...G.e...S.7.p......,...Z..&.J..H.K.NP..RZ.y...LbMyv|P..O.....?...E^}..g'..;.y....M.n.i.....[.....|...X.ursb.9.!.......G~.!X........Q...'..C...F..~ZS3.......=3)+..b.....9~F]..v.JS.UXdC...7....".d...X1?.j..T.UnW.h.&."...pr........Z...z.....*e.u...e.......=A..JT. ."Y...~|C.y....]..`6...=...+..q...>..%.9.}Y... .....%...c..gv*.!..<+z..H.;.P..#....)...s...t..xT...Q.t...6.{.v...5IS..H.p....QG.e....K........~9li_......L9.b.._.HMp...A^.:Ura..d.i.EPS.P+$.^X...|...r..>`...]...6U%I~o]..h.....z..R..3..Z..:..A..o....nT.sQ....TW...*.B..K.;q..KV..n.!M\.r.p.{;U..f.v..s|...Y{.........@ov~.....iO.u.p.-.Cjae`..VU...=...1.`...t..)..M<.....o9..'@f%..2....0..v..(.;.3.....'\...Q........k.5oF....(...h`!...e..}....N...\..6..<*...t......i..BP.../.._m....=.O..8=..M....e.V.U.;..k.i.A-....=_V.e.[....Sh........Q..8..c......aE.C.m*..9.]....*xC..&J:...,.....=..<...ml.iz.#..(..)?.....S.;O..........

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\u4qq9IH.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1578
                Entropy (8bit):7.861888208156358
                Encrypted:false
                SSDEEP:48:BiSQHwtiusLpmz2uY9qIxNct1PSt+MxalUL:B2wAdGUQCNsFm+Sas
                MD5:BA1E831BEBCB5EB49AA97E0889E4D68B
                SHA1:C3A3E3618C2274742D5B03FD17596ED22CB4723C
                SHA-256:970C32EF6DBA8C1DBC365B8476B22166B4A44EFD7194F32D8E1B604D190F1EF1
                SHA-512:16F001A7FB8721D95E6828CCED63226C376862636F3A262FA83989D176104D82EDAC3360DCCE51085C7519A811EA1F861B5EECE39F353969DE001C94D9922DB3
                Malicious:true
                Preview::..~..>.Y.%.n.A0H.....~9.........0<.O..j.^.....GS..\).$b....V....%...C...X.........X..W..B.'e.......;...x..].........$.\z.i;@...,.P....6j?C.Ft.+..E.N./U.?......(...yP7`.gZk.W.O...Y.~....F..f..e.A|.....@.N..d.4........f..U..'.um.8..._U.$...._..0p.l.\...w..k.z0[esQ..8..~W..]t.=H/..2.E*..]...g].^..+x..&T.|...jy.......$...a..p!K.X......yjxA..2`.?..3b.0>5..1...$.6;.~..2"1.F,.C....8.g..^011....s.R...#....iZ..HQ.q.>.>i.......Q..g...&.....J....ee.)jX...;.........BI`.Qr6C.;...P...Y..Z......B../|D=...=.E..!..g.".]5/.w.Ez.k.{.O.....@..4wx...Q.r...O...&.Q.vN..;0.u..xL<.+n.O...Yp.Q....J.1..7..!..Z.30.5'Z|A. ..H..@m.......Co.|..{...r....m_j...$.:.CN.A...R.W.h..2o]..._....}...|.J....w.ln!1.2..0~.. #.a3.0..C..f..s!..By9...AQ._J..q.,..'ogT..?..b..V......+..U.1g......`19a.wU8..].1.B...Eb..\eJ.d..........h.j|+.YP..g...G...CV7..E...gw.....D.[S....e....R....Nh.@.o..,|.DuT....X..uY~c....O5.|.....z..tq.c.?&8.C@FV.6.8..;3{9d._..f..F.OG|y:.....F....g.R..Zzl.[...r

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\whQsWef.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1581
                Entropy (8bit):7.868580482221074
                Encrypted:false
                SSDEEP:48:Pdxf+7nqMMaF5NiuHKGYDH7km5Pjq0DDL:PdF++MMaFv+HQmdtL
                MD5:034FFFCA344EF9A5648ADC57E5696A02
                SHA1:450D2B5E491737E4822CAD12BE01ABC5C5778869
                SHA-256:29437C2B62C3C966F9A13C61638BD08059E8F8BFDAD0C6BCBFEB7D02A5BEAAD2
                SHA-512:1FE8508377B1E1315BF8AACD057D2D821C35FF7AD6840C53B8E8EFFFF266ED35D03347B64B7D5631521DAA24AD127F6B5B012A2656DD1276E1F225DA0DE03412
                Malicious:true
                Preview:x,_......$.Md.y.g..}lV.g..BB.j.....o...^/F(R.....>\xx^....A.1(C7.....k...yZ}.4wR..,..^..uS...|r.1N..a.../+.Lz.......NK.qN....1..O.N..Yb...>_.d*.bBk.x.....t.[..c.}..q.......-..Zd..^5w...,BW...0+....h.......E.im..=...Q...x:........(.Y..Z2...h..C....\....M..|v..y..A.f...,x...s.....B.r......o.?...)<.0..0.V.5Z.X.6.p....l....^.|rB.8..9.k...^Y.^...D...t.....EI..j.[.L.A.M..Cd.i.S..b...C..........j.C....-.JV.-....W...D=BU.fp..:.r`.1a$.h..........".q.K..a ..f..(.N......&..Nf:...3......m.v...v6.'..-..e.&uh%....p....*..{......Pf...L.......e..g._.0.V.....b`.....h`..$;.%....^.OX..7.[v..l..^R.Q...4..W..x..n..0%..".0CU.i.T..q..n.........%...N...H\.1..\.."8.;.x..2.(,b.8.....q..kN...KN#.eI.^..[Z.#.!.#..<9z.......V.@ `.%....[!.'V.H.+......u..8.e.g.....Q.k.i...X....o...15.3..YU...N.......N...I^..:J...o...f~......dj....oK..\...........[.Q.w.ep....<s.3'.D....Gy+.j...U.^...(.W]...N.B%#........".......|............./y]...-.,...../1..:.......)

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\2uqEY5R.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):762
                Entropy (8bit):7.760387652783158
                Encrypted:false
                SSDEEP:12:rUzA4ab6H3jXfSp7cauf2NTZt1Fzh+Mt9W8c6gj4u4M67HGBsgzVBo42tt70t258:rqA+jXfS8uNTZtrD97LjD7HgFsU2uD
                MD5:94B5BCA3006F15DDAB1BBD76AF1BEDF6
                SHA1:DC78DE331C4F0F60A2FF645D174523BAE24207A7
                SHA-256:EDEFBCB991FA6AC44F692544EAF9352FDCC12470C6103073A5C62CE1DE600802
                SHA-512:0EC1FF7C6031B09BA8ED8E6509CA030AAB391DBE00D72A9E5E2007667E3F4C64B12B7E3344ADB70FC14DEAD912C64587F0BB0C969F2C7DD090A77DCCB18D1D42
                Malicious:true
                Preview:!....u....E%UM.<..k..l...-.b(..;P..j#D...*m.....S..<?.._u....6.p.....p.7....z"..ft}...L.......x\.\...3xa}.YW..h.....W..\4..j%e..f..-2..x.).g.....%....Mu.k......n...6....S.."-.....I..'.}.Sz...9.~..2..Z.aE.D!.d...A..C .9V9.2.v.k..._.[..d..nf)..Q.....^m{...UYH.E._.-......O.A.....`=..p....++.....1.!T..3.Z....uO0x.....%.....n2.:.=6.Zo...z.=...."...%jo..w..-[....y.3I.&...(j......j...N.(. .........R..w.......%%|.E5.>.A7.....+C.OM<7m..t]..C.&..#..B.Z%l.[].A:l$Oz.[>v..u......w.D(Tda.........z....C.FX......W..=.;h.....~r.P..gJFjf..Y..AM..(E.U.&........d/J..qQ.a._sD.......r.q.4-.[E?.<..{J.7.........i..#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\e7BsBcA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):74081
                Entropy (8bit):7.997584337418238
                Encrypted:true
                SSDEEP:1536:cfeE9+9dUywTyBvj+oE7tfcNgfUCsgDG+ZE/FG3PkkQ7iPbYT5zOc:cfeEU9d8TyqcNgfUCsTG3EiclSc
                MD5:D0C0052AFC71377AFEFACFDC3B33A7F6
                SHA1:BEB89878F2D2B3B5E34830DDAA22A85452D8FA84
                SHA-256:2DA0F879018BECA67FD964A2C216128F96DB1D3D5BA5B49C75A6B7B815C7B3ED
                SHA-512:B5A85B0994FF5982F962B7208A820B606B4C8CDDFD9AB0AC95071E1ACEFFFE8F944DF5130AE26D440F67CD078DA4FE762177AF0DF9EC5A65B0B20B3F94C9054B
                Malicious:true
                Preview:...#w....._../...3...e.d.c(.G.......AM..C.y;.Y.<..X.(f.B.|....*.[a.F...h.......Nv..l....|T.X.@..C..5^._mm>....-.........g.. Q`..?..q...I.M....Uk.'R..".........r...J|.*@.....`^=G;..`....gh..|.=..>.[.HGKeb...L.y[;..z..T.x........\..sP...F.2..J......u.Mp......^Kx.T.g.."P........ y.$....w)QA.l.S,...Q\.kO&..[.,....1...'G....t6......p.sB....X{.......W./.K..T^.<..L...3Xs..........wz.*[.........n....[....8X:;gc\N.R=...!h..0..#I.h...^.I.@.`q.W.7.........J.b.*.Nh.....&..Jb8.......d.S#.....5..........M...#M......=...b......#2'.,.7'.. ...2....A,...V[..".@KiH...2..._..4.1..dbS.5..j...]y.`LR.^..$w.&..T..7.r....d*I......M......L6P~...%Z<.H...sl.@u2...{)-h.\..FE...S3....A...N.u..?..w.....S..d.l5".=@.:..S.....$b.)..L.$[1.>\....'..F...Z...{..5.*.?..4.K.z..#...3.v&/.,S.d.v........N....D;8R...R.2a.U.....s......O......Y.T.uI......a#e.>.\....ML.-..m....of.q.e..V.....|l..$....x=..B....a...h.5)....3..S.8...h..(.b...6_IF....h.{|.q..K..Q...i...D......%...8..G..

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\B9X8kZb.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):4585
                Entropy (8bit):7.956072556130762
                Encrypted:false
                SSDEEP:96:VTzA3FriUSIVPanfUoltd9wf+eq8XTOSmaPYNEhPIx:VTCrwIVPaf9J4scOSmkYNePIx
                MD5:45C170AA7E3DA65B599966EB9416DCAD
                SHA1:1B6EAC277EEC737558D5CD1A8215114E8D0766DA
                SHA-256:8FD249A45BC1E9F5896F384DDC8F7516B328F2A7E80E34C09864B70F7F9792F5
                SHA-512:94318EB5DBC65701EF11F25F9ADC1579FB0058C220572F4C4F657D7C0C8C9B4893B050D0B8490AC81B3E23F7C24FD539D852B7202D53E37D28E19BF719973C57
                Malicious:true
                Preview:.T.S.X.zGL....><........F.V..Q..9..#.......N.....~..2d1....@4~s...lt..V+b...!.L.|^.J.O.v....,.Y...;...;~4...J..y.............X....U\..T.HN..:p.< c.J`...|.>.......@.'..,L.rq.vn.<.n0.{.e\a.zr)#.F....V...[U.4....n.b9...f......h...K..I.........U9..rqe......;H..*.(.}.S>].).g.....V....5.dH.."%e\[....>i`I(y...P..Kx.)..%B.....f..B.....Hm...].x..Z.W...Q..iT.ib..0..b.8R:........+l..].d.....$.o.5..j..T8.E...$.^.3~.a3.'(.x...M..J6p....5.a..2....";*.-W,.k...X..F.7.@.e........Y.**%.....~#.......jIV..t.o.>..\.D>X...p.li...X....CH<......!....g.O...S...H.l...BOn.0.\.4....M.".....T.@R.......Gh.LjF..I........ 4....`.....T..^..C.4<l.6.|.......]].1.......L0..S5.W....n...{..h.kY........;Az..4...p~....F..=B.E....GL..t..7p=].K.kN.M.Y?2.J.uO.-..-..(u&\...4..p:V)..).._.a.Uj.o..WX.....G.v6.....)sOF+C,n....lbv.=....g.$.Y+..8.q....]...1.-....H.JCM..E...mPz.q...f......+76..8jDn.,.....c.~.......q...{....M.J..K.?.......4.b..=.g......K...R.Ln7......lj&.p.(B.{.

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\PsqVaNl.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):4605
                Entropy (8bit):7.960567485745268
                Encrypted:false
                SSDEEP:96:AzI2EKWsBOyF3YoHHfYGRI6chN8C3ixElyvoJvccLkvKRf4ksTwF0:qI2EKpewFRYyAJYvgfqM+
                MD5:D57D6A72717B2F978EC3049C8289C37B
                SHA1:04BA7F60480DF6B27B076B4A0CA62E6D2C7A8808
                SHA-256:5C18D7F649E098E6103A5327670CF75EF05C338947347B1EB23DA05A5DCBAEF6
                SHA-512:BB9A334D925CA0D1F6C9A854A9D5FEB0E2DBAF2EAC5F8C3FDD0A2F9F0D87F86CFE88A92C19E84381595A1DBF288363D8672D896921535263A2E722BF1E526EC9
                Malicious:true
                Preview:*...].5...@o..1L.l>.dT........q...f$..t......J..N..S..H..o'P.J2...jeP.*C.!...h.....@Y.(......U_.c....m..*c...N..@.....<.Yqt/.w4(7.W...)\.5.h.W.......k.....p..S.@Oth..D...z$*.kx.B5../~N4.......-..z.$L{.@...eCY#...^.....?..\-[.HC.}.j.A...u..CM.>/.J..".*U'......=...iL..W.......Z.^.l..aA.'..CC.5.ss..3c...>.f. .K/_...f.*.Q.g...C..5.`uL.c.|.,4...r.f...a_...+>(.cw....{.<w......u...]..'Ak.Vz..q1.."sp./.D;....f.+...yn..)z.5M...Y..0/..-....h..H.b.^.....O.Lk..1J.Ja..k...R.M.K..?l...h..P.~Qh:*G..c..~.......{T....X...*.J Y..*t].?].H.X.mPgM.....RIr...5...5..:.*.Y.0.xG.+y2.g'.-...@./G...H.<>.E0.D6p..G..>F..........r............n..G....$./....d.V....;?....].W.E.O......5..01..........kA....h.U)/.~.t.{.:S1#....z..<*XS.v...XQ.X.........:..tOq..[1p..D.r....Oc........2q.}..w&....D....D..s.9...d....JH.O-1}.l.lV.Q..^.~.@o..;C......V.V..T7:.....'.f":t..$P....}...G...p.......WP.OvK....6..hY..[.L.....s@...V..O.n(...M.i)E.$..Z!..].....X4.hLu....+

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:true
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3mt98Zy.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Public Key
                Category:dropped
                Size (bytes):33029
                Entropy (8bit):7.994460347382459
                Encrypted:true
                SSDEEP:768:pEYF5AK1oKwmqThPXeYNpXbfH5mJgMbzb8Fw275VAG2D/Nw1advX:pEYF5G7PZmwFDJ2/dX
                MD5:761B5DEA92C02D2D27E5248C28A6B1E2
                SHA1:B5F8CD73AED43D167D921930A6FCC4F1A92D2B61
                SHA-256:C67CE69AEC23310929E27699C1EF81314D77DDBD37C2ACE4E9C80A2B9A305B7B
                SHA-512:CE94DB4C2178FC193EF3BE44136C834EB758A7DAD39AA9AED1070EA9ACD98A97D2834DF17CE9C55453761AD7A9C3B5E06B645F582406FA7AC519A5B5CBC11A0B
                Malicious:true
                Preview:.D.F..$E"E+f..RqW...q1...G.....xK+...-.a.c.G...4.-=\...L...+Y[D...}..rW.B.E..,P....m......;4...L.=.;....+..S.#&.R..|).(...k,...F1..,}.'4>.......k.f&Y.r...-...O.c....p..\..#.nq.l:..0.U..x....0..g.4.d[.Y..(.Z..c....N... ..~.t..GF...Y.....l\....h..t..4.I..b.*,..=].W......=.../..a$.z...}$.1a.d?..E......7,!.CW...Mjdb...Z.........k....xv."....&..%_3....g.........6.f..a..[...ca....$B}..Q.....Q....,.lPXV....x.`1.)s.....3d..2..U...)+...g.}..........kY.Y.$.......s..x.5.-O1..2.xX..c..WIq...?.]a.m....?..!Iu.......o.6'2 ..@..Q..........S.Q.<.%.r..Xb2......=&Alk28)L..;.Q.y2.O.....g....cp.K.t.DQh.[-...+.Gz~....R.ts.^.W=f4+;...&.1(.....*/.....I......N).>n.2^.z...t...s.........R..........xT.L...Q+.4....n:..(.~.l./.b-....Z.;..(..^$'...T!...Qt../5\....3._J.....xs.B.|0_e?.$g.%us..okNCH...J...N.....}....h....l..!.+D.\....f....V..\X. ....G.+.,.dfx.6..:..2.S..*m.Bg.../`.......K.-....pV.z@q..d...#..k..EChj..v....(..r.......V...>..~..A..K..j.B.....GY%.......

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\90HcYlf.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):33033
                Entropy (8bit):7.993701978303221
                Encrypted:true
                SSDEEP:768:lDI2D0QiYVI62M0dGmFyy6MzomcTLqsB+cew:FDeMI62M0pFv6MztCLdew
                MD5:8188493726538FCD8189571E7D4DC5D6
                SHA1:EBC9544C8058712B671327E11B44B35A95D1E885
                SHA-256:668529ADA022584AB54BE01917F90DF7FE104E3CB3F4D82991E72BB879253F90
                SHA-512:9B8B84671230C657353432FA306895A420073E338A0F1B25CA249303901F94CBA01AFF80EFBD19D43D301A8D9C0589DDF9A7D233586E2662F8353366B0310A31
                Malicious:true
                Preview:...a.P.h....p.J..F.>E.Fp.......7..L...w...jFI...E1.....9.... .............0.....r.-..X%SU.S....:.\.;.H.+.m-.o...,.c.7..N....(kz.1.[.....Ny...3z..[....[&.....*.B...=...m./....d\...`M.....{e..>....I.3...=...y.2...*.U..........Je(.~,....a.g.e'.O.l......2w..-.\"..y...'..F.....5...e/..G)\.D..u48....Er|<HT'.fL...=b.7.7..~..J..{;...y..eI^%....-.-.1.y..j.3W1......[U,..#...<9....LL.P...m........vi/6..%...,.\..t.B.;......9LG....e.X.|..)....D.....x9f1.....3-~.G.z.L..mE..d..LQ..6t..N...fg..^...>.Jd!..=....iV.<.../T..*..f..k...v(mO...[...nO.8.C...~..}t...aN..q....Z......|E..L..j.m1.+...)..v..!..m.0..j....x...U.l.M..j>..w.J.....*....)...Z....&.....I..8.\z2.......!m(.....)-4.}w......h.?wV.>.?.2.k..M.eL...[..!..A...'."qt...R.%....0....I<.i.w'@gUL|......e+....c..l."n.(t`......J5...g.!=...8....:5.j$..8.].O...#...!NJ..4"6..*7.7H........1...v...A...V...hY(....'..@..xVQ...7.....F...4yo.....7.....(.8+..D.+....3.......(.0AM....bd\.w. ...Y|9........D.~3?.L

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\9d4ZYJU.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):33046
                Entropy (8bit):7.994948969103611
                Encrypted:true
                SSDEEP:768:toHnUzx0+QBkztMkIXCGULWh1nZ+Eaut4+qIkK5Zhi:KUvQizKrXx0ul5hi
                MD5:F1A578F98C96A003930B84341FEB0C5E
                SHA1:BE6BD6F02AC06F75059EDD2B10AE0866D67F49E8
                SHA-256:F2EE25441A2270A54ACA2BA40823943AB88987F694FC8D0A0876C93A5FBD688B
                SHA-512:CAC80EB2F9D195C93FD4A7366370BB74F7AA70F522B37FA3621311B2F6AA71796CF896F7702EB45BB0E42BD855216994E872B1A47D99617BA460127F297DA601
                Malicious:true
                Preview:w...I..l.`m.O....I[....xB..\].....x. ...bc. .4..F.p.O.... Y....k)f.'J..Q.Jv.7Y.z..Q..H.,.;e....|..r.......e'...G.e...G@.~...U.....o..z.......%9K...LJ.v..s]Tr[...-..B..J8..K..l>...W.9.u..{.->...S...$.4GX..;I.J..<../......Q....d.....b....s.[.&c~./.p....t..fZ.5...z0.G.h...b R?.bf`.}....@.1b..xP.......ZTk..>.,.OP.z.~..o._....*Gk.V.3r9.......w_..i ........L.*@V...+\LcZC........Tf. ..K.-4.U..n.x..&.,s)..u.L.....V<...c.<..,......f.!.W[.o;...$y.m..He.4..w..^.....l=..yE.E.ux.-.o..a.....y.a8L.8.V.....g.....4m.n....a.8Bw....T..2;...Z=.v.j[..3'...i.q...n....|....wf..)/.G].:...L..o3...y.1}...>.qL....3].>...}hMNg...s......+eA{.B9...-....[. ..q....fK5.O.kB.;y.W;.w.n..)*.<]...J...W.0...g.s...s.v..w.p$....<.$.8H..ex...Mf.a.b...yG..3...CA.d.\$N..W%..iQ=...I.B..A^....|..2.Q..r.{..t4.}.....%o$.ZW....hq..=.*C#..]....>.F..?{..VU.!....0..TEL.x...A...*.-..5....O6.m#....H.tW.U.k.0.6.'.fl..S....y..c=k.6WlH.e.|.^@.t.(..aTA1Yrq....:k...Vu.'2A..s=?.R..Q.]F.......J..:^#t.@,.

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\Fg8Fmg0.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):49408
                Entropy (8bit):7.995485048505196
                Encrypted:true
                SSDEEP:1536:vhDaNo23VCEEwqJ7mebY8EySkyYyjuqiEMbTTz3:JnYVCaqJrb9EySkse3bTTz3
                MD5:49886D1B32843CBB3D6BC859B31E80C1
                SHA1:AE8F63536D17764F18DD9A4E61A74B82AC593C52
                SHA-256:93870E78D40327222244F120B54534377AF15D7EEFD2BDEA1D3466D7C510562F
                SHA-512:3035052BF210F2BD8650E242B88CF0E69FAD822B63563864881FADB6D9690AD8A2101BFDF1EF7DF26B008C5438E5544D0DB6E3F268215641749B7AC8F79FB34C
                Malicious:true
                Preview:m.."..E.*f^P.;{..?^'F.8.iu$.p.r..n.IF3.Q....B|..7Vp}.{....:.&L..]Lh.O..f..................^..|.p._..s...d.1.P.klk{h.1.3..*t......nP.3.J.X.... .2.w:MF...U.!.6.....>.......k.H.x....iz.\.C.&...6.H.A..n..fHB....z....J..p=.A..R4...)....M.{?........"}Ea.].7.|.Xo.?K.N..!.do.....7(.C.]..f]>..T.p&.fw......C.1Qj...H...I.G...7H.3,.H.'+(?E..:.......s.R.%P.*.QP...8..b....]"..?....A..!F....s..O_...F.V..b.......@.N.o:...n...".....".i.......%...}.q.......Be_d....a.~...gh..n.4v.z.r8..7.|...w.s....)........^...(*...f,..(.,.8..0...X......-..U.a..\=.W ..xI....b..m.Iy.y.nA.Z..Bf....]...MI..+..........OE..v.T#S"^...j:...<.=..%..^1.;..x..nz.....I._RT.mz.V..#....hCM.]HN...7zn&x.\Iw5Q....o.E....\...}.zGj..@...[.H%H&.B..UI(...e.lu.....N..GE....._I.$Bs..g..D./)'....eA,u......,|...1c>.VTF.I~..SD..V.au..E...R...Czl.yLk.!o...C.....=...SZ.3......^.lFK.......(v.........).%y..T9.....e.......e>t.;..b.bs..^=.fO.R...K..O..."..::..fS......A.hI.././/..f.G.,.|..z.....e.....Z.V....

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\G0MmRxX.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):49412
                Entropy (8bit):7.996468713706573
                Encrypted:true
                SSDEEP:1536:ZFVxoYFO9BhtV+papiuM31pibO0L9bd/+iqJBj:DVSXfrkuM38Xd/Boj
                MD5:B1D883E9E14947FD025F748A0DCB45D4
                SHA1:844C6FBC4EA22CC9644D54A163373C2FEF61FE6E
                SHA-256:ABA3F7974EF604EB3817344450D6D9B78CE2FACE1AC8C4D4D3D399F7BA60A994
                SHA-512:0AC7850E9B8E4412C50B5B5444ED45B9B3E10EF6A7EA681CEB1E0ADDAF5BC75A7198D554EF7DA6C7DA0C7E63F0002C4EBCD925DD2177828F9E0FA9C522E7163F
                Malicious:true
                Preview:..3.......`R..v/..+..;.?...m.R.UU....ll..T.k...5..Y.r.%P...'....". P.....{..z;...k...eS. .7.?.wF%-...)51..x.V?+.y.."t......rS..TF<<.{m...6X.G.y...j2.$.[..4e#.xc..|..y.....^R..z-4...>!....cU.-5.q...........&.S2......0...._7.v..M..}...[..*..3x...N..Us#S.{c.....p>BT?.....Bf......P...ej.....Acb.....Q.~.........Sk7(..|...[..<^K.7..UZ2C>.1.a..I..P....3Y.Xy...nrN.Q.yp .<..W.vC..6>Nl_V........&s.Mt&........H.9.i~b.7.~..H......<&.:...L.t}.K*.T..2Y\...jHK...a...`Y..0..4.......t..."...*.,].r.......,..M.3.7..|Ez.4EZ......\j.^.W......n.-...Pr..#T.(.T.3..c.z.W....=S.`x. -..U_D.[.&bw%.."8p.....l.B.........Q...%...!......Z..X.....?....n...x..N......E...Y.}..)8.s+jl.(G..W^.Y......}...'|..| j...v.E!xtmn.4..X.X....=..(.nj...1...$D.a..0..k$...{.VLh(... .4.YX..M...G..!......sos....@4.&(......!....q.......L.a.............HG.(.c.X.......bJ.p.......8.W{a....X..k..].h..w...........6.PJ....z.yd=.e.gI...'{tF.]..T(.N.(..=L..'y.U...;....8.....Z.zr.\..>.e.X.a.B.\.y..q...

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\Owx9bgg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):33042
                Entropy (8bit):7.994559764755523
                Encrypted:true
                SSDEEP:768:uilbKJ2D7lMdoLqprrbBY7236UhZlUzchCA3FYElufTG5:uil2J2PxOK72qULtz9
                MD5:338E35E32C6DCDEC33EFC453405F4EB7
                SHA1:B55023CA0B454639E3FAF276D879577B6270EF18
                SHA-256:8843A4572FA12B10AB19D23937F5DCE0DDB0D8C71A4FFDD0AD3DB2714623D6A4
                SHA-512:79178F5DE76AA41D5766DF298A40839B5A83C2DB99B5ED30AE650F819195D38950809C3D90BA4AFBB60105EB21861B73A009FC8BACED6A3B8ECC4424B27FAE71
                Malicious:true
                Preview:Y..B.......^.@.:..Xf5K....6.a....q..);..kReiG....g..4d..)4S.u.|cL.s.Y.V..`u....ZG....)[...<.....).......-..&..&=..[..M....0./Z.......f..A..XK..X,)....Ct2..9{2.....8..A>.1O.....~.'......d.,l..C..o!${l_.[Ao...A%/..@..A}l.Lc..X...+......$l....L..b...(b&..o.......j.}.[M....,...`..HP.T..%.0>nru........D.at,.....4...W{..ir$.@.;|.Z4;M.W.)..!...+.......0..Y..c.'].g.)... ...c... ..FtL.m....xT.1..$k..\.10pvp..........g.N..R..5...&...l.B.Z.k?<P....o..I.....2!..7G*t..."/..P.v..dC........p_A.4."...1.H.%..n.<.......5.|.O.....*...g-...E.%.....G0..j.mi...X\...C..E.=c.n.....&..a.T.z.....4....EP..C..=ivscL%...Sa..o..F;..._....Oe..<$~n...z.A5Y*f.......!.O...%n.........MF.o.[....R...C..*..9|".S..,.........W......f.?..}.]...CA....y..`.W..({..Gsl.".......Th.V79.. .P..KTJ.....A.&.e...`..-..}.m*$.s..$......-..........5.r.#g.............g..%up..p.%.p....5s.kZ(...w...&.G....q...T.M.....I9....$P.E..qk5Z.r2.L..}..jR..~y^..R.*.6C.n..l..e%.\M....T.b.>.

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\PPwrpEC.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):573709
                Entropy (8bit):7.819516383451891
                Encrypted:false
                SSDEEP:6144:45F4T0mZRL7PVNzLEAnkOSaY+iZkczI14hsV2Wo1QzQfqLOo20nRkIbNKuVroOy7:4/4ThPVBXWxtcugKo6MocSEeV7dcyohO
                MD5:6CF67E140B5CB9814650D12E0294519B
                SHA1:A364C6FA253C8D2D9D20DDB999A0DE42CC90F402
                SHA-256:41B87CBA9DF758875624B42A120FF1AB282E14B35F1B95EAC69C71079A9D789E
                SHA-512:AB61D1ECBD548008CE4BD8D49A4D42E1B47D3D12CE3350BEF720093A44031A0BBCDCAA22B2AE8D675FE78D9F3D9D9B595B48DFF366D3C67D9586ADBEF5BBE5C5
                Malicious:true
                Preview:.Z..z...(.?!7X.......=....>.^.jB..)8j.b.I.....[..O...S.......W..a.}N.......U.w.mfy....0.er*..&.c.....f..5.."...8.NV...iW.!.T.l..D,....p.^..t=......;..SX.r..V2....#MfR..D.......B...s..[....hx.......YK..X@{..........uN'U.~..j....{...-...c..E..h...p..h...Y".>..3.{..O..}..KS...#=.L..k...._.t...9.PW..w..qp......X.G7Pv...v....g.h.h.=.. ......=!.<.|....9Tqp.j...i...:n....*.6|.h.......@L.e..0....{..K.Qh.RD....pe..vbN4<".f1..N..\...... ).}..(.<....>.l.*..I>....b..a...].{.qrO^w.]&.....)!..Z......$.+.:C..{1..e.Z.....uL.$...q<..2#D..8s./.;..'>'eDP.$..d.m.>T.P...p.`.q..D.b.l.>.i`.n6...=.+."W.....'.........[m<W..}G.2..L..}.....R..w..J..7............]#.M..*........3.G.f}.*.N...&.6.o'.e.t.R..k.`E..!.-.U...k./,m...3j.....8.X./.P././.......Y.....Q.t...\.....j..0"N......2....&~.....\L...c.z.o..5..}.u..U....2(p.rh3..2#...?.4.%9..to1...j....J..q,d/..%3..=.Z.....*.s.....g...........(U....^wI....0Q=....r........=....S..|}.+..H...2.....JfT..`...%...y...N...

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\PpDqSGg.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):49421
                Entropy (8bit):7.995788593187459
                Encrypted:true
                SSDEEP:768:RJMqoX/eDmpTubLHfwLBkUj+w+CAvIUDH1kplEr9z2o66bw4I5TJui5wYuj6fxQa:ZjCJ4LH6CQ+CAvr3h24bwF5Vui5Xfia
                MD5:01B169C4469E8E21FA3E3232C4D000D2
                SHA1:B13B23E06EDF3571C04E352B2DAD7DD646556ECC
                SHA-256:FD19534F1F7F8C9D58D77D10866E450F7A965EB7DB5BE10C7983566938CA3FC2
                SHA-512:EF2C1EDC3ECCF1686A22486B173FB0812C5C37262F690498AC6D6DE648A26155950FE053C5B26396097A07476A135CB21D577432EE62CB6AE625005D9DD97A01
                Malicious:true
                Preview:<.`.=.1.P.5...Lj*.pc.A`.]....!....a.F.3_g....<...!....r.*......2.L.,.3b..n.BVoqm.a-..pM.(...o.?3..._...}.a.4k........)...7...`.........m.xc...-6>..,..m...G.a..FX.y}...FZr.....-..w<dA..Q.!..~k.G..7..MC(..R.f....9.3.c!..a>.5H~GcC...k3......W.K.8L.-.o7...ar.....q.j.D^r..'..q_.e.O.q.$.M;....\..r../q|pn....W ......(;.......A5s...&u....;..a..c...T~..tV..$zm#.2.w.g.@..I.Q.6.9.).}.1.2.L..B..85...".0.....g.S=.M.R...T....i.8..U.:...z$..`.....j.\.~......SO...\.jr/.L......[....s..qC...wJ.d...C.t.v&s.%....U...B.. +M..<.CIP...d./.5..OYf.+.k....4?...r...LJ}n`..R..F......i.@R...v.TKU.4..S........x)..j..........U;..@7.Q....|..:..1?e.,..:@...2.[..[h...mK...{.@;.P...4.}...>X.../.1.....|...C4L..W.f.<............0NM$'x.y.T]. ..B....$....u..8....~....J~.}ukg....;p..z.......{....S...t..b..B...(..Yy..H7g....j;]......0.'.<.U..8..%#.n...}*#U.f.B.........N.|....D..h..$...>EaB@>..I&...L.9......jR.e).8..,.zQ.....5.[.....,zy..Y^w..1..K8<........l6 OC..F.$"`.<.C..BR....@..d

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\p6Q9pnM.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):49426
                Entropy (8bit):7.99633069261082
                Encrypted:true
                SSDEEP:1536:kxbwOiwhoccPv79zL7u7Ofj04FhTEbi1U:kxBoctz4Xob3
                MD5:B0A5BECF73CAC8C8DBF5E6C9EA6A09F2
                SHA1:D4A9C2657B0C7E525632657523366BCE3D380A5F
                SHA-256:1DB6CD11AF2A58A35EAD4971E0E1D1A5027D70DA843F4DA80048E88F3C1B1065
                SHA-512:AA4F0219668D96EDB76E44761F092882984FB482950BB71EF6FB1B81D19DB3766C9C6023161C7C92E6E59A05F5EBD9DFDA01997D36355E6E971A9306F8FE1146
                Malicious:true
                Preview:...rHJ...5m.q.......J..k{...-.C..#..>.5..s....B....h..{.U.....]..v.S+....f.X^.d.8w;.h...;A...a....u .p?;..*..y.V.7X.Zs.!..`.-M...T..]Ln.&XS_..u..F.M..$....W....F!\(+@.v,Z.k8."G...C&..:........Y..!..|.]x$h.....C...7M...;7..#.....c,.mE......'.,+.7.0`.~...G;$j0..w.........Z...8qt....z\D......I$........:..>...$@5..6.T.P..B}#aO. .=\..C...\n..@[....qe.....Rvcw./.,F.b........fK...#vmzA.......*.....|J.p=x"..~/.?..L&...H..X".z...y..6..+.q5XC. s.....n.L.$..BQ..3M>8..}O !.Q...,...k.ub...i...Q.7.R..kUY.}=.t......m...Syi...:.O.=.l;.......&...a=.J..V..Q.=...c.X.3...i...F.i.-)?.Q....:...U..ebNC..b.1hQr..+5i.mK....!..J....<@.Rp...#.......W..........#d .n0.}..m.~.G.^.|....sa.Q^.....Q.^....'...F..w.......*....i..`|..w.KU.|.&.lFS_..s;.....(.....&.6..I0.$...\.......*i../B\l...I...H....@...v2..Z@..L0....Bv......2.B.B|55.D.../I...:.Y.....8o......e..Y.c....B...;i4....#....#.......+..w...vJ.z`....W..Tk.S.b:..FZ.y..):?4Kt.M......uu.....#.B+.*'...ii.g....,

                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\uyZhN5o.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):33042
                Entropy (8bit):7.994797895923472
                Encrypted:true
                SSDEEP:768:AG1u4aRK5YQsiu1XL7IjKP5d0K76znsvYksWMK+pQJtVH9U:Ar4aRcY5x1XP8KPn/7Ensv3QpQ59U
                MD5:5B370564B2C016170C90EA1634BF0BE5
                SHA1:E769D623014824C1B6019C3C8F15C0284BEF7152
                SHA-256:59B3E319256680822A3D0F0788E786405D2AF87DB0D10F1D6F9FC9C0C6ED155C
                SHA-512:C3D9DF772E712E6ECE4AEA0D16C94CB1566D55EA757BE64902EB433D742AAB6EA59FAF609A7D603D102E74F115D162C3D497822496FAAEA492761527EA81CD45
                Malicious:true
                Preview:...BN...(2....v[a.d.$&tE..t.b.>*y........E.O..o.."....x......Kn..iS..hN.@.Kc.........GG....=...f.1.6.a.......T.M..../#i.sq.k...B...!..~B&.B...?$.U.h...Lj.QT.6......1ZnS.+...Y..%%.U}u#..>.. ++r...H.O/..Y.<...D.`.Ec..5cWT3#Q...9.U.ONt.".q{q~Jn.7fdflw.'-.e_..[l.R..:V....^jf...Jc..X.o.!.r^s.m..(...?.9..^'..L....kZ....\.I....O.).k..v.%..eP.......c...T..oq..ly0.\<s..f..I...x.&..C.`u..x.r&X.S,...x.n.B.+.IW...I..:XW..t5z......Xl%....'. @[.1..s./.>....e.:Qw.B...q.@.e...qV.o,x..M`.koGdh...lM..h..._..<q....{!\...i......j.^.Uz.C>Z..2a.I..XD..{..VX..k!$/.yd...R*l.n5..........I.%........=$.l.]B...0)..=...K...GY'....g%=.M..}.$=.E$W.+.`.M.T.>q.5..;.h.n.-<.`.@.b5W3.X1..n).U..Lf.I6.........MQ..Y:..1.kh.U.F.)..Xq.'..!.FeR..0.H6/X?A.7...y..+)...}......t...%......ElQ...^.....n?ha..%'..p...^..."!.m.a&.C.~.C..........L...m..5M..i6......AK.. i.=......uJtX..x.hWl.z....r.........&.......)..d~w.=XZ.....u..v..(.C.p.rN,...-'d...gOB.H.....R....f........Cn...:.......

                C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\AppData\Roaming\com.adobe.dunamis\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Desktop\9gGB296kd4.exe

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:modified
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\AAAAAAAAAAAAAA (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\BBBBBBBBBBBBBB (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\CCCCCCCCCCCCCC (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\DDDDDDDDDDDDDD (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\EEEEEEEEEEEEEE (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\FFFFFFFFFFFFFF (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\GGGGGGGGGGGGGG (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\HHHHHHHHHHHHHH (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\IIIIIIIIIIIIII (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\JJJJJJJJJJJJJJ (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\KKKKKKKKKKKKKK (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\LLLLLLLLLLLLLL (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\MMMMMMMMMMMMMM (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\NNNNNNNNNNNNNN (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\OOOOOOOOOOOOOO (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\PPPPPPPPPPPPPP (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\QQQQQQQQQQQQQQ (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\RRRRRRRRRRRRRR (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\SSSSSSSSSSSSSS (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\TTTTTTTTTTTTTT (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\UUUUUUUUUUUUUU (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\VVVVVVVVVVVVVV (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\WWWWWWWWWWWWWW (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\XXXXXXXXXXXXXX (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\YYYYYYYYYYYYYY (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Desktop\ZZZZZZZZZZZZZZ (copy)

                Download File
                Process:C:\ProgramData\C344.tmp
                File Type:data
                Category:dropped
                Size (bytes):150528
                Entropy (8bit):7.996999133501547
                Encrypted:true
                SSDEEP:3072:mvWRZSHARlci9qhNrwpKMj/0svWRZSHARlci9qhNrwpKMj/0svWRZSHARk:mOReARxqYpBD0sOReARxqYpBD0sOReAO
                MD5:8DDE9335DC263F8CED3077E9105F2C93
                SHA1:6B8D1F5636F9C094CDD0FD149D537260906C3C60
                SHA-256:3B24E34B5D9C750EB75449302243989741F70D5B30E515226AD9E269CAD79364
                SHA-512:F5DCA7906369DE6408A96D7324EBA99BDED893A44109096AAF2C67A0C668B9DD2E9B0F3CCDA62B42DEFE88D3931723E4631BF6C8D1814731515AD98677A5ADE7
                Malicious:true
                Preview:.{_...`x...H........y.cuu.K....n..i..1..`.1.!^'.%. .8R.Pm.......9..+OpU]o.m..sF....B-{X..m..M.7. .....9C....cj....}..+..c..mN.}.R...^..<R.x,rg..e..~....}*.2.......j..pT.2.c$...ST. n...f;.....A.v..."..[...K.......>..]....1.2...mDT.T.|.Y..eE>..b:..E_}~.Z......vlk...]@...?.E.x...XtZkF..R..\U../..#.....S..c....7.lx..?.{92|,1%PE...8$^...AH..r..m...fA-.[r[..8...%_.N.\2.N..s...H.....eu.=..m........nu......Bw0...8.J..fp.)..s.sd.i.Q.'.qV.W..+.{.....D.\..9..XZ~S._......2e\.j>.|.........O$.p..V...L...m.|..N,!..!li.sn/,.........8R.E.Ho.qt....R>...b.|+.R./...nP.v.w..nX....GJ.=m*.%..6.3.. @.U|'.0."2.l7.w(^Y.l..3.g....7"....6/+i ...4s.k....h.Y../V....m.1C......6_D#.....Q....oI]_...^...~.o.9..)..F.{I...d..V......S.L.s#..[....T...g.../.7.2..6..y<%F?r[*.`...x.R.p....?^P.J0.V........?.!.>?.2......i9.D_...b...^WD......o...\R7..[....O.......e...O......S...............U.....IDi.o.o(...-.kN....Y.....[p1%-U(.LI[IE.CT...&...r........y:..J2..r.y@4>..fY..A.5%....

                C:\Users\user\Documents\2dMxkon.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1272
                Entropy (8bit):7.841171267092681
                Encrypted:false
                SSDEEP:24:k5Tbvapx/4JPuZ7f/gOflKjMkAcs5DDdQSOA6U2uD:WDapx9JNnvntRZL
                MD5:EBEE971FFBC3606D9BC4287E9C522A97
                SHA1:8E5B9058129A2DABD8861983DB8BE790A3B5C9F8
                SHA-256:4C743DDF4CDAAF83AD253A9BEAF6AFA36CA9B7FCE30B61B0465C792BD53C6F56
                SHA-512:80C5B0FDE0F3CE8BA61D78ADCBC92F6FE608E4604990B069CA8E2FB3175E692005E440730954CC589879877631F30B696AABE4BA293FE200BD2B9A8CB2C07A3B
                Malicious:false
                Preview:Avg..6....&|.2Y...s.....m........Ys.....Xg_...M...o....~.....t({.3Ji.F..fE..K......../.UB....F..d[..g..mh..u..]4.Y..N.G.f\..q....b..H.II%.9..h.r.e.1..u..F. )w|..]oO..U-..<'LH.s...Gt.iz.:.y.O....(..s.!...^.14..1........fK.....1..R.IX...\....MwR..h.W.#..0..1}...A.....F...EHa.K..c..>U.F.TT....Y..h./.2 m.sg9.....E7........8......3...OX..6.8.mP......O..h.. k.;.>.z..CV..I..........A.....{{.......,.....".wi.....$..Oa.[...A.z.9.......:..&...1g.+....x...a..R2RHX.V...(IuD...-....i.[..K3>.b.tt.e......GIg.9...)vb..".U[.Tg..*K!7}2r.8H.d.].^.Ld..73daj..';.....K\..<..$....y.(;..P.a.lN..[ryT'.....l.>..9b/..1..^..M]F`..T".wq...a^icFI._..$..G....#....s...4,...I..Em..V.P..i...u%.j..H..5.e.....R....|.V.....5.{..*.Px.&.....F......`n..o.w..&.....hx....5S.C:.p.Ih.b.qU.*p.x...y).y.O_~..5.w.c..o...#....=.Y.ka3...B..~.T].S...2*W.?!...`....p.[.U.p..<s.z.n..*..S..U....=....*...$.....T._.b.^=..`..W...:.~:..,...1..~N,.H..F...6..R).yv.*..s.%.-m9.......+...Udt+>f.....K.g.SD=.g.#.F

                C:\Users\user\Documents\4LbUR3Z.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1271
                Entropy (8bit):7.835990406395289
                Encrypted:false
                SSDEEP:24:fBuGpLtdoo9pbShODOWNqeOCpeKzsDPBgSTqxWQaOA3DKQkU2uD:gsHbcODRNqeTpXzs1gSTiWQaOA3+QTL
                MD5:EAFF588CB88F935C3EC4A84814DCCD6F
                SHA1:75A9756901C1C2FC4F14E0AB2E7A0AEA955C66CD
                SHA-256:F64DC0A483DF8BB4AB3EAF8274AF9289094044E8A85447F16FBE1D7EEE9D1AFE
                SHA-512:F27BDFB1845D1A9D50D7C363E94E1AACC09454E5D9044BE8D47EF1FFED2B0290473482655A98E623328ED1A14AFFFD6E8C706E6DC0CBB759CD9987306251D27C
                Malicious:false
                Preview:.kW@...q>k..(eWT..{..Km..u.n.Z..4{..R...g.U.e.t.....^...`....JC...4.6o.oX..e.0....3*.x...y.y..2..A. ..ve.....m#.....Q...M?i.....73$....Y.A...+..}..J.*H....V]...ix.._J...6..2.....5:+..}.A.x...]......P.h^.:...7.k...."....f.D.....7.B...@..BgU.pm.r.i.i.3...?..1.uC..vhM..|........0.=.....}...k....`.q.X.~uy..#K!..&....H!...g...U.a.dX{.yy..q..1..........ARG............v...<..........q4..(T.RgM..R..".h.6w..}>C.D..0#.o...5a....1r.(A.......m..<.jP+..h...^...A.@A....L.;..$$...m....,..c.6..........i_.%..1...jt. ...a.P..H.nEIy.^~.ZM.....V.L%N...U....G...W..........|.*Q.t.n.u<,qi.h.H.0.pUr..d................N.3}*Q....>).K.X..{...-...h...k.X.~5.]!.....9..y....3....}0...f.Ip>.%j.J..8.Hn..,...-...iu.6j...[.z.D...e/........'.......6h..#m)..A.Xq...}.U...:...j^.P.3S..z......@......o...G.ZMs..%!.s.H.........]D...1. ...|..<p.t..b....C'......!..?...}&.h8.;.<.....z.E..b.2y...!Q.....@....`-':..J.Y.)......V3....v.PL...t.T._k9...>...A.e]...Vx.....D.U.>..2...i..C.j

                C:\Users\user\Documents\9ro6Dxq.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1271
                Entropy (8bit):7.834690752229637
                Encrypted:false
                SSDEEP:24:sR6sfd3DMci33LiKm4s4uB+UlfIraU2uD:sfl3ob6pgr5L
                MD5:8121D819CEAC0BE13D42CB88760B710E
                SHA1:1570573EC287D8221A9B909442EF06EAEC5B43FE
                SHA-256:6CFB6301A0C7B52F7249E4698A43C897E37DB4F09B595BB95C10383D50795489
                SHA-512:693D19941C6CF473DDDC9D4A14C4425FAA2C89DEFB541CF307D94CFFCB89C8DBF7555DF1D72C7AFBB4DA9E1FF40D82FB40D093641517E78715BB1BC141DBF72C
                Malicious:false
                Preview:.N...Ck.:x\x..X..Q.$)..i..2..:..8...N..".u.+Z..J_X.s.5u$$./V.M........x.v.+..za ....AE.;9o..._..$.<..C.&r/.#7..n.b.....)".t''t.F..<;...0O.7.-.M.^.M@..O.........qx...~....q..........".o......2.5z7.n_...z.......u...A.P,...Hj..y:{....i.......c.S....U..fzoHQ...._..~.F!.x...&.+{.1.4...$.._...d.,.qD...=~...q.V.......<....Y../...6...W.jj.D..-.T.~...#..3/5. ..p8l..Ha....*.TE....d>..0...VAo..2$(.sa....r.y......$;n...../.'.EU.?.jP.:.^..Q.....6S/....K.BX.-..r:......?...n.2..&u%..fG..5.0..7..63>.o..$...$....x#..s`..1.u6...n...T./..<.u;.....ZBE.....e..#..<...O{j..\.....%{G.QK.D.cL.y..U..'G>.Z.$.<.#{l.p^Y>..gD.U.j...`#O .m~.t9.-....:._`.:.H.O.~Y.;........D.+...#.bc.Q...:t._.{.oX,.o>..l..e...|..0..|.2.GP....#.We..M...:........8.#.A...'i.....>_.$dp..1.G...m}Q...i...{.Y@.D...VUg.1..K....t.;E=.v.._Y.t...h...Y......ou.;N...R../x.......}S....#.._Q.$...?`......cJ...1B(7.k7.k......A_ u...{x.0&..2un'....e.`+@..S...v.}.FC.-....wP..Cm..D.q#.d.(.P.....{....1.7..?....S

                C:\Users\user\Documents\QVXLixA.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.838883619294808
                Encrypted:false
                SSDEEP:24:1+JszbzFT7mH6dKm76j0tpyJ2jo4pGaJ7wKno+othoeftN3U2uD:Xzh7m4ej0tcsU4pwes5kL
                MD5:DFFD080658B0760A9B7D857ADF4570A8
                SHA1:08827CFCA0486D45C972B2FD361F67746B220CF6
                SHA-256:CFED57834A4CFEFB533181FF2B2CACDB059137F013E237D6327A3BCA13EA1134
                SHA-512:AD98C0D27D0B5767DEDF9E8417F06374F3429D9F5C8C244FB28E6BF81686D7DC417667C6AADC4FE1EBA386DDBD883952059FE17A602E2C9A5DE7E4B16073AC45
                Malicious:false
                Preview:yJ...m.W'.....">E.xo.....l.|.^I.T#..&/..3...+..B../.0...M;..1......+I......F.T.,C...*)........5.r..~*.....3T..Dd..g.....P........V.H.u..@..6...a`..!iG.......E<.....^......}"&$..|-...DG..LG2.[j. h...b.G&B8LF$.Xq....ij.5....QV..kK...P..5.l#K.,-.....ih.'......*...B`...[..4}..h..4.6Q...,...sN.."..M....?w....n.Q....5:Kk.p^/\.}.......... B....wV@w...3..:m..K^...dpS[....O.FJZx. .c.......)U...O......w.!~.q....:Z..........5..nV.A...P...........G.o..^^FFOk.;w.C.+.a....o....B..El..\*.Wp)...?..{S.f......V|-.....;.M...F.~^.z'..Zqgiz..t5X..s...t../.....Ef..\......2....%....q8..2.S3O1.......1.U..}.3C1/.....3...|..G.......5.jM|....-....5..0...kr\....#(.$P...........L*..q)+Y....m.....r...aE.Q.1..D.....p"....o.....K'..+.[<Wbl..|...:o...B.....M..+....Ik..XS......q...XD.......CC....Q...e..;n...5....2X.."....s..>y.M...9>.....}..l1.EicH....5Q.h...P>.]...0......yR3^]..wo.Qv~6.Q...;.pc...oJB.`.......|....._....R... ..D.K.#.............5E......s\.D......e

                C:\Users\user\Documents\TTCBKWZYOC\Ly20sYj.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1269
                Entropy (8bit):7.836781795935009
                Encrypted:false
                SSDEEP:24:XWr0Dad0cVfjIyeSapmbGlhOQLRAwU1FQpug9osdoxacmU2uD:XT2SuMpSUyGF7U1FQpEsd2aclL
                MD5:819A15E79F3946D5BBE13654A239098F
                SHA1:06030E95FDCA70F2BFED65FBBF6E56B146EE7829
                SHA-256:652E07FC06ABB7908FC0D6AF0D40127D677DC5FEC27E9B1C210261172C5074A5
                SHA-512:EDC8809EE2BD5B52D10A29EE1B61F9E3CED5F6E35202691856C3A044E8251DD2B66EA3BC4BED7F78B2EC0BF47FC9F682B8CFD8A79794BC01035BD57B4D1918AF
                Malicious:false
                Preview:.Yz.P.[.8w..k<rS{Z....F'..5A6so.....9......G......7.8~.+.'.....cS....H....N.F.:.{A..U|.{..kQ....9.F.i^..M....Y.q...?.@.........^C2.0...k.....C.A.<b9..Z./..a.q.^.GGvE.vq.......H..&..PZj....."...\k..U..rt.a.P.A&.d.'[...h..D..V.8C....3Q...A..G(6Md...?...r.).rY.}..o3..:..,...."bz.D.m.K.....YK$~..,.?.Ne.1.,...%......./....B3..E..\..K..^.Z..Z{...W..s^.Y.z2...R...R..:..g.._J...|.. F.J..9=5.t....r0..9-....:..Z.EU."..M.u...x(M.ne.l.d...r..f.Y..o...w....~..U...... .5.2.-.n...HE.R.n../[x3...YK.^...{....P_......xa5..84IB.n.p9.z.m...u...{.j#..-..../.....j.A...._....Lw..#<..>..G...T.....S.a%(M..k&...q...$......#>...(.".uT...."..`..c.o...d....<.O.[..9I.U.}-....w..SQcX./...N4.-r0..N.O....=..-.8U.'....&"..h.=o....":WE.C.hD.......4...pI......c..ts..W...aa..b...v....I..B...4o..{.....(.;.......1y|..g......3V+J....#.Q.*..v........VX...00F.RZ.......(.U...`0.7.."%..4QzN.VI.L?.e .8\..8c8l;i.,... ..h3...E.....h......U.....L..i.....P.....`|...?4&.....jg @Z

                C:\Users\user\Documents\TTCBKWZYOC\NRFv8nw.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1273
                Entropy (8bit):7.8557233295251425
                Encrypted:false
                SSDEEP:24:P3GRRmKhKX4uoN5tOdc2QwNpVkqMVeem/mv+ZLHJR6+0LLZCe5xsgoz7U2uD:eRdhd7NbOdc2QEzkV1m/zZLHJR4LZCID
                MD5:7D77D82F0A2E40835F7BD7293B7F4E70
                SHA1:944C10E832E20F1895A83C2FB147972331BF9737
                SHA-256:BE478B324A7CB01A85761DB4264120A8532A6D871C1C857C57DD3EF55273FA75
                SHA-512:D81A6D7B8ABBAC61B59C015B809365F90ED4195597CD7F6050E99839E893747DF07EF9539AB2203B21B7A48D59A79D5FF4065A75872E05BC3BE95764A8F04F26
                Malicious:false
                Preview:....... .....>.c....~<..9....1?!.k.........3.t......T.. ......x.].vh4...+...u.j,....:.........N".Yj..I.?..D?an..k[&..$.{2X.+.......R>I..R......A..`..V]w..-..z.#@d..0...]}.[$<.Z.6h>..3.W}.........-.Q!f.~7.j...,............L._...z.....XQ.5P'?..q..CU))k....H...y...d....t1W.:..R2.b..R:.'. ..[K..MH...Am....*A.]...JT.../..R.Ns..X.OMT..-......6.2JUz..V....6.D]..H..;6...P....,I..%02.........1..NI....b.0G..m..X.Y..d.2..E]#...f.W!l...HL*......:..t..^9...=.. ..o....u...p,v..."e.p...3\0...$;.C..u$.|.....^._..\...U..~..o....P....... ...RY..s.W...Z+i....Z...m....9.>..]M..z........-......J.kA........3;5...0I..mk.I.D.h.7V4668be3.Ck...*|..#M.....w..Nh..j0.... ..q...NS.X..SJ.3N....s...l.(..x......./.$.uoA....N.....8W.....d.[.v7.t*...z.}.y25%....fqX....S....q.1A.....7..En6..t...k...Z.vBjdVn.3dy.[g..]&<..H.i.,....uw$..1M...w.}.....m......Ue.[$....~.gCBun#.K......wj....7.... ..4..WF.'..F-...E@..R...u..x~.h....v..?1...Y.....,..!pw..U..

                C:\Users\user\Documents\TTCBKWZYOC\PaLJ7yN.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1271
                Entropy (8bit):7.840834062320181
                Encrypted:false
                SSDEEP:24:lvP9l9ODaf88uD75zxRdl9CnYvlCVMZ3fndp7eCErVUI9l8U2uD:lv7kDaU8o7pxDfvlCVMpndpaCumIjLL
                MD5:27A6A139D1162372C1891431549C5897
                SHA1:15D43DF67490507F30815946A3F91D782D9D1BF4
                SHA-256:202767E7AAEABD97AB9C11B03D38982393BDE5821270F3DE15F4DC4FCA70D594
                SHA-512:6A5A09FC3F371D61EAA16619C38FF9F556B20976BE802F3362C7EB7F5E6B037EB4C0064B390CF6FEE9F05E7FBA96D3392CCE11E9D114B1CBA66043AE6C2B58FE
                Malicious:false
                Preview:..m9i!z-..P.9....KG4..(.V0...B..it.o.Z.k9.W.m8.ip......B.. .2...D..;/.......:..;q[..KY(..x...^=.)..`.,..T#...=..8e.1"DH....Z.&[_.K.......3.#..?"k..)...~S..+.!...;;..Y..F.J?...e.Aq<we.lXJ8'y..\gD..D....^7..Y.Ebz.a.f.lj.......YB`.tX.F.4.....;...o.....vG.~9e.o.1.m..WKN..."J.&......o&..~..I...(..C..z.Z..4P.Y..Y.u.9......./...Q.C#...an6(.n.-K.#&.........d.c.@.....D...I....x..YM;.._....k.n.F.-..n.h..U...O.E....EW.GB.9FV.@!...(.....4..{.].....e...H.1N.. ...4...!,.gUb.-'.~.\...d...X.f...+..9L.+...|y....G;b...i.Z.....,...QG..^..wdGi.k.....$r..t.r.....A........H.....|@f.wIGE#=E.Li.q.p..Aur/...e.CvR..i..N..Z;a..K...^....W.GCM....g.n....&G...2.LQ:{.B..9..R.z-{..H.T..Z\3a.6.i.....X.y3............Z4k\..(.7....wf.z.[...w.7*..:.}..c..:..3u...q.^.6t....-.K...nf..'.8...L..d.%.....<W..L"/l.kd.F.l...!.<g. ,..m).......~[D".. .8.........O....v.n.8.F.6a..\..s....y.'".&?.j.5':....6Z..bu.f.;.Il.i....K..*.!.wTN.8I....l.........;...2E...u:X....B-...']).W

                C:\Users\user\Documents\TTCBKWZYOC\XanQO2e.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.834686125115319
                Encrypted:false
                SSDEEP:24:hp87eY143+uQa5lH1l43Gwjef9VYnhwgnAbCJcci+TAby3xIIU2uD:hpVY14OTa59yGwjef9KAWXEOynL
                MD5:478A01F35F85FBD831001E5961DA6ECB
                SHA1:B4F292657D01D768E9303705900055CD7680EC7A
                SHA-256:601771CD0F9327B260D2807E69F50E566C23980F4CB5926EB84BAF23BBB977B3
                SHA-512:9B690126949FA605F2B31EF2FEC70AEA3D2AEAF956FFD3AB43E20C6205F1B4D64739714D3626EC5134EE2F7E1B522D5B6D32A32E5C2431FFCE51BB892E9665AF
                Malicious:false
                Preview:].@......M....e.~4.....3h......JK..e.u...X.....(..Y&..<|..-. .._..._...CX.......C....KK.Ch.hb.......L...Q.\..h...D.I.K..$5.w...7.j.).K.......3....j.[.....`d.....X...V.[............t*FE..".y....c.7..6......_..../.uxT.$]......Z.}I...,.....V.*;.D.38*<T.Fb.\..A.V.7.4'..3.*w......3..dBlG..O.......e..N..4...B..l..6'K*..-*8..G;=.L..5....A.S.:..Z..N.....c.~..].RZ*'.......K.....f]....|m.....|.Yu.<..6....."..@.].$..j#ZF..j..7._Z..a........\.....z.y.S7.:....s.4+k.P9....F....d..N.z..i...XVB..==..]roqA!.Af.r.8...wF 1.I..k[.q......^..r....J..s?...J..M..6.....h.!...(P.....W.S.I...F.A;..K...;......6>.e>.hR..0.../..3.... .]o.y!."...].#.7-....Y..OuD.C.....1^...m....s..SX....a....t...2m..[ .\aC.J<cE...T..-.O.MN2D.#..\2..S...]-...../.C.V..kK.?.m.i]~.O.joR.|..*..Z.F.,...;.c.......9...~.......k%..E.%.6.......Yh..(........2O.%...R..R......$..%.......$.3....\..3.ub..k...........D.X"![K"...e...'2<....Q+q'P.g.f.d....>}..@.....J.....%....jM..?..S....i...W..

                C:\Users\user\Documents\TTCBKWZYOC\jOpYopX.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.8472117488028115
                Encrypted:false
                SSDEEP:24:Ju00Z5AnmZoUR7cf1/4rDMFiXCTyiwf4HXRnKg2jcU2uD:000Z5jpa4yYCGiwwhnz2jrL
                MD5:C8F043DC7B908D07A5653D676CE2C8B0
                SHA1:71B9CBCF1DA2847745D3EB0C5699C65C6A1678FF
                SHA-256:3059CC3382F9F4F2C1D4D282F02FF534379D069FF14CDA858A44620028D867EF
                SHA-512:AEDEB436D3E1C3AD620D8CC8F6994FEE73E1BC41E8EE18F143CCA52F0DDC66FDE65EED60CE0759B969B6F9455B58C9734DA3D3080F3F11F24FF73DCFBDB4E821
                Malicious:false
                Preview:..ML.U&.."..!...AXs.;v.e....... ^..l............r(...ij.i./f.u......D3 4H.c.\L......K9.3B(B.........S`(h..|.f..WH.."..9......+......X..1+@..Y.-....Z.b.G.(..Y..,.9.a...V....Q_.z...!.)....,..2......X.9.E.#.6....o(..(...0.vP.s.....$/]..Fn..;].....u!..(.?D.:...L..!.w... .*...S..):.ER..Mw......#W.'.W.6@f:.6..v...7...Iy.JF....6U..>....W.g.)y.......I..0A.+....5y.$..}u...#.,..l[..q..9.*.._...F.j.=...z&...rT.rY...f2r.Q...b..3bik.R..5......(^^.'+es....]........!..fe.wO..$.8./.....!......@.../y....a."..V..Z.n.:3.6....2...F{.4F.+.#..`...V.!...+...C..4f.Ww...#..g.)..V..&.b.M..V-.;GD......{..i..,..aSK..pi.R.)D.&b...R_tA.....R...u.......v..E.V.^!..kI..L.x...o...D.%.4]`A..../.~.........%.........$....?.B...'.el..+~#7 O...:8K....\xS./9.....g#y....ac.]...z3y.....~K}..$.1p.....GS.....O....`3/....Zc..Q.F....$.It...<(..>.&.........p'...Z.N..c*.F.z..E.gQQ..{.{Y.....L..|....z....@...+t........../L.X...:.v......pO..~b./......[..GP........-..d....U@b..O...(....

                C:\Users\user\Documents\TTCBKWZYOC\lBIQgcd.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1269
                Entropy (8bit):7.835127928527226
                Encrypted:false
                SSDEEP:24:Axn+6P/Aw78LUSWquD7qjycrD4Lk+1X60TxhigpUfpW3zU2uD:c4w2WquqZrD4R1X6GagpYW3wL
                MD5:DF04CECB6944AB99D8CDC8EC351AA038
                SHA1:36A7D0BE9DB52F990E945AD4FA9620945082130D
                SHA-256:7DA35CD2D37DF32CAC96298E9C6FE5BC4C1C52206D06FD342532DC409E429679
                SHA-512:40FF03DC15BB64900C956D5645BBD14D2F54A72BBA013EF36DB0A1425CEA29962C6959820151B2583A64FEDC793DBB795D7679FED3F359C91D079A13C5D9150D
                Malicious:false
                Preview:}.......o.b.......>~GJ..%..[L.q1i...J..N.;.......6...g.......a...yG.*d.xO3.+.......)[....1..v.".l._...v.\}.G(../...).L..QL..l.....Z...dy.v....Z..^..*.........".`..V.o.)}.0...{....U.k...u....-#..G.^.y..c.S..G..@^&....=MY.;.A.|......h).g..e'.M.".....K.r.n.E...AY.o..m.(...v..p.A..$i/FV..9.......BE...f}.2...g..^.....t.f...........c..Ze.9.B..lfC....e;.".B..5P3F...%K.!....#..../..q.:.QB.y.....L-F..c. ...hq.7.......L3..c........r.q.}._r....}....._..:l..<.......Vu@._6I..J....Z1....FZ....G4..!]..q...x.-....H...a....s..J8}Rs.M;{6.).......=........fH..;h..\....K._Z..Z......x..j_.u2Pzm~d$....(5..R...V...@..s...2{..>....B..P.z..@.*.....I....K.....vrC#.C..|cf.P.&...f}.F.x P..0..|I4.....y..@g..l]..Q.g....bh..,.....j..u.B.o......x.%.V..).@.O../6.m.4W.=.<....v[....P.&...%.}..>..=..gR....o-.....i..2)...Z.~....(Hs..h...sM:V.nJ..F;S\......X.!..=0...2. .`S.......^;.E[.F].m..Q..OP.`.C..O...E.M..#MO....(..."DXM.g....y..N.G3...k..Y.)....Y*.U)..D.p..KH..dO..S,...ImK....-.._

                C:\Users\user\Documents\TTCBKWZYOC\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Documents\Vhb1HxH.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.855000900575152
                Encrypted:false
                SSDEEP:24:hKCWXVCQXU435GFvcztt/MFm2GOWvM9F/hC3yyHKs9tBwIZIeVKyw96G2/pgKU2K:IJQQXU48FvcvM82ykvk3Hl9ta9eVKh6a
                MD5:2AC3F0E6A78F37E4AD219E5A49D92A94
                SHA1:F647F7DA92F7F7A180F58C3A07DF470285067352
                SHA-256:462187B7F1A84C8752E2A336451FA759CF2B70931612BB0F9D19C9A759F8CB87
                SHA-512:25F0BAC18551F9BF0BAC4A0FB53FA14F0A15DB7E3972341DCB63397BFB1B8BB33A447BDB88C66BBF9F4B7350E2D41DF9ED46CD8FC8AEA1B574483DC528BE221A
                Malicious:false
                Preview:..O.^/..B.O8."..SD...d...x.....w...jJ.vz.{U/....c#~..........].n....V..nL..E.~.q."Hv..<.......)n8..Wf.Y..).o;.....u.6....Q...a..:.2K..Oaq....N......Z...&q........8Q.IE..<-.M...K.r`...a/...L.&b....s.bde...N ..$,..h..E...\.....X....Fs.T.B.....P.R.YA.'Wy.nx....Z..<.R..:.....M.....Q,.....@.....Z.......>i........k.J{.*.$.I.0#F`R.RD.9.....@c.P.I......$mCT,.D&~..M.5.m....5n...?........6Br..rcd..`>......U..YA.#=V.A.s[$....o.8z!...9{..l..h)....~F.Vha....d(..1.LX.....B.Q..7..t.h.;.....L...R'!8|<...%6...:GS,..Ow....M@.w>....KA..d..&.x......L....vp.E(U.....@...[.....k..F...L....5...!.-u..o.....q......9..W.........S..q...I.....}..G.W..a.C...u&j.f/..&...4.FW1.+...e.....:..V..l..7v.K@$.....c...b.g..k.....o....b......X.8..T....&.....K...X........#...S.;.....K..Y..i`......y<..s...N..#...6...,.b.$....^..W.Gz.{.......$:.+Ga.m.._+L..l.%u.-R.S.-U.....|q..2%...:[.:.{l...$.B.....o....k. .?6.3P|.R.I..Y....T|[.;..FF;-].C|u._.7V.l.....\Iq1.ZN..P.!..,....

                C:\Users\user\Documents\WUTJSCBCFX\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Documents\XZXHAVGRAG\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Documents\XpAISHp.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1269
                Entropy (8bit):7.827558324703763
                Encrypted:false
                SSDEEP:24:139julieRKAqh2QzRXawZNq7MKSJ3CivUazUsFOUkTU2uD:13NCieRKPXzKc3oazbFOWL
                MD5:819106BB8C996E4390F0F49C80772AE0
                SHA1:F712BCBB292C9CD388B7FAB811243938E54302E3
                SHA-256:7FF61D8DEFC757CC7B4D9D9BBCBA7BB1FC978DFBC4FA12DE3CD274D01A631199
                SHA-512:BBE4F6D90A9C094FA127135D2D2FDEB10CBDEEB8CE20B5BE4C1663625EF16F53A01C3AE1868067FCFB2062562257394062B935069F515E265C5BE58987725B95
                Malicious:false
                Preview:.n.?U..X..V&.Uj....R:o.W.#..,.hd.uF........r..&...W&Oj.....*....lO..a.J...@mP........]L..w.H....J.....H.=...J..O..kN...q......=.n\..d..A>..'I...4..@..9..4....Ok..M..s.!f;.r..F.'..w./..blo..9I.qq..#.....Z......:.;..a.k......i.....L_...0.L@x>......?..}{.&..1.A!Z..T.Mt..R1.k`...i.....50...!/........`.:b.......B..tMeS..B..G.L$~.....i_..6....F.cBe..L.o.!.:.2pS=...R.#.\...O..S4...'...R.rxZk.U...`.?Y.-..<...k_sQ..pY.b..wfk..V.d.0.Y-p.6. &y..u..'.G4|.$7N..03h.Ms...P9.w.-H..V......}.rh....@A....g4.p.\.Qn.,C..D..j....Fxy.j.8.~R.[..hw..i....=.>.y....... )B......Z#.......5.....<..Q.*.5..b$5.U.....S_..V....Q.:...9.@.....G.......I..B..r..@Wt........r.*.u..S>Y..(.J.....d...._..v...W).B.2.x.cq...-....s.-.*....j......0._.b.....z.XAA..lX..W...fB.MQ..A{....?.q.K=D&!......LT...m.c.....s$.^...2..3q.g....w.....J.M.S.v.~.'.....=p]....*...f.ZbZ...=.h.;N....=...#.e...9...&L....X..G.6...o.....#.2...k.?!$;.(N.t..a.......R..7..L].l....f...H..:`.e..f...V+.\....qf.....

                C:\Users\user\Documents\YzlH2Bh.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.86992070567633
                Encrypted:false
                SSDEEP:24:QETLPs2xaNY7d87OCVbYWSkyRc5mybyapGQXYi7PoQ9I+a9uU2uD:QEvs2QNYqOCV8WSTumyuapBPPb95AL
                MD5:9CCFA95AAC367142A049BB63032E0719
                SHA1:B73DBC0562AC0EFD4CED5539062B1E1506FEE7C4
                SHA-256:A9090D764E9F52FA5B2A9DA459E5B93C06673691ACE2DFD3F5EAC046365C5E39
                SHA-512:2E10BDBCBB96700E3A9F24DC2A0BA304D3EF2BFD9FF7EFAB7463D870EE109CCBE4CAF57F74C17175F917D4E931208E66F913F33F18BB615E8E0884E55A16B106
                Malicious:false
                Preview:D.Q$..~.......[.p$ .1....2@1Z.(...."o...`&u<o....e.r.. .L-l.}...q.........&.{..%mp...Xy.....\....1.lS./9...|..>.T.8....1......m...y.w..Y..*`.l.,.K*.t@.2?.ff...'....|.[..>..`.a...[...k_2.o.<.E@...L..y..t./u..R.g..T.q.sMC^..,&.{HY....R..Oy.......R.?.....B..Z.....E]..._."7....2J`|.$....Si......?..g...P..q......:xC...*X.x.......:Q)Da..~.^^.Q U..o.;....".m...2..e..ae..`m........y..`.7V.....E[.h>h}5S.B...EA^D.!..R..mN.G.8.=`.BP..k(w.T+.........o.."....y...PyW/7...{..)jd.E.f/.vx6.\.?.........|.t......2.c...xs.*..B.].......6=...P.......nw..9.D...,.S.<.g......!...g..F.....2..:...6...}$1.u.%rK.o.A\.O....K{.. .l.D.....W..c`...O+.$.,ds%Hy....qm..K.F.a\ta.'....'Ur..K..SG.fZ.oI-.-O.K..S...5..7%@6...F..^....c..K.4G(....=....#c..^.H....#k]..9.....J.[..7...3.?.Ud........h'.O.......U...~...n.]..J3.1.V......7J......tya.+..{..........c'..Z..C..r..9...p..I%.Z..g...}....=....U..0.f....&...Q.4E....V..b..0..X.#m.....h.......V.p..)/6.-.N.b...:...D..90"....

                C:\Users\user\Documents\cV8tgSe.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1272
                Entropy (8bit):7.840057741165425
                Encrypted:false
                SSDEEP:24:4myXL4kw93UNJwNmRSk5vRs6OkHxj84ZWZujvDo9DoZaBLv3U2uD:s74keUNGNvk59PI5L4L
                MD5:066755E3741DF6036C13BCDCF92181DF
                SHA1:1DED53B8BE2C7F9A9AF20F37C56DB630FEDEDDC8
                SHA-256:33361083B6C3DB5647DE4F5B30F3288975159AB7A4BAD4141220BC5DE5880B30
                SHA-512:957C764CA401EA384A1794BE8F1CA7E7346A777FF21C41508CD3D42E5AD026C3F7EF20A69B8D7527DCDD2219380AC80ABD8456EBB71C8E6432222476C3DA898D
                Malicious:false
                Preview:.z4...E........L.s.......w...S...jv....7.p)G.A.\..)|?.8.)3tMe.....Q.3..?=.q.&..._u..4H..8...,...; v%{..bi.....a.}....e.....v.?.6.D.jF....l.l...75.L..A...].3.1..!.2.0d.......<......L...X1..6...j..X... ....Q<......G....M..l.ev"tcx...Z..8..=\...mlw.?.K...'.8.?..q\a.;../..;..3..T..........TS.P...2.:..\...sXY.z.... ZrC...l..<..yO..<....ck...M):.d..V.~...%=.q.%,.8...3.........i..S.W.rN.e..Th3?...]B']..o.2........#............XX....2.....v....(/j....|..%..&H."..._.....$....T...,....f.+..Y.*..<;"l....O..q.`z|.{.G..F...F.~z.%s*.............9K....$V<D6X+E.....C'.Y..n.&.N.F..*..4.P}j...f..".,.[F.9..5.3^...9.......qm..A.O.6".+.:w..R.....`wj.Y...W_I.%S....._8P....K..CT?r........,..ZCuG...n.l.o..>...>.q.*T....=D....(*AS-;]..^k.D...Ps..C^.Gs....,.].....\.Sm.p...%..#....9nD..ZJ.;kw_..8o...................)6B.^.\.m...p4.....rC..%-<#..J.5.*|~.[..(...s.. ......./.t.j...k.k.*Y.#...6c....4E.!.\ig?...pOB.k.A^.A..oc..~....-kK.....6.-.`s..z.@M.E.=]....8.J_. .

                C:\Users\user\Documents\cX90kcb.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1272
                Entropy (8bit):7.844438973316698
                Encrypted:false
                SSDEEP:24:dvGzcqXB/oJ0Bpw+EU3GJyqSrRUI5XUm9pCekowsAh4Ea2U2uD:dmBw2wSo4UQqAHAhSL
                MD5:F593B4DCE6438E2D2D0512C3DAFF53A0
                SHA1:5B32E57B15301B963EB4BA82A358D33E5A75FBD6
                SHA-256:C6382DF1FCEB552BEE9D557789B1B2AAD272B9127F1D3071BA9F62E3C23A8FEB
                SHA-512:142F85F2190609EF1379DF114B3DD921B2C98E995C9998E929820D7C63A9472859AEDD51FD96589BA5A38295249C80546CE0BC09E923ECF9E2384EB56FD30BBD
                Malicious:false
                Preview:?t...^...$.F....z..m?..^T.T.rO..T&.R...{.:Yt.8.g..hPd 3h.] ......*.d..;!3.h.J..@'..v....b.$;Ae.$f.X>......Z..E.j..h...B.."..'.W.tI.S.t.XQ-..7GI.a......./-.Ze.T..."S...4e"#R:.I...:..r.e....#6o......7....L6LUk....2.$7...).D#A...K.u..A.R#.....P..r........d.n..7.h..X.M.:..C>.~.+W.H..zSW.se.d.E.W.@ .6c....3:I...ik.Z.T.C.&.`.. 2..Z~.....)..LR....P.....X.*..U...x.....=..F.S...B.TA..Rk.~o_.kn.....C.u...".0.DE.......?1..i;.\*.{..yY.e;X......&.`..Y.Q..a....@....n.^*.k....>...aaK...3.....~.Ce....Wb.d.3>v..5..2...I..e....5<....!9..2.. ..z..c^.e.A.?..K.W..L..^..z...4.3..S...b.$Q..r....".:+...+.......`W..sGA+.+..f...b)zk`.|(Q...B.M."...y...eQ~...5v.`..{..r....s..~..5.N..`,...K..F..va.{P....Z..$......V,Pf.[.s`.]wf.3.Q}x....&..~...3&.6....x71~..#..>C....A.[....."('.A....H..=.c}.M[.,........-.].R.q...4.......H..^.3....>.\;.T....(..A..:.~!..v...5..M......O..$.2..7..e|..q?x9.<.....99e....p.......jd..>.>.Y2...L3.....H.C...%...x.......+....5Z^.q....M......G.

                C:\Users\user\Documents\f4J9Icr.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:OpenPGP Secret Key
                Category:dropped
                Size (bytes):1271
                Entropy (8bit):7.845728047318096
                Encrypted:false
                SSDEEP:24:sLmCxTBqSexdkpXVM9TKM46SoYvlAqRApERIy1E1sx2i7C88SlU2uD:sLhwLgFMMvvvTRApERIy1htCSKL
                MD5:F7A52A4BEABA4ED2F31AF6442DE8DF8E
                SHA1:D554DA0730E6642BC19F98EDC7E085F66BCA94DA
                SHA-256:BD6DC8C5A790FC6D3E3EC4C45A60395A7F69D4824AC13C7E61499BFC3BCD6E90
                SHA-512:EDB8DCD755814E96FCE9EC6D55A8D350A0F3B4662923E67DC13979393EABC97A5797B6158F1265634347639E97283C6FCFBF76315E60DCA42283ADCC65B169C9
                Malicious:false
                Preview:....o..r.3.j...k.j.(l?....}VO......./..h1G........~.u9.;..#.IN.I...6.7.Q...T.....h.z..F..........v..+=Nf....r....p#...i4{.3.'....Xg..o...Q.....!..~..{P!z.b~...,....JpA......%...R....9..a...2U|*4...m67,...4|....,.....`.]..eR.tQ0.qIR.h..~.."...K........2...R.!5(a..w....7........|...z.p-..r^.~..L.2.c.R..#...lo(..=. ..Wxy.,.$.Z(.1q&.lG..8w...c;.A..KT:... u..UGO....S.Z'.ln...<,..2...h.....U"|..n"......n.....\d......7I~OwM k...-$84..."d..AUt.....xq.-...F.Lu..99,..r......|..z...9?.....?.k..fN..V.......Y.c.yie.#.N-R...D.w....{..Rl......X<..M(.I..p.9.PU.$..g ..|...Fr....>Y0...%...s....;T.tk.0}...zntYp<y.a.$..v.;.AH....Mo+...=.f......?.0.o.0.8guh....\.V.|...1..G;..O...W .v....U.Y)q.&._.b.|...uuL..v..9...U.4..Q.J.?.....u.+...-.. ..>.@(....}S..W&.Q..??.u....]I.'\.*!....-..G.......i.....;..y...p.L..$'...9[y..R.9...g.V.!.*....l..&.oG../I..d.)...._*..."...d.]:.....X...x.HE:..p....&J...3.....x...t.7,=j...8..;..ds..._.cq...L..I<y..1Co.*.E_.

                C:\Users\user\Documents\imiUL5g.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.84602945803654
                Encrypted:false
                SSDEEP:24:CBG0CjqEbJKIeDQUsMN0Yk8AabcLX4n2KsqbUs5U2uD:aG9jbkjMwK29sqQsOL
                MD5:F9D9886E7A929AE1B1C820780D759CF8
                SHA1:7E9E4D0F68CCDCCB1A7D446289DA2563475B93DE
                SHA-256:EB5EDE3413B539BAA52350EDB2FBEBD9AD4FCE9DEF6C1527A4759FA1E26AFCB4
                SHA-512:8BA6B412D919A96780B3AA02A9B6241FEBB5826AED3A80E125AE366D0908E4DFCC3BAF54E405F27975DC04428F7A1AA907C3BCB3FBD98F831E400E05318B3B8A
                Malicious:false
                Preview:-6V....ne...]jZ..!.IWoQN...Y....y..z.....C.M..$YE.}J.#.dL8..Dw^..H.......:.PA...{..!.&..[w......{.}..K;^...zoW....p..*..X.z..V.hz.....r'.5...,.r.rS4.q2..y...'+bM....\..G5...1y}.u.../!.D............g.@sJ..o.]."......N...Jy...k.r..&5..T..Q1.u...=....V...SE..<..+.j...lBlCH..E5..q4..6..t..Q&.]...=d..;.t..5...JTqgQ.j.u....V...X..{.3....n..PF.^.U.8....=..s1U.+.....}..B........Fh.*...U..."...q....r......E..5.c..c..$..f..].D....k'.......rUxI.dA...M_.$.Z.DuG.W....<V....O.2...R.....!.z.k].1...".r)...H.....j.Ln/(.g......&E.."CHz....../e.....!..._..9.e...l....U.H.......wM.va...d2....N:%>..;.xR.1.~\..5jj....e....BB.vy.F...o,J.ww.....bq3.....J.98..b._...E3....3C%.....u...$.Fn.wa...E.6..Oi.R.9b8.;'..tF3.. !].Q.b~.........<.\BZY.c."w.N#..rk%.&./...*g..H..U..K.l.....U`...p.7.B4<.._..+..h..8.cv..7R.m.....]uL....[.v..y../....R.M5..k..o\....;X.....;.|.E.$...QpF*..(....jp.U...h...a.e...v./&.4<..;X5...iA.N....a..,......|g.S..;,m}.N<>I.p#D...LY_..&...x...). 0.Y.

                C:\Users\user\Documents\mTPgh7c.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.8450740477761265
                Encrypted:false
                SSDEEP:24:y5Nq/TRkxal7x6W0iNwkVMvdvD1+rUTGD3wPMtMFNBXSaJNdDqUFcU2uD:yy/P5KF1SLP8SLIL
                MD5:5336843CA0B8761C763F0AB2514D9DD4
                SHA1:815B93BAC845E94125219092082A700D2DBAF554
                SHA-256:013A4F29A84ABB0C1A7ADEF60B4500DEFD027FBC649237E7654EE9C0B03429B4
                SHA-512:04B0D5B857A0EAA55D516CB76B5E172853441F27CBAA52B0F6930685D1683D3A275912AC7C3B551147524BF18A4EF384288ED95F0A04D5370673CC13BEED856B
                Malicious:false
                Preview:.i..(>.......T..H..1...5...1..h.x.0.2..aF....e..#........*|..u.....uz....=..E.......]Q,...N^Dy..Q..<.V._....{...Ewm#..W...3.Ttf..;I.uI:...:dx.3...Mv.D.......X....>..w...}..D.l......E.e.6....u....j.]Z.2............V.Y5..S.s..H|#....Sp..&.5by.+8x....8Xl..<&..5..+...Q^..f>d](...?....4L.....P...5....I.b....\{.'.%~k.0.....!...j....m..,...I...M.[...f..9.A.r.k,...q.Y..~....fD'`..7KR....). 0G `G..y~;&FE..A.j.f.o.{....1K.G..9n%.vvm..7--.H...-.JS.....&.%.9....n......yx.....O....C537..7_t+6sK.. .....$*...v.1.. ~...........H..eO.j.."...<......z.%..H.D}..Q...O.n.t.Mj/.9....O..7.Rj.....8@...y....Y......*d..h...B.KG......'.....V>.*....X......~.9 .O.a.A..x."$.uo./.A`.T3.'yc..k#s%P...W....K.H.=u.H.q.Si.HX^.75tq.;C>e.H.bjh*.6.f .th"...P...I.1......Mad...Q.U..*.yn.2.C...{]C...v...-..sSLj.."..N..as..D.-...._X..MW...l...n.-kP.JI..k-.=.Wf)WY.g[...0..?.\.m..9.T.<..d.}.N...|............``.[...\.M.. .k....)...d.L...l6..?....Q0..z/..I#%........Fn"...w`.Y....o*.X..

                C:\Users\user\Documents\o0474Ki.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1273
                Entropy (8bit):7.864922237111584
                Encrypted:false
                SSDEEP:24:3raFn38fxwrpUn+ixYTcUJqlsoFaorEgXURBS2hrF734+/dkVWT7hiCuQFW4U2uD:be386m+zTcUJEsoFaoQ7JJ7dkNQFWXL
                MD5:7C758CF3F1B9C0AD701CB9902100C282
                SHA1:EAB3FA1A3E66AE9FAE53F1E1F726B96C455BEEFD
                SHA-256:6965BE69FE223E2015C1F4E353E2767C7111DB932FBC7A5523D03A87867A98B3
                SHA-512:D638914DA52ECA489B2CF112BE80940E7B608C3F32C6CD898060C6959119A92EB679955E341669C7F48E16FC789550F3C504FAADD456605CEA32BCEDC45E2875
                Malicious:false
                Preview:6...{kS.^a.,.E*........CO... ..I....z%..(.~..{.+,:Z.G....Z...a.:...7....].J...P..2:...Z..g+.F..!.8.....D-:....+ $E..<.f.6\.I:N.0$j...z....=..^.....#U.'..N.VR1.c.[O.$..m.-.Y5W.;l[.....{...uN......@.t.T....W;D...k.<...Z......O...V..r.K&R'....!c`.8..R8SEu..o..lc^h..S...`N.._.i"...a4.....R..]*.*.....?^}......;..qz.].TY_>..C.,....,....6..&,Ji.*Ki..D.......D.....G1)1..N.X4.$..P..F......`j..f..nJH0..1.../.>...g...O...6..nn.9......f..9.....r..............z.@..O.S*.._b......u....!........c.R~...4...i.:...0...6C..'mgE....w.h6....w....T.h.b;...S.X.Q.A.....;Z....m.!.k..K.......K.,>.Te.@L.k.)....8........eJ....Nx...H.b..U.%..L._.L..)J......H"5.w....G.}b...e..s..>..zd!.f.............T..1..|. NZ...Ex3.L.cP.b.8.f....jso..X..pi..1.=.=z...........MQ.1^cf.G.O....B].....J-.h.....,..XM..A.........d.B*./.4...q.q.,.Y...E;...]...Ef....iW.z;...........<..,.@....Y./6Xo(.......J..Yby.....*..r...\.w.Z.e....tM}...Oi..~Sw~..u.m.I.!W..%....E.W`n.-.JH.>T.........Oj.i..z.w0.......d.;

                C:\Users\user\Documents\ouRa8Yo.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.847229538889347
                Encrypted:false
                SSDEEP:24:827WpNJc7SKekEsXfOVZ/8QA27FnDZT8RN8vc+xFrTLgDjz4r6LJU2uD:8fpwDek3mVZ38R89xV2ziL
                MD5:369FCC85EAC3D71F3619F0D9393D53F9
                SHA1:2BF138C8D2EAC15F1BE042D82CF29FA2A624BFCF
                SHA-256:2C814FE52ABDEFA0564607C9933D44220B1AD879DB88F93339CC78CD2943FC61
                SHA-512:9DDF5E0201145DC089A004EB10527A52F40687BDD4BA0859F3D6EAB9303A84370D278BD5D9A6745828E9FC8144EC261D28CB5ECB3F866B380697DD1CD6C11D7A
                Malicious:false
                Preview:.i.`...G.S.....CK.4K..._....G.n.3.s.....<.~......L%gS......]4OL....g..t...Ov.k......[._.UL...VW...h.....lFE..iw.T$....V..^>~.....v5%i.h.......U.U`..F]..U2....h. p ...v1>.\....5.. .v..*..Kw...B...j.U.].3M.....W.......T.....=%I[A......4.F....~.*..r..)...S.)X..V...}.fX3.b.(F.....!..xe.H....]@7....%..*.....[....q`...a.if.o...A)Owh@lH..-a....n..h.p8.<>K.K..)..p.LL.W..rve..E3X.+\.M.xz.2...a>..86...4.&I...#.XI...{9z_sk..{.}...U.(.;.o.uu...,.c".5..Nio....u..#B......p..D...../.......wE.....]...Z..GD.:.^.3...$~jR.....*!"....+At..."...$.9.\[{.N.=Lt.my.y......7..fD.pQ&..!..3.OT(;..~R....$.c...Q0/A.b..Z..H..0.*....E.*...8L..9.TRW>.....k.v.Rq.o..P5.z._6so...bY.c....^Z..3..u.U.Vp........~qB....0vq.b...^lg.|.....5..<-....}........x.K;..<.6@....G.+a....c.$...Z.....}.....Z.2.@..H,.~...8....3l.)....H_.;,..yj....f..1..I.6...e.u..dZ..6}=..p.1....F.....A.-Hn*.........|.KN0_X..`.@.......~.l....i.n.._.....cl(.>.3D..?..{.....tYZ.".6.....D_..j].M.C.....oF.<.kl

                C:\Users\user\Documents\qHIF4hz.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1273
                Entropy (8bit):7.861686175881721
                Encrypted:false
                SSDEEP:24:IXuw2sz6tHdWgPfm6MgFabs0K5I80t1iY4RiH09MW8Nw4c4U2uD:/szWVHgBbsNHO1iY4oH0KnCL
                MD5:BA61DDD7DC5917DA52DABF3C0A55D025
                SHA1:E45D2090D7B90A16C8DC93DD17D3DDB0D06708FD
                SHA-256:4CB76E702404009D26087146F5ED8E279999995CB8009736140225D36CFC15D7
                SHA-512:2E1A3D98F121CECB45E6C79F22E464D750DA6AC83FD9A02EF724391981A701D0AC402981666DE7E68644A75FD85584A35CFDE35E5D7D611435F4EC02738CE23A
                Malicious:false
                Preview:......%eI*.j ....P|...ZA.uv..|P{. pp.......F.Ft.w.N..=.L,[... .cP|.Y.It..,..8.HB+.75...|..p;........d.^...p*.8,L..s...t-...L1r.V.]O.a......99....`r...UC..-..c.Yy......I...>...G.(.%...P-.....I.m&....p.:.*:...+.@'...0..}....v.LW.../..k\.....<.%=..02....sQO.t[#.).......p.o..........Y........_............j...i..5......2...%v.").9kW7._iW..../...q.e2V..lSB.t...(t....B5..'....~.4..+..@.'..|...~... ....!&..<NC....E....._...p.X.i.Iy../0....O......)e<#`....M...lX?...T........I.+c/.X..:.wj.0_b9`.j.....#mN.9:........;..D...|.9.....].Z..p.[_<.5.>E...[GE.H..0[...a..0..2.~..J...l.Vb.....r.........V0..q`......'.7.*.v.........O.....b.....*.<..{C..D.QSL.|U.h........!.....6*H......j...v..K..y<h.1.;N..t...U.....tkD.=.%:.kLS!.....$.z..T..3..G.. ...h.%o..pm...QR-a......&...."Hs.Dpo.+.x.\n..].E].......g..iIJ5...epq...q...x.....4.Z..8~i.z....0n.R-...Q..A.{.^z.....e....w.~...BI4QzJ?.6..4..%..Hz........3.........=8...0....Y.T.QSa...t4..=...(.@.h.`-.5...V.=.

                C:\Users\user\Documents\rGoDpgC.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.8529242933821815
                Encrypted:false
                SSDEEP:24:MSmPPWyA02YeG1wnUzZ7AxjeaN1bk5s9OjtC3/r1qOLq8tHy0uVb23xdVU2uD:MbP+yyswcgPSJJwEOLq8tHy0uVbTL
                MD5:5B85147B42883A5CF8EDC032C5C1DFFB
                SHA1:D47BB643D6D6187231F61ED0ABEBCEBE69818463
                SHA-256:07ECA565D11F3EE01EDFD334222F6078378941529CF3CE3889D4F3B58D3A42AC
                SHA-512:FA20EC72A2F08F45F29E5CE013796C4C6A1961A8C266DA94CA37EC804A168400D2EE443956EB4AC1C8902BF3FE89461A15DC2B780A4273E480C478AC29E0F9DC
                Malicious:false
                Preview:mH...6.D.a:N...'.?.$b .uu.e. ...nP.>..pk....L..U....1.\T.d.$_@.._I%....!.f.;...J?r......Ct^..e.A...)U.....[!.:#...o.g...u.s?..3...'7...c....@1%.7...s...._k.x.z.TF.@.\...,T..,8.ELA.!r...P....V..^...}P.#.k..Y.....nxH..9d..Nk&......h.g;'...k.$...i...H.4U..$.B9...M:...^..b.K<.6..h...h...At ......Y.!..mu%.bBP.....N.Fo..f...Up.zj....>...e."... ..v....`.......%o.^r.vD.'|...[....=.....w.-.R..o=u.8..D.....'....\....).......<.h:am&.....;..}...o..L. Vq.M.... .....*...@..."..$.P5.u!.......hK%Q.8.U..qP........g?.._|-.q@..1........x&.n.....R.jCI.......y#v.....y.....*../'..Q..n'..U..[..T3@)."."2Ar..G.~...KZ..U.C...0...G.x;.?...~o....O.e..9..W.0..g.....t...y.&...M.n...|...(.aI`.>G......@N....z..1!.MQa..nj...-.....Xg...@.%V..R^f...........4.iH.n....u.C......;..... A.jUV.... .L.n.s..8.UM......%pL!8c`9.?ya.VX.y.B..Q..(...b....<..'I.|.3.y/-2s....r....O..#f..Y.....[..H..Mp.FU..3....j.}.)n.w...;.5...{.+.Lhnm(a ...h..=.K...vD2......GW.I<...5.PJ

                C:\Users\user\Documents\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Documents\wwilRqV.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1273
                Entropy (8bit):7.852230805722264
                Encrypted:false
                SSDEEP:24:iEmcXHUbtjFLnjbL4h7hkLOT4u9lPQQ8SJo6inCz3oaRU2uD:iEAh9L4Hag44o/nuZmL
                MD5:D7B13B5342023300749783985A053D42
                SHA1:A0EEE571A279E6FF12ED038F7DEB5258C51CC453
                SHA-256:DDCE666978B4AD26813B7BE246BCFB81C02FA3593B3957AD55FDA25F16DABA49
                SHA-512:E5A0ACE93544D0129827D99D5C353823EE0F4D8D7274F42B4C1DFC871DC1C3AD0F321ECE94C2A600047726F5126EB5CE65FE86AE44AD6305587E77F76BF72E09
                Malicious:false
                Preview:<MG.O...h.....f8..w.~Ra.h....MK..6..]..1...Q....g.*\.,..Z..Q1.../...>..X....1.-..'.[V...../>0..F.m......{..Q....%.+6..3.G`R..(.f<N.x..>t...(.l...B. .3+.Y".\,~..n...[.6.......xS.B!.H...dyW.1\.W...>.G...(\^m..W>...6...^u./...........we.?.[.O...z.!k.L......(.m....T.7..U=..LN.!.....[.X>.n...U....;..:...I^.SW..F.&.b...Y~lo.z.@..<....9.U.}......l..Z5..Qu\"K.&d.u.@.. .........I..p..ei..9g.<.P..zR.N.....Q.a..&.N....Fy".(.W..V...F.N..~.,..z.wV.l...8..h.U..YA.)...5j.@.C..i.....@..n.Q. .w..L.......,...i....>..Y.#M...7.#.o.mQ.mt.........u....,.^_R[k..]..o.DY.@.....@.G......*.......m.Cx4b.b.%R._,. ..x........{.\QG.:l~...3..,%.....V.j.V.8.-.Y_.}2.....ZG.LW).b...8.8J:>.Z./..k>....([.....c..'2.f.&]...YL..c...,..,eX.z.)..".x.....<9...B..D.?...E..p......r}.|.._"..x.D...V...X...t..I&\./<..&-..kd(N...6(7.L......T7hAd.gU.j.e..%T........_.?....%eq..)9......0.:...........b......5..y.st...]...T...5.}..a..T.. ..3....a.s.o...0).;. 8..1.T..u5.n.t.B.tDy.>...j..9..+..

                C:\Users\user\Documents\zFjpMpR.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1269
                Entropy (8bit):7.850016950175674
                Encrypted:false
                SSDEEP:24:Gh6Fie1vbeIYHFnhQQJdHjcW54mEF4QwZ/u8JCUfpObH4vrU2uD:GKdwZCQJdHj1Y8tuiCYObH2oL
                MD5:FBE580C3B6E39FEEADE1AD1B4BCD24FC
                SHA1:83DA7901FCE0A5221505FE1F56F7EC72E1797D13
                SHA-256:56A1D468AA31A12BD14141C727930EF19B97C433673781E5814EA295044FAF6B
                SHA-512:590C725CE15D76A68B06AECBAD3F01A132DE13365EC5E4BC4642447D8D52F4401417693FF514BD28BB06ED7B3464307F35DBD46271F581E61475ED1C133D399B
                Malicious:false
                Preview: F.bY.\..........H9..N..$.b.p.L..r[U..K.N...#..2v..R.r.LG~.q......F.MF.0..n_..rx...C9.S..&E..(..d@U.-Cn..0.f......1....Lfp}G7RtW\.0.%.;..T.~Q...[Y.4.f.Q&5...w/....\.*.L....6K8......b..nEA.P/......}.D.....".]...Je.`..{i...>......q.@i..A=~.;.4.\.j.(.K=...P...61e]B...n..h*..D\.*..U....t....r.=?.G.....&!.*.....!_.X."}.O..."...DSST........6..../.a...V/...r..l..!6..Qy.M.K.|...a...F.......9o.S..`...7=s.1..b..p..y...F R...k2..Q4o!.`.....sl.i....E....8)?..[.....wYYTH.&>......&..T..Yez.\.0..)[IU..w....I.i..V.....B..K..|I..5*..pF(..<..Ov...?....*sD...6.n.C..GV.....{Yy.2.\..b\T.8.J..D.uV..&.T>..W.~(...]....J....t..+./..-!......,..0..Q.{l@..Y..~.'..HR.P{..c.E.b.t.*.y.|..C....Y._).6.E.\N...u.t.g..".. ..%..^.f.*.......{.;...;.......t..-.i...e..N.I.4a.}.......F.i..Y.A3e.Vv.~......{f..6..I...8.M..y..+^#.g.......T...`.Y[.lO.3../z......N.M.A4D.5..AG5^I....*...$..RJ.(.f........_KvR."K.m._.H.=|... .MM..,8....<....._...=..*..@.",....9v...uy...6../ %.".@X...]y[K.

                C:\Users\user\Downloads\0SIQcjh.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1271
                Entropy (8bit):7.855188781410302
                Encrypted:false
                SSDEEP:24:XzvHMTRvaNhtBKO2Rf24vdjt1J2kQwD+YLIe7L9gJv2U2uD:XzfMdihKZVFjtikQSkj9L
                MD5:E8656AA2566682C9F1828AB175ED890C
                SHA1:EC862A031FC45DBE49137D8C20F9FFD97652C237
                SHA-256:D42A10637CE64CEE92A82EADEBA7A3FBFF298933DCDEA05E3A63D2C1FC099C36
                SHA-512:6B9D1CECF028379328DCDE0EA371FAF42F361C9CFFD2FBF4F654EAACECAF60A3618327AA42070406647553382FCE11034917D5257C95576BFFA38BA847B464EE
                Malicious:false
                Preview:.3.f|"..N.\.-.ig..#&(....HW.....^.%%s...i......h..../...n..c...=.(.....l.:.D._..:&...PGu(Fa......V....'?.>>..%!.......Y1.....>.C..w....f............-..qk....F..P........RX...a.:5.4)..>T..;.....f.......[........(..X.......H.H4...ew..ko... F..j.0.`.....*..Wp_....ce..'"..lh..5... .Tbg!..R..i.UG.).... ..V.../Rf....>..$L>....s.h>...<U.......p.%.o3.h.Q.~v.Z..v..W.....W.....1.|D..._>..a.....m{..zc...........eA..}..+.wv.B....#....Xj..q)'*.*.........<K.....Ic.ON......V}..i..lJ...Qx....L{...7=.'..a.J....DRu..Q\.T..u..s.Y-&..4.:.R........./...d).Z...7qm.e4<,..Li..=.......>..d.MU. ..uug.H...uk.j.AF.E.-...........F%.\p.e:..C][....~3...=3.L.Y.NZ..d....x.QAQu.`.?..2.l ?'H....I...[...e.11h.W\..1....D8.;.....I&.;..{..4...A..T.Cn...@...........<.!.=..R2.n..6.y.......n6..r.!.. .\-B....Yl..,..#.....M.K=..Yd}#........a?.U.........\.......5..Z]+.......g7;.G...1......E.}T...VL.F.H...Us.......%.. ..d......._.^...g.H.+z3.c.E....^.<.5...._..g.".....#.Vzf..f"*.

                C:\Users\user\Downloads\0ycwPQ6.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.858608922366517
                Encrypted:false
                SSDEEP:24:aASoULuzSfIIoZovXWE4JJjji3RTXKTNPstwsJTwSeqrVCCeTttOsHsXU2uD:aow0SQLZWXWEsJjjS9aTN0eIBrVklL
                MD5:364B1920150344DDD37E4F9631DBBD1A
                SHA1:D30F1F99F30539D1B887786FE3E370BF9E8C3CD7
                SHA-256:908EE9267E59B71B48141FAF4AEEB0DE2D5744176F402D263BA3F4D25BF1D836
                SHA-512:E1A2F7ABC9EFF6FEF7047A007976FF4691F48497FF80AE7A2E07DFAC951D451A5B6B54EF0ACE6BBAF20FAA4375B5A39BDDBAA2C01A73EFA13864980323B2BABC
                Malicious:false
                Preview:M..@.:.q.s?kJ..+..CQ.t.(..a|..3..B...LP^,.$.h.E..=8.....OGw......B.......K..I.X...1a.L.l..U...0Oj..\y%Z...%..1...B6...A..#....O&....7,.Z.....[........d...7i.V.2.P.`E....^.E.e?.Y.2..D..OL...Y=2.r0...O..Er%......d..._...i.k.l...i....q.....^%5..........<...>......F.>.:..&Y..._G....m........#y.,....!.fQ|.0....6.3z..1.U...}NX{!A..Q6.....G-...-.G.u.u.Q...".J....M....8._..@..VlS...S.4..Y..PA....k.F..wK..t.I..yT.x?d..L...N/....Cg......&.L.8...I...>.f.x...c..i.\..K..:.....-~I...........XHe....\\a....Y|G..zi$...|.[..)..;I.X..U ......'.Mqn.....-..BI6..?S..gC....^+u.D.t....[.Q'......^iJOX~K..<j%M...5..F.../c.2.{......Es..r V.Y ..3...v..g.UN...o.y......1.A.{i.c3.#...&Ri..\...3~...G..U..yd.+O...I.+_kx;TpU~....<....7VPg......(,...d./..%..)./.X..@.D.]. .Sm.....t.k.....Z.YS..m..0..F..!...Ga.7....d..(C....ve........r~..&.n..._.4.[.`$K.+{v....|M.K.w....>.q...2T..t.n.}...f.....&6....g...b..\...."..S...{..?.i...u..w..O...d......D....+......Z......G.iWd....

                C:\Users\user\Downloads\3NiwJMY.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1272
                Entropy (8bit):7.853347734617999
                Encrypted:false
                SSDEEP:24:y2WvkarVnXlAjjH3l8lUZDiG6UK4xg+rT6xrFnpbQ4ziKiTCxFFaU2uD:lWvkapXl2jXlDZD96UJgi699mA/cAFrL
                MD5:BF8BAE5EDC0C3D194A5591824C06630A
                SHA1:B0A35007C7AA7D12622F5AD101C40D6258719767
                SHA-256:E07A792AA0A3953C2EE97E29A09D5E66989DEB60446EF5CB343077C519617CAB
                SHA-512:F93894BAD2A5F88FCDA8C07EB0ADC9B189FD69D41DC2597CCA1A8CA69EF0F88A522FECD9FD8FB1DFB1F9CCA5714EE40D678C64C02D7894B19D0FCD2DD71425E5
                Malicious:false
                Preview:L@\...c..SO`C.`..e...6.K.....2...}...i.E...F.p..>,b.7K..B/. E-...Cj..Ny..~....*V,Q{...Y..o....%.Yi.X.`....f.hu*E.....}r&\..U..Nx...6.....*D...... :.X.3=[..U<.p<q..N...L.zQ....l.......K....-]...lN...G.....8........".B.......y...D..H;1.XF8..253...<..\1.r.<5...Q....H.J.:/.g.Z>..rh~.a...q.E.c.t.V.3.f.-.=e...h..a{)5..n..."s.X.k..A*,....e........X_..<...a.g...$q....H.....*.I.\ .........i..~..8..N....)..*.....l.a.2.8q".^.v,...:....].}.X.j.&.xz....,.4.8.6..\..hX..O.Z..9....KE.o...Hj.^(2.....z....f=..8Y.v..3r}.,.>.^.F.x..s>..U. R#k4.HZ.89..:;.x....d.gl..;E,W...........[{.6#.R0....<G...i..O....!.B.>.w.%r.C.Z..E...u1BK.Z.?.Z..._.N.K......,....o.i............rWs.: .ZR.......O.........R..Z.2~..$3.....8...E..7?.Fe.4.k..9.....Nf..^Ye.d+2vP..[,E6.V.%v..X....&...?.a...0]=*x.h,.0z..<...vI.{-_...&.M5g./..../......G..d..l'....of..P.T.h.V...;B....../...*...'.nRH_xa;..Lm..Y..........=.!?%....Xus.8^..ZHR.cGa...E.gC.x..\5...C$.L)............M?.d..[k..

                C:\Users\user\Downloads\6NFBoql.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.844213442943858
                Encrypted:false
                SSDEEP:24:8r7wnoNB7HVTxE+PW61pi2fQ0ONKppLzLzqTUQgoYJKVtU2uD:YwnoNFVxE+uOpi2/ONKnLW8KgL
                MD5:2AA229FB4243CF0B0045206AF200E52F
                SHA1:1C9EEA79C6BA388C6B6FB9DFD6750CCA3FA6B44F
                SHA-256:FFA0A3E9E206A8B48232EE354535B745FDEFA3021A72E1A2FCD44DC8E994EBE9
                SHA-512:CA1F62BE34EB389BC07ED1A8267FF68C579A92AB2808263BC2838BD49AB160BBABF0357C3CF8BF32D4777BB2AF65692803C210E2E56841545B379265C072D729
                Malicious:false
                Preview:...j..&....U..q.:fQ}.#J.6.?y....o...#....I{Y....0...XH~..0kg...l..!.....wv../?... ..-|.....j.....e.4^..+8...."..Q..?..G..t=...0.wg.L..Ne. ..93?r2....d.._.~o..z.y....n...Z..^...f....z..Z..._...vQ..jv.4|&.L.9g..-.=J......yE.....p.}m...(..+J.'`.#=.......r.g.2..H6...>0a.f..6.............I....K.uk.}6...E...........W</........93.3...1.>...Z.&...Y.b.'...."......b..GO....M.....L<V..}tM...*0.\....zMNYm...qI...5..ZR.".B]..9.*PB..t..rE....."J.$....|..M:.c.......@T.....<.....K..g%.......~V..F.j<..I._p.t.R......*&..JJ|......T..|v..i..J.!.....[...'K.M.r......L.....u.J....ie.....3..n/,..!K.1..A...g.s.k.P.<0$I../.<2O....{5.B...V.p...`'..g.<....F.{...K.\F.dX...2.88.92.p1U...S.............er..?S..WD.i....3..z.....|.....d...q.|Y..G...\?4`N.+...zu.P.V&..,..\d.L0.a...Xs.....w..%?.....f?su...q....K.G ...o..%..,e~QUr..#.TV.._.mz...I..,y..J.?....p........a{.#_...U6c..d.R.......+..O.#mL..`.....a.59....R.....b{z..'/..."......j.k.=:8.-....+.$+.LC.;.,..$...G......

                C:\Users\user\Downloads\ApPUzsk.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1272
                Entropy (8bit):7.8356171056122
                Encrypted:false
                SSDEEP:24:GEU+3ZC8eR1oZPi5ME1PEt2FIqplAMUW8JcQ65cLpSrIMF1O4Eamal7U2uD:O78wyZPiKV8FfPqc9CmWqiL
                MD5:C5CBDE6500BB64420275F4EF1B9416B8
                SHA1:98F6D193386CC95B3A9AD421EC12A34EC6EA0168
                SHA-256:4AB7532E1744E21C9DBFE593A7D10CF08088F5FD71B626A65F0EBDD4EE373E8D
                SHA-512:9B2FC114359069277DD2D8B916EF3C627B4471DC05FA48D56B4804DFBC60BD7DE17E6C813B77B2E8B17273D8B7800CA87A89AC4E1EF3F059FC49AFDB36D5DED0
                Malicious:false
                Preview:U..G*.7..O.....g..s.....kQ....I.....Qk..x...+/.'@(.(...r.q..;3..E.B7.q..o.@....3Ux.a.....v.0_.......8..q!Q..#`T...t....Fs....@6..rz........G..._.9.KT.....a9..{Q...-.......I...WCI......iI.s....=...q..F..T...a..!,....x..b.WI4.W.........R.\.Z......y.w..0&...Z..|P.D..c,...8...........}..U\.Y`. ........y....8.....Jx.dQ.f.....".._#.jA.....5w.!......?.m.oD.....m..}.%....;A.b.3k.....6..w.7V....aY.Q......_:.p!.A...Q..bx....R....81x.X.N..%.i..B..i.aL*.x..`k....7..N.....'G.A...........4..(/N.....2)ar.p..7.]XG......B...y2.nxv\"....Vm.g....}...Iz...A..l....l....p.8.m.L.|.*....r/e.......y...oK.....Z...LV..'e:...e.#.y.........b.d.{_A2m....[&%0)8..Y.U0._7e]..a...TVV....i..E...l...Av....#pM............3.2......DN2W(.s%.8j....l......T.W...$.^+....G2c..)-.wSuqq..Zr'.W......1........i...j.V......V*...1B{.....z*..Q...f.....>....h`......e.3%..sh]S..o....\).}l.g.......4..o..Y.G........}...4F..-!k>'.F.k!.*S.2H.)..Kp.A.!n.T(@$!-........]...Y}C.q.

                C:\Users\user\Downloads\FmIfxz6.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.849213401798816
                Encrypted:false
                SSDEEP:24:NjZmhi1jEXJAhwo8rTiPOn28qPP6d/mfWmsb0ZeJE/rs4fPU2uD:VZmhi6XJUl8rTfnsP5fhsOdEL
                MD5:C551C1BB9A7A954693F3B7A753DDBB11
                SHA1:1D5D8F7B99ED6A5FDDAEA6D2A50BF23C69311392
                SHA-256:EA712F020CDF65D7219B9E44EE5F26EF4709E43B7D40B28614FD049D1890B0B5
                SHA-512:196A98A49A89FC80F5E25B276EB6B950F9CE32E236C04BE3FB7913276FDD4D88F801DAF1BD84305736EDD06F290CC2B3F5CD9D781EC872C95CE5D5F3700076BE
                Malicious:false
                Preview:.%E..._.'..!.l2<.hB....T<.....c...-.$.c...4.6.sq.p`....ic.u.G).....R{8.V..E..l.......f...L!>..A.....,..e....a..k.....O.>R.....;."ko.[.....)`M...C.uD4.....?.....Vaz...Y5x..i......O.?..........#<..L..X.X....,.0..=Ot..k2.2T..-........<2...Q6{....a...PN.qh.......!;.....`Uu............>....^!F...pt.....8e.....+.?....,..2B...'.{.T*.(...4.2n...'cG...........^B.St....D.w&/gb.R........1.YB.q.WM_0.;..k...av&........N(Gy..=..?....P..^j`..=..d)._..~...k........&.^WR......z.m...A.s..w...>#..vI....@t..K]*[.0.?x..W.l...(r..:...{..Zi..$..v...4..r."....d.Xf.w..J...Q.....'.J...F......j@g..;....T4..X.."..@....{.......;...#.....P_..Q..z....05.(..wKW9...<.......OEA.......j................V..^...u.q..W>@.....=.....2...........-'H......(g..N.\Q.-..z...T...i..|R{O<.;.k...;......^/=+..h..lX.WM.h{W...N....7)Y..5h+p.$..k..<.).H.._..#sK..\..l../...*w....~.......qe......z:N..Q.Y.....e....D..R....}.3..6.\.......N...wi.."vb...g.e... ..|.....&-..K@.[Z.0..M.X...8X......O.H....

                C:\Users\user\Downloads\OjiDDZF.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1269
                Entropy (8bit):7.863976625297474
                Encrypted:false
                SSDEEP:24:90+pXsS/3xApYuachcZs1oG7B5VOdMBEyai5DwiOyy7UsFhIU2uD:90C1/3GpBIsFB5VOKBEy/5POywbFBL
                MD5:44B6598FB1F57CF8AB174B9F1994CF1D
                SHA1:4CED1C6BD829D89B4D83D39498FDCC09F2AE8C38
                SHA-256:5B835CEB36A6C38D47FCFB0D62B71C0F53EB31979DD8C1624CCFF3030F5026DA
                SHA-512:BC0BE98F2805C3C9F773A671381FF59F18CDD3BC413676E4C672CF064605935FF067AB7E8DD33CD7B197980CF1DD6E45C9886D4916F3502E12A0BA6122D9B8BF
                Malicious:false
                Preview:.[.R...h..?AW.<M....:l.I..O..!.S)MlV..=ByS.7.$..x.1...4.P@/T.....8.@B...d(P..3........(......^O.\MM....@.A..h_.6d.^.u.(..>.V...d.....4.A.%.,.z&.......=ZnmS.."M.....5?S.....H.g..<Z....L0.2..u..hz..;EkBe.$.d..M}.w.]:...`..k..U...z@...4.......<}.;...J0....`..C..g......#0..W.p...o~C..9..J.N....UT.+6..G..S..6.'......O.Z.a.q+..D....X....h........;u.W.U.\.U|.....MuJ../..=..&.`w..Y..b..~.E.$;.XX-jBf%....F.....iU...}..............f....F..K...7.....Q....%......P.v6U..&..3m...4..>?..,.%|..!.@...`.Z0..w.....|.".gg.42.."3I.._%.\0W.[.F..\:..+..7..WN.s....&:A..*.......u...b..6.R.,...{V.d.........._.5U.\.q_.q......|&).b .8.'c......E..p...g.yc....>..`<S...3.wCY.$5.|iaj.}y.. .N..g..L.~.s...Hw..(j...c...n.NZ.1....|.2....H....../.[..B...kz.5.....z&.{...p.-).f.Ia.....V...E..y.....pH.....9..*..D...h...u.Q.E...@...l..M.W..1...(....o...v.0...G...g.&(....X.@..3#.......eR....,.....A1.@..H..0..s.......5..;.x..p.._.c...%D.....V..`.....:.....}zz...r.)...O.

                C:\Users\user\Downloads\TOlGeqh.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.842365904340975
                Encrypted:false
                SSDEEP:24:MaXoX6KO+Eb2lAwKsybi9TTpuclS0DIdXdhmwXiS2sbLYon01O07sfGIU2uD:eX6yE0Kri9/HFGXdhmu2E8t1/wfGnL
                MD5:C9852BD3482E97361BB7061CFB440A3D
                SHA1:BD7454A8BF2E9BCDC578B071F00CA92F00F98B2D
                SHA-256:FFFD9DECF7F3A62D8391FDB8120BC4C52B4BB4658E8E0FA1B279FC0A8DCDF451
                SHA-512:C85615A4886BC65DA448CEF661AD844CE3E35C4E9A0D4DA6351502ADFBEBB2C88C6D1A71D2E09C6965B2099E06B49005E58B1AF9E9DFF02A893DB73D0F032D7E
                Malicious:false
                Preview:.T...n.\?..uUv.(....^{.d.u...t.@.#.$(.....h.C.:..`..... R.p...^...i..#.S..t..'.m...D.{...K....F...dr...i@>Y_re...\..v.-.~.\..b...r..S.W...s.yD@.$.e.MD-.Z.GP+.Ny]...=.....Te8.t..S|...X.t,.E<..Hq..ou].v..W....{..ZX.A}51..a..Cj ...^&fO.x|K.6v.T...^G!..(?....P'...k.].UpO..]..P......Jf...1........^.j..vS.v...:.c.j...>.t.K.F<K.n...(F\.)Sy,`R...,...+`Sz|.iX.d..*[g.&`Y'...+.V..!b^.3...6ZLF...=&..(...>n.XT..\..3...w..\.g.....t......v..&g.{,.......V.H..H.e..w.......K.. ...n.CM.F...=..}zpj...M..v4.{.^Q.%..........Q.......D...I-.......*&N..C..d.M.3..w.....^..... .Sl.D..0p..fs..[[.8..cad.\,.s6P..!h.O%.....$v<D..a.X.J......x....;bG.T.[..s..P...^.)&.a ..>..C...H........2.r.T..0...a?|.?.>.q8.v.jt.....a~>.2t..{....^.-........B6@}n..>.......4k.M.6..<..i..BN. ..4.k.[u.C..(.=..hsnP.8G...n....g*.e.S|..7..o.....7%..S.....%0..,.s....s>.(.........a.K_...(..46...D_LK'&.96..1M.G....J..$......GF....)......../d.f.=y.....\...".2........U..3..WE...$K.<n.C;.....c..DV...<..

                C:\Users\user\Downloads\TlJiFQs.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1273
                Entropy (8bit):7.837869023763702
                Encrypted:false
                SSDEEP:24:+jGlQelW5QMS4t9P/q1It2RtxP6LueNBStibdoPkFrpzcEmoU2uD:XlQQW5QMb61cQ6Lni2CPCr2fL
                MD5:BC5738E5C4C7FFCAC00A1783E0660BA4
                SHA1:5C76537B172563CA143AA956A87E89E711D8BC88
                SHA-256:3D40958B8DAE5A177B32036DC4546C96B04437B251EC6C3410C88A5BBA09E473
                SHA-512:E5A2CF3C1BF6A10B48D9739C0145FDFBABADA45738E76B772F5DD6FBFE2977F201774FE02A6A7E6CB13D146490F5A0CD2D2AED403E87BAAFD46DB2EA04E137A1
                Malicious:false
                Preview:w..?...8.......q71CY........t'+.Q..\e....q.ZQ_....([.r[0w.=bA.".N.x......1.B....NB.CWN.s...2w.1..4T.F.\..A..!..~...6d...D....2....P.....Ops+D...#..m5ir.......K...<9Z6..wU.....)j..r.(Ha...S.....ji...D..!.d^....Pv{y..0..d....z.....T.U...}q-...=.'~.....b.#.cZf4A.dT.#[S|.V.B........;...S...D.9-....b..,.o.R.....n..."6..97..s.,W...[.r.S...j.s.`.5....O$.C.x.&2X5y.K.T....I.#e..v9..Q.2....6....X*E$9.....y.......U.YE).s.m.a{G.gM.........$.......Y.N8{.8...N?Q..+....&`...0.R.....so.Zc.I.9>..1..%....w.2...$dU....c.;M.....t......zu.^V...k..T}..0.?;.!..3..>B.w.p.2{.>U....b....p....3......n.p#.O".hQ..,.2.VF.....O.b7........@%M.J....i....V......[=.S....2....m.q.0..}FX.....D1.PU&L..ng@.>..oWoN=.:J`...x.6.......h.S.3A..}].o6=.`..t......6...G.oI.66.9.}Tz..=T<..49{-.yx........{e...m.W...,.*.W).O..3ep.!.:.L.Ig>O.>.....T...Y.N.zE.1,j.j..9....<a2;- .........{7.2....W.O.....e..a.@.m......!GN.U.5.../AH.KK.b..J1KG..`.nx.t.....V....^..I.hy.f...I.j..j.UK..Q../.

                C:\Users\user\Downloads\V97k8ay.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1269
                Entropy (8bit):7.83185816706071
                Encrypted:false
                SSDEEP:24:mRntfwsGcxVVN7JhpPwo+KYV7zx1qw6TzDwfueV4+lQvYaKoHU2uD:m/fBGQvPf/Yaw6TzGSgaKo0L
                MD5:CC71DD1EEB911B465F4522E98F77D5AB
                SHA1:316D72049E8399460FA9803C72B77276F6CD7A74
                SHA-256:0378337092EAD611C2022C1D15DD8BA545E058E50608D96E9694D45FEF78A67C
                SHA-512:E4B9F6E49D332C6401E489C790CCBA51181364DF91EF3E5A87F82500F43B32A3CD83C00B430A225A56C39B82B4D8B2C3D0EA62947651F8AFBC9D1918B466172F
                Malicious:false
                Preview:Q.utlM.t...E...)..>.....&C.%-..~.n._..O......b..A...P}.`..].(1..t.r.L.+U8s.........Fr.6N..?EF.....{..w.yxo./.!ES..3...2].Z..1s....I......v#.......uD........O).z.O0.R.V:.OU....s.d..k.u.......V,\e"....I&.Q..j..&.....e6..o.....q...PPI(.w.. ...k....W._N].A0+Q.....E..t.'.Ke..".e|...G.\.;3.....UL.j.Ni.....-u.;"$.`.|.{..\..&..H.lt#....,.iN...a.m.(..H.sD[..&.V...(i.....T5_,!o..?.+...o..r.bc.1....?.. S..;...mf.m..a...wj<.2..Pz...aM..Q..Ec..3.R...;kXG.a......A......*.v....E.T.C....:2.....VG.2......:............F-.w.E..i.!....C;...b2#.......(..(U....Q....BS....+.....e...[C...)+..h......VD^$.-a.|Eu......{.'.J]......."4.t6.ycL.9`~......~f&.j...".....o...P~0}....c....[.3.NPh....{.....*.........CI...G.v..O..o..w;...L.$@......^>.+.s..w\....7.O...r.4.7..6'mH......-D..:.c..n^..f@.K..'.W/(a...d..=..=.y_.+....I.jn(:.....~j..y............$...STr+...Ny..VQI...).2j...S!.E.%....rD..J..*.a.....R..]..A.G..,l...h;.;......r(5........w.pj.9Jfz.<;.n...E...x.W..nOi...

                C:\Users\user\Downloads\WB3flUP.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.841031155673506
                Encrypted:false
                SSDEEP:24:nmRzSe+dyFy8rigAaI2DM7fLXrdq52NibJPBS5X0U2uD:nmJp2faaTXw2SuL
                MD5:FCA736BBE5DC88447359810BC477E63F
                SHA1:018D97CE86FDFC2133F6F97C7D268D09DEC273D3
                SHA-256:E689DEEF97D1ACB7E125EBA8225B327E203B71D5984BD8D136A18F77ACBF1B52
                SHA-512:3DD04E631715305459A33F4B407894840F0AAB17025C20E67B09F72B7AD328ECE2930CB586A569A5CB99B283275B6ACE835F5282E8C5A33E94687E4B07CB517D
                Malicious:false
                Preview:kL.vdY.,..6..2.V.....mX.6./ N.=...........w......!l........}3v9t..Vt0.R..T4m.......I8.M.../$.AX..4/Dz..V..!f.....+...o./..W.%......J.E.W..|...2..H..U..WG.c...,N..:C.g.d.....^..A$w.... ..2.c*..n'.f.T..8..6..h.Y.xn...Ln..m...Q..t..u.........Q.q.u-cID$:..1.....5<....l..AV.......{.^E:...{kT..-...h....f....&OH...]...$.....p...i..A...K. .8[..c.`..*.#..O.s./.M..,.v.....`..0.{{..j..;-.3...-[}....X.O.Dx./.Y.%.7.c((a.....[>b..gn...|.FN6..|.a8...m...Q...#Aq0Wv|^.e....i1i.M...[.!.bj.]....AOj....a.e.....U.].j..?#.........6&...>.3.p..:..o..Tx....q^....1-.y.#H.6...Hkxe.22..&.5}.....b..sw:.U.q.&./..6.........U..D6..h....l@#.c..<.....Q?/.....F..z}.@.....p.U..Vg1~C.G...l..d>.0<..n.?..91 .F..@Lk.EQ..^..47.`..,.!...!.Z.O.q&.^R.u.+.7.f.o.<..IC.B.*..=.80.>...B..q.)~S.F8......>.3...D..J#.?..1..].>n..............X.[..j.....=.g...Y.uD.kP*.F...{.3....-v...(..Y.. @../..q.`(.T.U.....e..vX...$.....4j.L..,6/.....!..v...3......J.(.E..(wn...g..Q..mX#.& ..{...W....y...

                C:\Users\user\Downloads\XVtZvCv.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1271
                Entropy (8bit):7.845083378635903
                Encrypted:false
                SSDEEP:24:CPSiK04E04qZhxQ0xKBvw13p2dNkwSZkCJvCeL2UJ8SUX+NCU2uD:CPgEVqFQMK613Y3sJvHrKSUX+NhL
                MD5:0C91C7D24113F6FB95DE506DABAAA1F1
                SHA1:72A88EEDBFABE69F84C4B81A09B04692A9244202
                SHA-256:9BEF57A79B6FD8D2938321FBB63CB6993CED6674D5683307D94A7BD1D2197198
                SHA-512:C8C2FDED8983A2DAA2F39D85D9DC08BE77DEBC9135432FD61C55B4ABEB3C36C8D08F9DB5E4E5EF589CF115FEB0EE56DED2C92D088F01E2103F1788F4A475FC4F
                Malicious:false
                Preview:.\....~..F..&.}...9..z..D..*.......B.+.{H.<c..,....o./....:...w.|..#9.$.'Ok.....[.3..xH...&}.E.x).V-.oA...,..m...g.n.i....q.....r~......3....}=@.v....~...E.6.\.N.".i.,...}...R..e.m".@.O.W...Y.....Ve&.....o\.;.Z.......z-[..A..9'..9N...T.....]..U^.I.3[.M...MG...j..b.).=..+...@. [.*..q0)g..}.....^.s.....M8...mx....a...(..c.m=..5....2-#..Iw\....G.;_.;6}FL].q..Z..]9..f....&..7......3?..e.....|x.......M...............W..=.\\...'.sS.a.......u.q..*$..k..-z.l.-..c.....h..F..;...^..Y.^h9..STc.dkv..P%.;.....e.v...,]..LET...6{..GI8..n..C..zm..n...EM._.Qf......u.....(r/..5LdU......k...P.v......7..;.$.".pA...(..+[_kh4...$....#.....h....Wv(.Y..Q..T..o3Q.R.>......CN.[Y.%.....F<f<....s..n[^yH. :-....|..;:........t..ej.-W...{Z.....X.o.,.....Qc9.......e.b.....[..Y.t..G..i..ms....O..uCX..9....zE....Q.9..=0.......w.......PYu..../ZG.^y'..%S..Z.Q...Z..M..0......|..w..Z"=?.i_.|..>l.d\.r..#/..-.9.~...'h......j....i........G..7!.....D;.W..`..B,..vBCn"#.+..(.9MR[..Y.

                C:\Users\user\Downloads\eSpinoV.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1272
                Entropy (8bit):7.832329623982025
                Encrypted:false
                SSDEEP:24:jXw2Wk2HTtMck/AaUfKCzXRH59bWfFM4Y3+sXM/4D6kaSCYVSU2uD:bkBKcYpUHzBvbWfF5Ys/GxL
                MD5:973B77BE5E75EF0C7556A32B09617B86
                SHA1:5F6783B8942CC85D15E6C42F248F31A91CAABB70
                SHA-256:142027786D2695AF00CA9DD1E635ED489AE3B210281C68EAC678FB9C26763AFD
                SHA-512:F2F777F3E60F7694EEF7C51DA9983B38AFF21427CCEE5C6914A94945763137F8C1DD93789642A6BAF4889DFE49180F59237107BCD4510B4F856969B2112EEA37
                Malicious:false
                Preview:......~.FP..`!...eM`g....7o.......*I:..^..zuauI.2.../.__.....p...~.!.V.../-...r.h[n}.z!...m..<...Fa......H.m4.'7.[`..W.MO.\..q..I..G)6.........%./.f[...=.BIuA..J...w.n...Ae..d,...'.6...}.w.o.....L...j4,t..|.....at.<........W..7:....XG..<.|....T.....|)e.{.IWu.L.5.&..L#.y$\<_.:.HPg6.9.......&.8.....p..M....q...g..<..k.Tb6..:.<..&.F.......o..U......B]7...TaF.P..=....e..@._.......!.R..\.....,(]..B...m.......`....L*. ...wl5..:2........fz...".>..0.sB.F...H.g...Ry.*.J.......r.P,..T...eY..Ym........Z^J..A.y..Y..&.Y6db.4.x*..pf.@;.X..V.E...p...+..j.g..:..qD.-.*P...M7....Y^.&..'..l."..z.c'%...(9a%...xJ>8L....lz..A..|...;.Z...'u....Z|.(.j...l....r&.p... d........8....c.u.....n... .=}d@...)c.g..{.#.c..........*.....\....c.U........k...|.-.!k0..fF.m.......fJ=..K.!.s.g-......89.A....`y...d- ..k....yg.Eh..*.-.H..e.m.....E/ [.1.(^.c.d..\........=....M.#.....ddCF.$...eEkZ.I'[..E...C......(..3...z...w.%.x..-{.^...'.w.v/./o..R8'.A..l...)l....u...)~.V..

                C:\Users\user\Downloads\grWOEe7.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1274
                Entropy (8bit):7.8459292450061655
                Encrypted:false
                SSDEEP:24:fQP9UQid9Iay4aWhjwrO+oNPfoDbgUZ/b9Yi5gCKj917lmYn8fGWEvU2uD:f49UQiNcORPi0U135gCe9PN8f39L
                MD5:1276F87BF5F5940327AC3F0E6D679F73
                SHA1:1EAC3E479783EBF36840D3D36AF8854C58CD4D51
                SHA-256:F731169A08FF119BA292E3C642890B6CBDA6D2140A532CC680D68376BD4BDEE8
                SHA-512:DD9EFC7C07218C40AAFECF7A932A843906125F7272824B127C6BE073E5EC75E811C56330BF67144CAF632BD56A59D4612B40DD08857216403F08247D88F6104C
                Malicious:false
                Preview:.......de.'A....F...R$)V.m..D.`...2..'.j...wz.(....b...I..|...$..R......3$,..~...DQ-.......1b.W]..;]n.].a............n..m.M.....U.,.N.._....v.@/[..z..u.#.y.{.JL..&<.\...O.+.."Q.P.uN.T./...x.....h.;P."eR..S.......U. ....<.l.3..w.1....6.......U^6...N...v.n......W.Oq.....8.~q....S.4...:.4....K..q..L..f]o.&3.....~B.I..4l..'v.cZ.s."i+....F..=.....$.oV.....s.....lQ.@R...N.'..Ou0..?.Fl4.6.....f'^.ZG_*...4.....[.v.!.\.....Bs.+cGB.YL#k....y. ...H../. "l3.%...hQ+.......'|Qj.x.A.=-...]...BE9jm....[....%..>..../..f.......E..l.X....4........5.EGr.....$..gM....Kxe.*..f:.{Q.vYY.p0....?...R...+?%\.)..-...O. ja.E..`...p......A.E.fA%......l.f.MI7=....<6...GedI.U.+..T..#....>.e...T#s0;7.!.~....|Lw~!}....0.+.....PSK)..i.-w.%.f9.|#?d4 ....ds..m.~b.Q..,.mBM...^...D...a..1.......D.KL&...b!.....sa..,...(..^..L.....pw.[A.%"..*.O.@w.}H./.H.n..v..U.. ..:.?J..R.6e.....`F....b.U.X4h.]R.v.....-v+.R.=.[.C..^R.*j.+.%-R....<....t.:..~..J{`).o..k6%..^(..v...S%...4.$....)

                C:\Users\user\Downloads\mwmUBfq.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1272
                Entropy (8bit):7.833636521344777
                Encrypted:false
                SSDEEP:24:4YVy6Mb5H65wOr5BCBSKp3jb/so/DX7PXH1pvHnCU39UWLZP6nKKsTMU2uD:4YVTMtR2fCcMjAo/f1Bh9UWLZCncL
                MD5:4D55D22CE1145BC3F9B8F34C1B2FEDC5
                SHA1:D40BEDB04E6CB15BFB30FC593C8E3321D3D4C289
                SHA-256:36CC6E5B757309B942C42F1631C95BD7014498881062DA35BE62E18748B29F79
                SHA-512:C42C4AE4F0CC089F0F1AAC2E7FAEC5ACA544B1D63502D84F4D0525AD51C6134FC4AE2C0D815B4AC2CAAC7669EE78D44D6D5A968E7670C1F7DDA74E4EC214FC75
                Malicious:false
                Preview:.bj>....T..S...(......*.m...Qxr,.]..f;..q.J.w..`GvO..^.*.'...I$..$...+qy)..k|=...0...:m.......*.b^.a.K,J......7W.0)....$.R.."X`..B...n.q,...o.r<;F.....eo;....e.a......S.....^N...~.0....H+Ew.,.8B.S}&b6.A&M..h=.[m&t.8.A...y.7..@.Rj..Z..(.b...*V..;..7p..~.y...*Q,.I..`:..U/..9..!.....>.dw$^$....O>...#/7.L2JYS.H.u.]aS.+~.?KWV)Rr..D...oh`z.F.}.$.-R.9./..W...oX&}.9o'..FpSK..z.V.L.l..:n..K......U.b^]0.c.$..$.....Z3,..5....B.y\V?.v~..%.z+<.N=.K....k......=.(....2+.QU....t..Q........>B2K....L....|[._.6I........'.Q!...A...t1.*.]?)A.....t..7.f....d?.R$#..X{...h.Q.R..v6(....h.Y.2.4..F.,.M$...(....Nx..5.w..........p.v.B.w.u.Rk..E6....ez..*g[.:b_." ....<r.M...n.oY-..G..g..!.!.a..X...{.b...G....7.I.nM.....n..C.nU.u.V..G~.S.V...!....|`X..*..'z..).MH...(.r..Wdg..?...&...rDS..3.a....n..x6.y.Eo.r..-.\..e...G..."A..G..o0.l.....r..T...'Y.W~.n...0.{..[.'R1.;.....j<P3d.6...p........Qo.k..7...%-.0........Y..&..s...b.(hwo>.+.H....s.-..b.....%......h%.5`.G/Fx..

                C:\Users\user\Downloads\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Downloads\uXDFKBl.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1272
                Entropy (8bit):7.855066761996614
                Encrypted:false
                SSDEEP:24:bLluk/W7japjVyjBYUav40y1h9jvXA5efOWRPrwswzaqLeU2uD:bLl//WR9W+RvjfOW0bdL
                MD5:EB540E57BDE46B368E23CAB906F96BB2
                SHA1:753BD79B81D3B50655C0B2C5B67811069007F2F7
                SHA-256:13A559E572F0B3DFBF125CD519A72FD342D1EC18B34BE0574D77E59669B47F04
                SHA-512:E21CAEDF55AECCB18A9DB2788AC51328EA1A77486E9FCFEAA746B32CF666299C9A673CBD38837791A8913744EF7466C3C648615239A248EA8908F740F53459A4
                Malicious:false
                Preview:.J......S.H.yO..(jK.v6ok..##.4...M..s..d.O\"}...}.=.hb..b..........9.wE.....)..eS.\m.x...5.H....H....."..<..9..m.q...".Mx,.....;.....:..Ah}....q2...i....!q....l...Y...a.T[.p....U.7YX....0p.....c..".f.6...YD.!]U.S.s..H....7,.M..e.q.3,Ft......{.Y........@...p.f.cs.....K.k./Dl[^1._.........B.X....:{..BoXa......hn.{...Mn.[..I.3....Pt59....R...0..x..z.6.pA...QI.,DH...-&0...........Ql..".$}.t._.....}..g^.y.......C.......j.GV..}.&5LE..a.>.KF...S.@O.[......7M..!......p..h.R..(].mHw+...$;.Gue...5..0..@[.X..#....S...C.u.0.v./........~$..}...F.=..n.".:..sef.L.a^C.n......#.;.....,.2."\Ar.Xz..Xz...k].'N....._.n.J.....0.......-..W}zv.Q}.2.v.0.2.W.....`:7%.?Gten./W.j "a.......d5.~....#..|..]U...).J...n.....$.3..Z.t.]A.D..t.s....x...p. c..[....K..)).?.e.....j.T-1...v..G*r.....,<;..*....<.....WK.O.7vi}...lK.=w.&q.r$+...0%....E...d.f.....c ..e.,..@....'..C....@RV..H8.!)....v....E.....5.".h...A:nA....RW.7R......0R..y.j..W.\..#="s.b.[.Xt..

                C:\Users\user\Downloads\yz2te2X.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1273
                Entropy (8bit):7.858068944968305
                Encrypted:false
                SSDEEP:24:BFP5axWqytDn3ZllHoCWtxd3wGv0nt9q05GIsh1ZmBJT9ABZ2BiEcVrV85xnU2uD:35i86CWN50tomwyRu0bcIjUL
                MD5:7A568DEAFD6845B535BD66CB050CF0AC
                SHA1:F61DC665521518613AEF13EDD4FEB8628E73E80B
                SHA-256:15B1FDF40CE1641656C129615814DD19A367EBD48632193BFABC4BC8FF5858A9
                SHA-512:7F7939B5B5EC3ECB5787A8C87B8CB66092B0AC6E8A15D2575FF5CE87913F79EAA607F041969500ACA400648E07F9FF8D5A5D541D16129E8F6687D902339F0D88
                Malicious:false
                Preview:.W..[..Q.S.... ... .W ..`..dQ.....5.b.2iA...2>].E5vb..s0..1.....H6.^.:..._...)..0@k...`3-.....1c..J...,i....M.W....*.. ..\..2=.h.U{=U.&+3..D$-.P..L..Y~.........<X.....{.2.....HC.f...GaT.`.9Y.`.d.8.....e."..._.{.M.v........._1\.[Q...,...)-.f..@..z.:...;$D....`..j$.p.. .(..G1G.4.uc...z...}....8.?.7.#-.p......W....R}d._...(^.LA.pBi...Q.......+%i.........J..]YH.0.............BU.....!0.w.8t#...lO..<.E.N.>...%!.u......0..Sf.......,.#|e.r.n......:.?~.....xM..&*.{..;.=!{w.......4i...R....R51G.-O.%.QB1:!_...G...p.8...26.....n.5.....b..+...9.W..F9R.l.[F.x`..U..i!Z..|\..7..5.a.5.DU.7....Q.....w+...V}.ze...bwm.p..tX......3....._.6. k...P.#H.y.......XlCa.tMK>v.<.M.t.}y.n.A...#.G.w....v$A&...7..l...W.kw.9Za.O}.S..6.*$`...(...!.r.7.YB..Y...F....p)$.n..,3fcY...6.}'.....p$..A..Q.Y.F.b..6.......9...g..{....}...]..g..&.........`...1...k.C..N.!.........L..k.Jm...^'...zr7...Qt.G..Bb?,g.H.Tl....3....T...aP...}....3o~z8.+.....&..'..H..*!.......m.7.....`..aEK....

                C:\Users\user\Downloads\zxaF2Qv.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):7.838192702548294
                Encrypted:false
                SSDEEP:24:zQiiGtZdKjiv76d4isRROjgCrVymnDT2atSoR21sgY6/pjOfvJ/5knPoU2uD:PiGfMjiv724FRRCgCrVZgqft7LkPHL
                MD5:D45D92ECF9007DDFBEA08FE2D74F639F
                SHA1:5B8B590CDB320A3082EBAA1C942FF7EA3CF7F05B
                SHA-256:1E0B0CAB7C92978168FF7C9E76DA65141A5EA8682C94DE5481DFBB4AAC460B03
                SHA-512:488CB60A4CDF94426B98833336C49E8369D26C8E90E56B64CA091E1E7BC02121B8E30050FB37D096BDAEAD9A00052CF4315BAAC3FC6F782E06BDDB8221B538FD
                Malicious:false
                Preview:*.<.g...(..P&........ba..yA..n..T,D-z.|:.p!V../.NT.N!..=.dP..X.......2.........1..k...A.U.R.O.T6(_.=....Z......p...P.......C..a,".....)E..i.W...~.../..b..#!.N4.......a..b.\$#...=.....^.C..be..T[.-*.5.L..e.L^.....{...#<U....}tm...t...b.V..P.....D).G..L...P......pTx....1..g8D*.C...z....I79J4....'..5~.j.,...%.G......L.s=5.dD.W+........k.P.T....T.x@n..H.#EB.w..%.6.......8.o]I...uS<u.c.G.....c...[^....:..*EL....B...e.E.(A..y..C...".p#..U..y...~'.....Q&....i.].G..3.I.zX.......|+.VxH]..O..!..4@.MN0\?.......`.K.`.o.n.'.=55....*0|./...q..q.y.Q.....F.3.h.I.4..1.yF.VoS..........y.+..8...H...:.q/`.....&...8....w.&T...#..+w.R*....@....n..,.,.F....V_a .H[...._l..... .9..U&..<z.uA.T.Ek.lufi..xY..1...j.......F.....{.}p...e.=!...]Q...R.&VuA..E...."W..B...,-&.,...a..{....~~..3..CU'...sO....2YH......a.Zw.,1+............BH]..O....G........z*>.T..|..$.1..U~..>...3.eZ.$....}_a..Sj....g.Dm...L.:..Z...J.G;...p2...%w .5.S..{|%......2.../..=6......M"$.....`.....R.u$......G

                C:\Users\user\Favorites\AAboURZ.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):344
                Entropy (8bit):7.3939388219506625
                Encrypted:false
                SSDEEP:6:ePri9G5QS5RdpuB/lUhbMb55kEC9oMSgENaTBxxi4sJakyHDttjL45YM6yJ0H:T4A01M96B9o01fit70t25YM6yJ0H
                MD5:24B0AFE763153AE18F71D9E59F5F5F2B
                SHA1:3A8FB1FA3F68AE05819255339E37713AA08DFF60
                SHA-256:2F0C960A11B79F68809584B21614B1378666C74F22CF9FE0D04590DD3795CE99
                SHA-512:A25CB28620E08E59836B71866BC16186E99B6B5A2DE0D6A9ACFF47B0EB3087DA0C1F67D32AF60FCE7DFBC35A57B391D76222FD800D91F39736F2F6D0A3FFAD77
                Malicious:false
                Preview:yZ9....=.7..i.F...&0......C:....7$f.......g.p.I5...4..c...6.((e.....ve:BhgW..sIc..:......{.@..m.GX.....".....w[J.....EH.o...Sa.....?.A..-V..w...O.>....](.0....A..,~..l...5......E..%....q....G|e.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\BqsRqlx.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):350
                Entropy (8bit):7.396249067458938
                Encrypted:false
                SSDEEP:6:obHJWr69N5tRx8fO6rBL0uvCK67bg7oVVEZ7P61ZJ74sJakyHDttjL45YM6yJ0H:yW+9N55l6rgndVVEZ7CTJ7t70t25YM61
                MD5:EE32243845DA667DAFE8E42B503FC854
                SHA1:43B2BA5137D27D7C7625A388376FE16B26ACE964
                SHA-256:2016F7295E843EB87AF46F146857E96D2CA89F2A3CD5239B7DB565D694C451E7
                SHA-512:136C8229D9DF916355878AD4AE299A55508805E5E07CC2E75AD03532EDB7EC58F288CB1CE27BD48A37A1828303CBD8BE48AD54C0CBDC52958887B70FE87A333D
                Malicious:false
                Preview:......~5.u.N..ZZ].)Qi.. ..a..xx.77.Sq......q....x$...$.+.HfwW...&.s9.Az...\...w..V.N&8.n.....;.n|...C5.Z.....3..Zn...7r.t.Z.E^.o....Sa.....9..9q..<48.....(.RR[p-.....H.?3#....b8..9.......'...6.<...v..h.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\GVpxnmu.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):350
                Entropy (8bit):7.362037157598834
                Encrypted:false
                SSDEEP:6:O6K/s/Q/WQNXfJT4j9Lof6HaJgzV8F8Bp4sJakyHDttjL45YM6yJ0H:/K/sMH1fJT4j9E0auzVO8Bpt70t25YMg
                MD5:7272A70E7818592C1917632C1C8F2417
                SHA1:C396B948B1EAABD81D8439811FD6027C1C675636
                SHA-256:5F6FE5A2EF64195A5283851296FE41D1FBD5EAF24BE4F14B10E12080FE0561AD
                SHA-512:2894ADA111A863BE1DA518C31BD1CA3E481B2CBFCB5DA3DE1AD2C82EEBA89C35793E11029C095321A1BD53835BFEA777C87C5403DF2F5EF84EC939F9EDB1BE1D
                Malicious:false
                Preview:.yPvYn.b.$@.x...8.. .l".}P...iVx....(...\Ud@^.x.A#."...w%Bq.8...+R..~..B~.y.....[.1..p....h.......a..V..=.Z.....=....+[S.N...yGH.o.....Sa.....:..l.]..*...H.>i..-..QE@..S...p..@.........Z[`./D.W..W..../.M..i.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\Links\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Favorites\OljyVA6.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):355
                Entropy (8bit):7.39217055960315
                Encrypted:false
                SSDEEP:6:TanjLu1OceB9wtn5hCue8NeoRKw+wI6IO4sJakyHDttjL45YM6yJ0H:2u1ObL6Cue8Neocw+w/IOt70t25YM6y8
                MD5:FB8DBC7C721CD863D1918D23442F65F1
                SHA1:518FD45ACB5D28F395E147423A9240A33F2A6B21
                SHA-256:0BB41A1776DDB3353D4FE75CFE3C2D8B8337B51657C02EC5B39CD516E7897B78
                SHA-512:D5A37383FCBE8F0B918EA6CC492E5CDA7A768BB935DE2CC364E598C9116DCE2AE86D0860BA5D947A0AA191E07EF23513D2919476511A51DF2619078EA5FCF494
                Malicious:false
                Preview:...&L..6}..d...*.9.]..;q\.'g.;......Y.<fL....(gPD.`,...qp....~.0...q.F.Z..S E.Z....r.G.x...|%C.q..../.f.8....."......(.2m..)S.o......a.....9....^...&M.q.....M..Y..N@.u.r.fM6r.7..;..5..|p.[\......_j...^.`.<l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\P5ADdVC.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):356
                Entropy (8bit):7.37671662198036
                Encrypted:false
                SSDEEP:6:GjDEanCKVxScKENSyT0TKHtyvnrZ04OO4sJakyHDttjL45YM6yJ0H:G/EWCKd5NSyY+cvnN06t70t25YM6yJ0H
                MD5:21E37AD4980388952B3190041B893F2D
                SHA1:BED57F177BDC86D188DE6E08BE885F83725E4F93
                SHA-256:BB2D9BE8206D1A8EAFA54F7C08FE530BA006D854E3D0D9FED611BEBE97AF8F82
                SHA-512:C7AEA1D0682FF7401AFA7DC558B34EE62A1A54A6DB5F0ECFEEDC231C7631A568A9774ED4A743C878C1AF1BBAFD32D8BC3E4A704F5ADD630D90B773175A43F4CD
                Malicious:false
                Preview:..S../.-.Vg....).Z?.=.U.d..=.$.3...G%...w+.7............5g.%.n..........<.../~]LA....Q7$..}FK.`.pu..<P.n.x2..$.....Nr.]l......m..)).km......a.....9....^w.P..va<TI..{.....yA.C..$..+."...ix}l8.../3....@D.|h..C.f..|)l.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\XTXbxwW.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):347
                Entropy (8bit):7.395550147963864
                Encrypted:false
                SSDEEP:6:5JkKfCGZWYQ9R72QXsDmoZKHpZqzrePWn81/me+VQZpLbv14sJakyHDttjL45YMg:5JPQrsZwHvIreun8ZeVKhbdt70t25YMg
                MD5:FF590A0692382EEB8BE80EECBBE5CBDF
                SHA1:1DE8333FE4C98FBCD0389BCF5DA1D4B2B78F6F26
                SHA-256:598E379C34E3A6A1F32CDA2699778E6501D7A59BED9D6479CE46031E9A0A30FC
                SHA-512:AD46CC666D27456C7FAA2D1703E8054F09138A7EA39F9E454165630937A134273CA92EF86FC340B9E1EE8824D55C11528CE7902DE51353836397876C671541FA
                Malicious:false
                Preview:F!A...%.:...=..e8".t\_Q._....l...`T.U>.....`.....&#t.t..Lk...).SY.Jxm....)..7.:F.H..L+"i.S.^.|..e<T"?....C...... ..In.]nV..+r)....EH.=...Pa.....9./....#......qi......+vs.<...j.(.H..".........8..z..@....F...m.f.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\abtGzzc.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):353
                Entropy (8bit):7.372795859184745
                Encrypted:false
                SSDEEP:6:eWwln+O/oShmfSUWqic4kq2u7SkhsQpqH9Z4sJakyHDttjL45YM6yJ0H:TwdjorjD420SkhjpqHTt70t25YM6yJ0H
                MD5:42C54B3559AEAA26C2005EC87B36B3EC
                SHA1:26F5565464016F196EED836B0122182B8B877A09
                SHA-256:1A4FB3A7AB385E58F1CA1C398F3DEC845604E7DCA1934823C3DCD346479556B4
                SHA-512:297DDC48070B103BF57FC6BAB581DA250CAE4394E9C14AF68789DD2BC7BEE5634B77EB1AE2A018F72CFBBCF982B9C13C45C48B0507E74A3D1A6120783C6C1B62
                Malicious:false
                Preview:#.....,..u S.!..zU..U~U.y...f@..q.:........Nc:_.7...U.$,..u.x.......F...^..N..,......|]...;.F...)...2..3...........v[..I.......o...Sa.....9......*.?..-.&.9...op.}...|..Gj...\=...h.....9.H....(....[y+.'?X..Ek.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\eoNx1OM.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):349
                Entropy (8bit):7.364372893791949
                Encrypted:false
                SSDEEP:6:QdX4rsEDHq0LcDuDMA8RIplIK9Z67kIzHxsEL7rdW8kO4sJakyHDttjL45YM6yJm:+X4rsaClAAIrIKils2tt70t25YM6yJ0H
                MD5:852B450D4DC45FB7FC2FC51C2AE62113
                SHA1:7273B5641AED3CB99749A1CCA28AEB5A8489C81A
                SHA-256:7EC1EDC242916BF0B3D92EAE6FEB4F5064640430F99DB55421BBDCEC39F0C31F
                SHA-512:22F795065A83311E8567C9EA216E29CE2756F274E4E654B15E4C347051C29D90B4FF67B84080C74D6FCA27FF74BEF41A481C212AE15D4B909D063ECA64BC7BC5
                Malicious:false
                Preview:<..B.w6j...p.i32..F....;...$..`..p${d...;.....+v.........-_.....9|Ld../`H....y.....}..>....)...8\.Z,.......Bk.LnV..(r2t...E^.o....Sa.....9..rP..xD.u..`..Z..n.[6.".B P.eq....d).g.n.0_..<...\..3a.9<y.......h.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\mKMXfXC.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):443
                Entropy (8bit):7.533610865103186
                Encrypted:false
                SSDEEP:12:+Vmvxo93XS42VzsY96BCjeVfnsGt70t25YM6yJ0H:dvxo72VlfmnsyU2uD
                MD5:614DD389CB3BDF80A10B6A3BF3DC67A6
                SHA1:44DEDF2EB9F36944AA42D922D20F23AF173255DD
                SHA-256:538BD574C85C0B60EEC5436E74490A8D94FBE31D40AABD0D13C2AC7F6F23571C
                SHA-512:FB0A29DA5399236D9057C51DAB36A5E38D2BA9B2833723FD66134F971FDED98C6A9A977F442AFD77CD4EC22AA6FA811FE6D5077FFD41CDDF3F94F917E7431639
                Malicious:false
                Preview:...u,...t.6+..d..y...?.....Z..L.D*ngL2./.Zb.L.......j..4,...\....%v1._.K............./.M$..."{......|b*...@....h?_..T..._.0...<[l`...%..+..>d..p.t...wG....0....1i3Ff^9.g.4...}..<Y........t\.x...... .....w[J.....EH.o...Sa.....Xp8.2....ih&7:.+q..T.y/?{.3..8 .].w.F2\T..P..1.l.._.@...z...e.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\pBiPxLs.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):350
                Entropy (8bit):7.427336451805332
                Encrypted:false
                SSDEEP:6:s4W1oL6W/YWM5KZV/fI67hu5oqrsAf9O4sJakyHDttjL45YM6yJ0H:sb1oL9VF/f/9u5ow1Ot70t25YM6yJ0H
                MD5:132FA313976BE4063D4DACC252EC20F9
                SHA1:88B4DF05021E63D9F7CB1F9151140A556061B82A
                SHA-256:06543CD7F12BBF6ECE8981218D15BE879832A1B6A34A0C17C0FD3E828AE8B4B2
                SHA-512:1719D37590CAE258F7516A351E9ED6BD1360B48C7552620813FE86E7F792306C47918FAE9BD1317DC7AB5C4A768D1142966F0727F00916F1CC44F6B23A6AF364
                Malicious:false
                Preview:^...w<.R....ml.wA.G..n4.5..7.s..6.v.@.B...<.+..{.X.rVc....zT*...a.%..Yl7..s.6.............n..`..J.~.....%%......3..]n...*u1t.Z.E^.o....Sa.....9../i}..Rf...e.h.`.U...G ..W..X.4/.._....4..!..q.:...h.6..R.h.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Favorites\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Links\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Music\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\OneDrive\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Pictures\Camera Roll\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Pictures\Saved Pictures\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Pictures\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Recent\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\SEv3ryw.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):239
                Entropy (8bit):7.081671385473804
                Encrypted:false
                SSDEEP:6:/u/6c11aMCD8DSTp+phXoi4sJakyHDttjL45YM6yJ0H:/KaMCtTpoXht70t25YM6yJ0H
                MD5:7F14E5008B3A03A7961AF20EB3E006E5
                SHA1:47B31F48592B612971D04DBDE7F7538392F5AF89
                SHA-256:541EBC370C5F06B83EC735A0556181D84AE2A1377411E978EF5B3D40C19BDE6F
                SHA-512:920C8F816E05499DC92FB618765F7223F464F55B6E504A0711DA0C09783190EAF9BE28183319573E68AC64D650FB6CFB8C873213FC722233716BA2F76EE6EBCC
                Malicious:false
                Preview:H.u.-..Z.....5..ile.&.<....EH.o...Sa..`}&.....&.+.O.N..D. .X..r[..FO|Z.."U..6_.3.ea..Y.7.N&..'.S.<_4a.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\Saved Games\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Searches\KuPyGeH.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):1173
                Entropy (8bit):7.820020528992338
                Encrypted:false
                SSDEEP:24:absKTw3UZ2PBiKl8k5x+wmVFNiIBlUP55KgpebDhU2uD:mwkEkKlF2wmVFx65w2ebD2L
                MD5:47EB8B04F0DB512B8BE046FC67347273
                SHA1:DF8E147D7E3B74E58C84BD9279CED4C588BEA02D
                SHA-256:CAAEFD22670147D23781D520B2B13F0E08A4A3104E393AD7E2AC6F5346B5A013
                SHA-512:B05F9D4465E288322FE3055A8F2F6F415C01EDB66A550ED03B7A32F08C368937B06F85332E54F91FE5D06B232A83F169F60994E0D4CE2F709555FCDC3D59941D
                Malicious:false
                Preview:..K..qE*..0.3R....X.b...s..........b.wPcvQ..M}..0..I.U...{#/..t....Bh....'$...Z.<.........WK....N.J5....4!..zT....hy.........>.%....d...S.*8.w.n^...R[.o!.y..^.)..g...<.l.~.K......Sv...*S6..y..G......'...p.# ........^C....1.4.Ef.f..K....<..0Vc....Ky.4..%AK..]C....H/B)....g|S.^n..@.BB8.b.;._6<"..Q..%|...v../. ?3Y..J."..B4.=... j)u._.}"kJ7,x..}R........}._..:..&*.....?..Ze*..O..U+<[..........A....}...6M.......N..Pr.7...y..+.#z..O..+.9..G ...4oXv..T...j+.o.5...?.<...pCu.c...X..|V.dd.4...w7+R...J.C.........Fp.9\'........& ..7.U~..DY).p.a.KP..GD..x...O..:.-.......Z..K.1..PD..'f).sy....^.4.r.....O..vu)=.HL......7._p=!...g..lq#Iu...W.}...6/.T..5.=...j.V.....;l.mM..7.}^..:_3......&..O..,.I........?..4wm....IUz.r^.@z.<~.v....g]....c. r.(.Id....1b...W.Z..5..q...K...i.....4....<......wd.g{.!..#.;5.O.6..ZsO..H........5..M...*S1)5...z.....Kv.../.....j]#.Z..$.....c....B..cU...5g.%d.F..?...._66....a6m.@...C.4...@. .b~..L.J..+..w.p....g..@....

                C:\Users\user\Searches\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\Videos\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\user\rLesvLa.sYMY1N6ah

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:data
                Category:dropped
                Size (bytes):239
                Entropy (8bit):7.050141650941214
                Encrypted:false
                SSDEEP:6:oTd11aM7eyOVowmiV4sJakyHDttjL45YM6yJ0H:oVaM7eswmiVt70t25YM6yJ0H
                MD5:B2CA09A0A7BBB56F03E51EB2C4C9BC19
                SHA1:BF1512741BACA4E3B61219FC4862685ED65D7C7A
                SHA-256:C7ACC78A470C76BCC0E155D78E75C740A5E39BCB7FE8B38173E1518BDE7D66F6
                SHA-512:0C56919ADD7DA1A901E9AB96744F26D976DCBC2A9ABABB833C45B9484C95F8F7D5598D1A5E2F9CB9E17373A4EE57C20B965DC5B441953B2D13543E0A87137C06
                Malicious:false
                Preview:..!:.;.......5..ile.&.<....EH.o...Sa.;...&w.~..o%.6...-.D.."+..e".....R...NG.....I..N..,.,l.%*n...a.#..f@L.[...RM..oVh.R.`T6.Q.!.SG;...Tn.^...x.N....M.0...P!...&a..U...CK".U.\i.....P...D.......|.d..0..O.N=.V... ...ep.f.a..`0

                C:\Users\user\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\Users\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                C:\sYMY1N6ah.README.txt

                Download File
                Process:C:\Users\user\Desktop\9gGB296kd4.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1270
                Entropy (8bit):4.689392938533923
                Encrypted:false
                SSDEEP:24:5mVmHfhSQ8jUJmbEhDZXJBmF980bk+wSFuA3B+ikUToJj6J:5mV/rjUJUEhPBmIRS9CUk2
                MD5:DEB2E0756D331362D57AD9FE408C4FF3
                SHA1:870865AAD7C7CCCAFBCA0C1F50F7EECAEDBD4BF1
                SHA-256:1DDACEE1D25936970279557169037A335B362F86C3797DED625D68077BD0145C
                SHA-512:E218624D2704517A358DF0DFB794116BBEED3AD81DAAE8C07D5D969E61E7936ED043911008F4816D663DE373FD23515219C8038DD22E5838AF7DF1678A0134A6
                Malicious:false
                Preview:***..Welcome to Brain Cipher Ransomware!..***..Dear managers!..If you're reading this, it means your systems have been hacked and encrypted and your data stolen.......***....The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours...In order for it to be successful, you must follow a few points:....1.Don't go to the police, etc...2.Do not attempt to recover data on your own...3.Do not take the help of third-party data recovery companies...In most cases, they are scammers who will pay us a ransom and take a for themselves.....***....If you violate any 1 of these points, we will refuse to cooperate with you!!!........ 3 steps to data recovery: .. .......1. Download and install Tor Browser (https://www.torproject.org/download/)....... 2. Go to our support page: http://mybmtbgd7aprd

                \Device\Null

                Download File
                Process:C:\Windows\SysWOW64\cmd.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):22
                Entropy (8bit):4.004886164091842
                Encrypted:false
                SSDEEP:3:otlbRRSVy:otTsy
                MD5:27B2088B653F5584652DE0C888BC201D
                SHA1:5BC5CB7583E909BF6887913D8EDDC3C652C61159
                SHA-256:CFCCEEA98A4CB0D17B93D8F0F78EDB2629A28661FD3F62B515A45F12374C9ED5
                SHA-512:8CF0315A3219FA37DC4A06DA2D77182B344A79300C3DC585AE2A01A087EB31BD9DF9A7589C9B18B2E0D19CCF8DCB42A131A10BC239826E1C6DC2F3EBC1F80A29
                Malicious:false
                Preview:C:\PROGRA~3\C344.tmp..

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                Entropy (8bit):7.215345347686686
                TrID:
                • Win32 Executable (generic) a (10002005/4) 99.94%
                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                • Generic Win/DOS Executable (2004/3) 0.02%
                • DOS Executable Generic (2002/1) 0.02%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:9gGB296kd4.exe
                File size:150'528 bytes
                MD5:448f1796fe8de02194b21c0715e0a5f6
                SHA1:935c0b39837319fda571aa800b67d997b79c3198
                SHA256:eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12
                SHA512:0b93b2c881b1351ff688089abf12bbfcff279c5d6ca8733d6d821c83148d73c85cfedf5ab5bc02c2145970124b518551db3a9fc701d8084f01009ae20f71a831
                SSDEEP:3072:l6glyuxE4GsUPnliByocWep0yjEJ3hDRMK89nB2:l6gDBGpvEByocWeebbMjV4
                TLSH:52E37D21F252D0B3C83718F53B36B572F39E8E2C29A96847EAD80F59BCA48231F54557
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e..c............................o.............@.................................~.....@...........@....................

                File Icon

                Icon Hash:00928e8e8686b000

                Static PE Info

                General

                Entrypoint:0x41946f
                Entrypoint Section:.itext
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Time Stamp:0x631A9665 [Fri Sep 9 01:27:01 2022 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:5
                OS Version Minor:1
                File Version Major:5
                File Version Minor:1
                Subsystem Version Major:5
                Subsystem Version Minor:1
                Import Hash:41fb8cb2943df6de998b35a9d28668e8

                Entrypoint Preview

                Instruction
                nop
                nop word ptr [eax+eax+00000000h]
                call 00007F8E88F84487h
                nop dword ptr [eax+00h]
                call 00007F8E88F7181Ah
                nop
                call 00007F8E88F74E07h
                nop dword ptr [eax+00h]
                call 00007F8E88F828C6h
                nop word ptr [eax+eax+00h]
                push 00000000h
                call dword ptr [004255C8h]
                nop word ptr [eax+eax+00000000h]
                call 00007F8E88F84226h
                call 00007F8E88F84215h
                call 00007F8E88F84204h
                call 00007F8E88F84211h
                call 00007F8E88F841FAh
                call 00007F8E88F841F5h
                call 00007F8E88F841F6h
                call 00007F8E88F8420Fh
                call 00007F8E88F84204h
                call 00007F8E88F841CFh
                call 00007F8E88F841ACh
                call 00007F8E88F841B9h
                call 00007F8E88F841A8h
                call 00007F8E88F841C1h
                call 00007F8E88F841C2h
                call 00007F8E88F841ABh
                call 00007F8E88F8419Ah
                call 00007F8E88F8417Dh
                call 00007F8E88F84178h
                call 00007F8E88F84197h
                call 00007F8E88F8417Ah
                call 00007F8E88F84163h
                call 00007F8E88F8416Ah
                call 00007F8E88F82CF5h
                call 00007F8E88F82CFCh
                call 00007F8E88F82CD9h
                call 00007F8E88F82CE0h

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x1a2300x50.rdata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x270000xfd0.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x1a1200x1c.rdata
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x1a0000x70.rdata
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x17de80x17e00cfbda2c44e51b3b0b00bcbbc767c62a2False0.48375122709424084data6.634079266913224IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .itext0x190000x5460x6006f4cd57381bb5584c0a0755384d25180False0.251953125data2.9337361310958805IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .rdata0x1a0000x4920x600bd829aa493ecd52fe5bec776d207f206False0.3671875data3.5366359784052652IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .data0x1b0000xadc80xa000e757bf5ef3033e34596559d75660a9feFalse0.9826171875SysEx File -7.98745422256528IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .pdata0x260000xd060xe00ba1c62fc31760b05288ec7680c6ef754False0.9458705357142857data7.726009575390974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .reloc0x270000xfd00x10003f87e4c23650dfad0bee7da98889ba94False0.843505859375GLS_BINARY_LSB_FIRST6.738987246879603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Imports

                DLLImport
                gdi32.dllSetPixel, SetDCBrushColor, SelectPalette, GetTextColor, GetDeviceCaps, CreateSolidBrush
                USER32.dllDefWindowProcW, CreateMenu, EndDialog, GetDlgItem, GetKeyNameTextW, GetMessageW, GetWindowTextW, IsDlgButtonChecked, LoadImageW, LoadMenuW, DialogBoxParamW
                KERNEL32.dllSetLastError, LoadLibraryW, GetTickCount, GetLastError, GetCommandLineW, GetCommandLineA, FreeLibrary

                Network Behavior

                No network behavior found

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:15:43:01
                Start date:24/06/2024
                Path:C:\Users\user\Desktop\9gGB296kd4.exe
                Wow64 process (32bit):true
                Commandline:"C:\Users\user\Desktop\9gGB296kd4.exe"
                Imagebase:0x150000
                File size:150'528 bytes
                MD5 hash:448F1796FE8DE02194B21C0715E0A5F6
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.2120339399.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000003.2120339399.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000000.2074026515.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000000.2074026515.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                Reputation:low
                Has exited:true

                General

                Target ID:4
                Start time:15:43:31
                Start date:24/06/2024
                Path:C:\ProgramData\C344.tmp
                Wow64 process (32bit):true
                Commandline:"C:\ProgramData\C344.tmp"
                Imagebase:0x400000
                File size:14'336 bytes
                MD5 hash:294E9F64CB1642DD89229FFF0592856B
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:moderate
                Has exited:true

                General

                Target ID:5
                Start time:15:43:32
                Start date:24/06/2024
                Path:C:\Windows\SysWOW64\cmd.exe
                Wow64 process (32bit):true
                Commandline:"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C344.tmp >> NUL
                Imagebase:0x790000
                File size:236'544 bytes
                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:6
                Start time:15:43:32
                Start date:24/06/2024
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff6d64d0000
                File size:862'208 bytes
                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                Disassembly

                Reset < >

                  Execution Graph

                  Execution Coverage:18.5%
                  Dynamic/Decrypted Code Coverage:0%
                  Signature Coverage:15.2%
                  Total number of Nodes:1936
                  Total number of Limit Nodes:12
                  execution_graph 11471 167556 11482 16752b 11471->11482 11472 167624 11474 16205c 16 API calls 11472->11474 11473 167631 11475 167646 11473->11475 11476 167637 11473->11476 11477 16762c 11474->11477 11479 167656 11475->11479 11480 16764c 11475->11480 11478 159bb0 14 API calls 11476->11478 11481 16763c 11478->11481 11484 167675 11479->11484 11485 16765c 11479->11485 11483 1673ac 15 API calls 11480->11483 11489 161ef4 117 API calls 11481->11489 11482->11472 11482->11473 11483->11477 11487 167685 11484->11487 11488 16767b 11484->11488 11486 166fa0 5 API calls 11485->11486 11490 167661 11486->11490 11492 16768b 11487->11492 11493 1676d8 11487->11493 11491 16390c 5 API calls 11488->11491 11489->11477 11494 166bbc 2 API calls 11490->11494 11491->11477 11497 1676ba 11492->11497 11501 166da8 2 API calls 11492->11501 11495 1676e7 11493->11495 11496 1676de 11493->11496 11494->11477 11499 15a338 2 API calls 11495->11499 11498 166bbc 2 API calls 11496->11498 11497->11477 11502 1604b4 13 API calls 11497->11502 11498->11477 11500 1676f8 11499->11500 11503 16771c 11500->11503 11505 15a338 2 API calls 11500->11505 11501->11497 11502->11477 11504 162428 12 API calls 11503->11504 11504->11477 11506 16770b 11505->11506 11506->11503 11507 167710 11506->11507 11508 159bb0 14 API calls 11507->11508 11509 167715 11508->11509 11510 167034 117 API calls 11509->11510 11510->11477 11531 15df94 11535 15de8f 11531->11535 11532 15def1 ReadFile 11532->11535 11533 15e0aa WriteFile 11533->11535 11534 15e150 NtClose 11534->11535 11535->11532 11535->11533 11535->11534 11536 15686c RtlFreeHeap 11535->11536 11537 15e031 WriteFile 11535->11537 11538 15dee2 11535->11538 11536->11535 11537->11535 11100 159811 11103 159813 11100->11103 11101 1597f9 NtQuerySystemInformation 11101->11103 11106 15980f 11101->11106 11102 15982c 11105 15686c RtlFreeHeap 11102->11105 11103->11101 11103->11102 11104 156894 RtlReAllocateHeap 11103->11104 11104->11103 11105->11106 11107 15686c RtlFreeHeap 11106->11107 11108 159872 11107->11108 11417 15fedb 11428 15fd52 11417->11428 11418 1569e0 RtlAllocateHeap 11418->11428 11419 15f59c NtSetInformationThread NtClose 11419->11428 11420 15ffdb 11423 15ffe9 11420->11423 11424 15686c RtlFreeHeap 11420->11424 11421 15ff71 11421->11420 11422 15686c RtlFreeHeap 11421->11422 11422->11420 11425 15fff7 11423->11425 11426 15686c RtlFreeHeap 11423->11426 11424->11423 11426->11425 11427 15f6d8 NtSetInformationThread NtClose 11427->11428 11428->11418 11428->11419 11428->11421 11428->11427 11429 15b3c0 2 API calls 11428->11429 11430 15686c RtlFreeHeap 11428->11430 11429->11428 11430->11428 11431 1596cd 11432 1596af 11431->11432 11433 159735 11432->11433 11434 15686c RtlFreeHeap 11432->11434 11434->11433 11264 15d88c 11283 15cd04 11264->11283 11267 15d8c1 11269 15d9cc 11267->11269 11270 15686c RtlFreeHeap 11267->11270 11268 15cedc RtlAllocateHeap 11276 15d8cb 11268->11276 11271 15d9da 11269->11271 11272 15686c RtlFreeHeap 11269->11272 11270->11269 11273 15d9e8 11271->11273 11274 15686c RtlFreeHeap 11271->11274 11272->11271 11275 15d9f6 11273->11275 11277 15686c RtlFreeHeap 11273->11277 11274->11273 11276->11267 11278 156de8 RtlAllocateHeap 11276->11278 11277->11275 11279 15d921 11278->11279 11279->11267 11280 156844 RtlAllocateHeap 11279->11280 11281 15d974 11280->11281 11281->11267 11282 15cfcc 2 API calls 11281->11282 11282->11267 11284 156de8 RtlAllocateHeap 11283->11284 11285 15cd56 11284->11285 11317 15cd5f 11285->11317 11318 15c658 11285->11318 11288 15ce70 11291 15ce7e 11288->11291 11294 15686c RtlFreeHeap 11288->11294 11290 15686c RtlFreeHeap 11290->11288 11292 15ce8c 11291->11292 11295 15686c RtlFreeHeap 11291->11295 11296 15ce9a 11292->11296 11298 15686c RtlFreeHeap 11292->11298 11294->11291 11295->11292 11299 15cea8 11296->11299 11301 15686c RtlFreeHeap 11296->11301 11297 15c8c4 2 API calls 11300 15cd79 11297->11300 11298->11296 11303 15ceb6 11299->11303 11305 15686c RtlFreeHeap 11299->11305 11353 15c928 11300->11353 11301->11299 11306 15cec4 11303->11306 11307 15686c RtlFreeHeap 11303->11307 11304 15cd81 11358 15cb20 11304->11358 11305->11303 11308 15ced2 11306->11308 11309 15686c RtlFreeHeap 11306->11309 11307->11306 11308->11267 11308->11268 11309->11308 11313 15cd99 11314 156844 RtlAllocateHeap 11313->11314 11315 15ce19 11314->11315 11316 156894 RtlReAllocateHeap 11315->11316 11315->11317 11316->11317 11317->11288 11317->11290 11319 15a488 6 API calls 11318->11319 11320 15c68c 11319->11320 11321 15c692 11320->11321 11322 156844 RtlAllocateHeap 11320->11322 11324 15c832 11321->11324 11325 15686c RtlFreeHeap 11321->11325 11323 15c6a4 11322->11323 11323->11321 11328 15a488 6 API calls 11323->11328 11326 15c840 11324->11326 11329 15686c RtlFreeHeap 11324->11329 11325->11324 11327 15c84e 11326->11327 11330 15686c RtlFreeHeap 11326->11330 11344 15c858 11327->11344 11331 15c6c1 11328->11331 11329->11326 11330->11327 11331->11321 11332 156de8 RtlAllocateHeap 11331->11332 11333 15c6d6 11332->11333 11333->11321 11334 156de8 RtlAllocateHeap 11333->11334 11335 15c6ee 11334->11335 11335->11321 11336 156844 RtlAllocateHeap 11335->11336 11337 15c71f 11336->11337 11337->11321 11338 156844 RtlAllocateHeap 11337->11338 11342 15c748 11338->11342 11339 15a1c0 6 API calls 11339->11342 11341 15c7ff 11343 156894 RtlReAllocateHeap 11341->11343 11342->11321 11342->11339 11342->11341 11365 15a54c 11342->11365 11343->11321 11369 15a108 11344->11369 11347 156844 RtlAllocateHeap 11348 15c88d 11347->11348 11349 15c8b4 11348->11349 11350 15a108 2 API calls 11348->11350 11349->11297 11351 15c8a8 11350->11351 11351->11349 11352 15686c RtlFreeHeap 11351->11352 11352->11349 11354 156c98 RtlFreeHeap 11353->11354 11355 15c951 11354->11355 11356 156844 RtlAllocateHeap 11355->11356 11357 15c955 11355->11357 11356->11357 11357->11304 11360 15cbdb 11358->11360 11359 15cc88 11362 15ccb4 11359->11362 11360->11359 11361 156844 RtlAllocateHeap 11360->11361 11361->11359 11363 156844 RtlAllocateHeap 11362->11363 11364 15ccc6 11363->11364 11364->11313 11366 15a58f 11365->11366 11367 15b3c0 2 API calls 11366->11367 11368 15a5a9 11366->11368 11367->11368 11368->11342 11370 15a13f 11369->11370 11371 15b3c0 2 API calls 11370->11371 11372 15a159 11370->11372 11371->11372 11372->11347 11439 15b6c8 11440 15b715 11439->11440 11441 15b71c RtlAdjustPrivilege 11440->11441 11442 15b71a 11440->11442 11441->11440 11441->11442 11373 15d88a 11374 15d88c 11373->11374 11375 15cd04 13 API calls 11374->11375 11376 15d8b8 11375->11376 11377 15cedc RtlAllocateHeap 11376->11377 11388 15d8c1 11376->11388 11385 15d8cb 11377->11385 11378 15d9cc 11380 15d9da 11378->11380 11381 15686c RtlFreeHeap 11378->11381 11379 15686c RtlFreeHeap 11379->11378 11382 15d9e8 11380->11382 11383 15686c RtlFreeHeap 11380->11383 11381->11380 11384 15d9f6 11382->11384 11386 15686c RtlFreeHeap 11382->11386 11383->11382 11387 156de8 RtlAllocateHeap 11385->11387 11385->11388 11386->11384 11389 15d921 11387->11389 11388->11378 11388->11379 11389->11388 11390 156844 RtlAllocateHeap 11389->11390 11391 15d974 11390->11391 11391->11388 11392 15cfcc 2 API calls 11391->11392 11392->11388 11393 157e8a 11401 157e60 11393->11401 11394 157e72 NtQuerySystemInformation 11394->11401 11395 157ea5 11397 15686c RtlFreeHeap 11395->11397 11396 156894 RtlReAllocateHeap 11396->11401 11399 157ead 11397->11399 11398 15686c RtlFreeHeap 11400 157f40 Sleep 11398->11400 11400->11401 11401->11394 11401->11395 11401->11396 11401->11398 11402 156844 RtlAllocateHeap 11401->11402 11402->11401 11645 15ddca 11651 15dd81 11645->11651 11646 15ddf0 11647 15de3d 11646->11647 11649 15686c RtlFreeHeap 11646->11649 11648 15dd9d 11648->11646 11652 15db90 NtTerminateProcess 11648->11652 11653 15dc60 NtTerminateProcess 11648->11653 11649->11647 11650 156894 RtlReAllocateHeap 11650->11651 11651->11648 11651->11650 11652->11648 11653->11648 11109 15e430 11111 15e3f3 11109->11111 11110 15e3c5 SetFileAttributesW CreateFileW 11110->11111 11113 15e40b 11110->11113 11111->11110 11112 15de48 5 API calls 11111->11112 11111->11113 11112->11111 11443 15f8f0 11445 15f8d2 11443->11445 11444 156844 RtlAllocateHeap 11444->11445 11445->11444 11447 15f8ee 11445->11447 11446 15fa12 11447->11446 11448 156844 RtlAllocateHeap 11447->11448 11448->11447 11169 164070 11174 1640b4 11169->11174 11170 1644e2 11172 1644f0 11170->11172 11173 15686c RtlFreeHeap 11170->11173 11171 15686c RtlFreeHeap 11171->11170 11175 1644fe 11172->11175 11176 15686c RtlFreeHeap 11172->11176 11173->11172 11177 156de8 RtlAllocateHeap 11174->11177 11180 1640d2 11174->11180 11176->11175 11178 164186 11177->11178 11179 156844 RtlAllocateHeap 11178->11179 11178->11180 11179->11180 11180->11170 11180->11171 11114 15f032 11118 15effb 11114->11118 11115 15efe7 MoveFileExW 11116 15eff9 11115->11116 11115->11118 11120 15f051 CreateFileW 11116->11120 11133 15f075 11116->11133 11117 15f034 11119 15686c RtlFreeHeap 11117->11119 11118->11115 11118->11116 11118->11117 11121 15686c RtlFreeHeap 11118->11121 11124 15ece4 RtlAllocateHeap 11118->11124 11119->11116 11123 15f07a 11120->11123 11120->11133 11121->11118 11122 15f14d 11126 15686c RtlFreeHeap 11122->11126 11128 15ed30 2 API calls 11123->11128 11124->11118 11125 15686c RtlFreeHeap 11125->11122 11127 15f155 11126->11127 11129 15f08f 11128->11129 11130 15f0a3 CreateIoCompletionPort 11129->11130 11129->11133 11131 15f0ba 11130->11131 11134 15f0dc 11130->11134 11132 15686c RtlFreeHeap 11131->11132 11132->11133 11133->11122 11133->11125 11134->11133 11135 15686c RtlFreeHeap 11134->11135 11135->11133 11654 15ddf2 11660 15ddde 11654->11660 11655 15ddf0 11656 15de3d 11655->11656 11657 15686c RtlFreeHeap 11655->11657 11657->11656 11658 15db90 NtTerminateProcess 11658->11660 11659 15dc60 NtTerminateProcess 11659->11660 11660->11655 11660->11658 11660->11659 11181 15c064 11182 156de8 RtlAllocateHeap 11181->11182 11183 15c080 11182->11183 11184 15c16b 11183->11184 11185 156844 RtlAllocateHeap 11183->11185 11186 15c179 11184->11186 11187 15686c RtlFreeHeap 11184->11187 11192 15c097 11185->11192 11188 15c187 11186->11188 11189 15686c RtlFreeHeap 11186->11189 11187->11186 11190 15c195 11188->11190 11191 15686c RtlFreeHeap 11188->11191 11189->11188 11191->11190 11192->11184 11193 15686c RtlFreeHeap 11192->11193 11194 15c0c5 11193->11194 11195 156844 RtlAllocateHeap 11194->11195 11196 15c0d5 11195->11196 11196->11184 11197 156ee4 2 API calls 11196->11197 11198 15c0eb 11197->11198 11199 15686c RtlFreeHeap 11198->11199 11200 15c108 11199->11200 11210 15bf94 11200->11210 11203 15c14a 11205 15bf94 2 API calls 11203->11205 11204 15b3c0 2 API calls 11204->11203 11206 15c155 11205->11206 11207 15bf94 2 API calls 11206->11207 11208 15c160 11207->11208 11209 15bf94 2 API calls 11208->11209 11209->11184 11211 15bfb9 11210->11211 11212 15c04f 11211->11212 11213 156844 RtlAllocateHeap 11211->11213 11214 15c05d 11212->11214 11216 15686c RtlFreeHeap 11212->11216 11215 15bfcb 11213->11215 11214->11203 11214->11204 11215->11212 11219 15bed0 11215->11219 11224 15bc38 11215->11224 11216->11214 11220 156934 RtlAllocateHeap 11219->11220 11223 15beec 11220->11223 11221 15bf8a 11221->11215 11222 15686c RtlFreeHeap 11222->11221 11223->11221 11223->11222 11225 15bc60 11224->11225 11226 156844 RtlAllocateHeap 11225->11226 11229 15bc64 11225->11229 11226->11229 11227 15beb8 11227->11215 11228 15686c RtlFreeHeap 11228->11227 11229->11227 11229->11228 11511 158f66 11512 158f68 RtlAdjustPrivilege 11511->11512 11513 1597d8 4 API calls 11512->11513 11514 158fa0 11513->11514 11515 159880 NtClose 11514->11515 11518 159010 11514->11518 11516 158fae 11515->11516 11516->11518 11519 158fb7 NtSetInformationThread 11516->11519 11517 159035 11518->11517 11520 158ecc 4 API calls 11518->11520 11519->11518 11521 158fcb 11519->11521 11520->11517 11522 158da8 5 API calls 11521->11522 11523 158fe0 11522->11523 11523->11518 11524 159880 NtClose 11523->11524 11525 158fee 11524->11525 11525->11518 11526 158be0 2 API calls 11525->11526 11526->11518 11136 15aa20 11138 15aa43 11136->11138 11137 15ab2f 11138->11137 11139 156844 RtlAllocateHeap 11138->11139 11140 15ab03 11139->11140 11140->11137 11141 15686c RtlFreeHeap 11140->11141 11141->11137 11142 160220 11143 16011d 11142->11143 11144 16028d 11143->11144 11146 1569e0 RtlAllocateHeap 11143->11146 11153 15f6d8 NtSetInformationThread NtClose 11143->11153 11155 15686c RtlFreeHeap 11143->11155 11156 15b3c0 2 API calls 11143->11156 11145 15686c RtlFreeHeap 11144->11145 11147 16029b 11144->11147 11145->11147 11146->11143 11148 160313 11147->11148 11149 15686c RtlFreeHeap 11147->11149 11150 15686c RtlFreeHeap 11148->11150 11151 160321 11148->11151 11149->11148 11150->11151 11152 16032f 11151->11152 11154 15686c RtlFreeHeap 11151->11154 11153->11143 11154->11152 11155->11143 11156->11143 9312 16946f 9313 16947e 9312->9313 9320 15639c 9313->9320 9317 16948e 9416 167458 9317->9416 9461 155aec 9320->9461 9323 1563b6 RtlCreateHeap 9324 15654d 9323->9324 9325 1563d1 9323->9325 9371 159990 9324->9371 9326 155aec 3 API calls 9325->9326 9327 1563ed 9326->9327 9327->9324 9469 155da0 9327->9469 9330 155da0 8 API calls 9331 156419 9330->9331 9332 155da0 8 API calls 9331->9332 9333 15642a 9332->9333 9334 155da0 8 API calls 9333->9334 9335 15643b 9334->9335 9336 155da0 8 API calls 9335->9336 9337 15644c 9336->9337 9338 155da0 8 API calls 9337->9338 9339 15645d 9338->9339 9340 155da0 8 API calls 9339->9340 9341 15646e 9340->9341 9342 155da0 8 API calls 9341->9342 9343 15647f 9342->9343 9344 155da0 8 API calls 9343->9344 9345 156490 9344->9345 9346 155da0 8 API calls 9345->9346 9347 1564a1 9346->9347 9348 155da0 8 API calls 9347->9348 9349 1564b2 9348->9349 9350 155da0 8 API calls 9349->9350 9351 1564c3 9350->9351 9352 155da0 8 API calls 9351->9352 9353 1564d4 9352->9353 9354 155da0 8 API calls 9353->9354 9355 1564e5 9354->9355 9356 155da0 8 API calls 9355->9356 9357 1564f6 9356->9357 9358 155da0 8 API calls 9357->9358 9359 156507 9358->9359 9360 155da0 8 API calls 9359->9360 9361 156518 9360->9361 9362 155da0 8 API calls 9361->9362 9363 156529 9362->9363 9364 155da0 8 API calls 9363->9364 9365 15653a 9364->9365 9475 15b444 9365->9475 9367 156541 9478 167738 9367->9478 9372 159995 9371->9372 9525 156f48 9372->9525 9374 15999a 9558 15b4dc CheckTokenMembership 9374->9558 9377 1599e6 9379 1599f4 9377->9379 9562 15bb70 9377->9562 9378 1599b9 9388 1599d7 9378->9388 9608 15b4fc 9378->9608 9379->9317 9382 159a00 9565 15b708 9382->9565 9559 156d40 9388->9559 9392 159a9f 9396 159ade 9392->9396 9402 15b674 NtQueryInformationToken 9392->9402 9393 159a13 9393->9392 9578 15b1ac 9393->9578 9592 15c3f8 9396->9592 9397 159a3c 9397->9393 9621 15ae74 9397->9621 9409 159acc 9402->9409 9408 159a7a 9408->9392 9411 15686c RtlFreeHeap 9408->9411 9409->9396 9645 1631e8 9409->9645 9412 159a89 9411->9412 9413 15686c RtlFreeHeap 9412->9413 9414 159a94 9413->9414 9415 15686c RtlFreeHeap 9414->9415 9415->9392 9417 167482 9416->9417 9418 167498 31 API calls 9417->9418 9419 1674a3 9417->9419 9429 1674b2 9417->9429 9709 159bb0 9419->9709 9423 167624 9776 16205c 9423->9776 9424 167631 9426 167646 9424->9426 9427 167637 9424->9427 9430 167656 9426->9430 9431 16764c 9426->9431 9428 159bb0 14 API calls 9427->9428 9432 16763c 9428->9432 9429->9423 9429->9424 9434 167675 9430->9434 9435 16765c 9430->9435 9858 1673ac 9431->9858 9827 161ef4 9432->9827 9437 167685 9434->9437 9438 16767b 9434->9438 9869 166fa0 9435->9869 9442 16768b 9437->9442 9443 1676d8 9437->9443 9896 16390c 9438->9896 9447 1676ba 9442->9447 9903 166da8 9442->9903 9445 1676e7 9443->9445 9446 1676de 9443->9446 9948 15a338 9445->9948 9448 166bbc 2 API calls 9446->9448 9447->9418 9917 1604b4 9447->9917 9448->9418 9453 16771c 9952 162428 9453->9952 9455 15a338 2 API calls 9456 16770b 9455->9456 9456->9453 9457 167710 9456->9457 9458 159bb0 14 API calls 9457->9458 9459 167715 9458->9459 9460 167034 117 API calls 9459->9460 9460->9418 9462 155b18 9461->9462 9463 155afe 9461->9463 9465 155aec 3 API calls 9462->9465 9467 155b40 9462->9467 9464 155aec 3 API calls 9463->9464 9464->9462 9465->9467 9466 155c0a 9466->9323 9466->9324 9467->9466 9489 155a84 9467->9489 9504 155c24 9469->9504 9471 155dcb 9471->9330 9472 155aec 3 API calls 9473 155ddb RtlAllocateHeap 9472->9473 9474 155db5 9473->9474 9474->9471 9474->9472 9476 15b458 NtSetInformationThread 9475->9476 9476->9367 9479 167754 9478->9479 9519 156844 9479->9519 9481 156548 9484 15b470 9481->9484 9482 167764 9482->9481 9522 15686c 9482->9522 9485 155aec 3 API calls 9484->9485 9486 15b495 9485->9486 9487 15b4bb 9486->9487 9488 15b49e NtProtectVirtualMemory 9486->9488 9487->9324 9488->9487 9490 155ab0 9489->9490 9491 155ae2 9489->9491 9490->9491 9496 155a20 9490->9496 9491->9467 9493 155ac4 9493->9491 9494 155ad8 9493->9494 9499 1559d4 9494->9499 9497 155a37 9496->9497 9498 155a65 LdrLoadDll 9497->9498 9498->9493 9500 155a04 LdrGetProcedureAddress 9499->9500 9501 1559e3 9499->9501 9502 155a16 9500->9502 9503 1559ef LdrGetProcedureAddress 9501->9503 9502->9491 9503->9502 9505 155c37 9504->9505 9506 155c51 9504->9506 9508 155aec 3 API calls 9505->9508 9507 155c79 9506->9507 9509 155aec 3 API calls 9506->9509 9510 155aec 3 API calls 9507->9510 9517 155ca1 9507->9517 9508->9506 9509->9507 9510->9517 9511 155ce9 FindFirstFileW 9511->9517 9512 155d5a 9512->9474 9513 155d37 FindNextFileW 9516 155d4b FindClose 9513->9516 9513->9517 9514 155d19 FindClose 9515 155a20 LdrLoadDll 9514->9515 9518 155d30 9515->9518 9516->9517 9517->9511 9517->9512 9517->9513 9517->9514 9518->9474 9520 15684c 9519->9520 9521 15685a RtlAllocateHeap 9520->9521 9521->9482 9523 156874 9522->9523 9524 156882 RtlFreeHeap 9523->9524 9524->9481 9649 156de8 9525->9649 9527 156f60 9528 157237 9527->9528 9529 156844 RtlAllocateHeap 9527->9529 9528->9374 9534 156f7d 9529->9534 9530 15722f 9531 15686c RtlFreeHeap 9530->9531 9531->9528 9532 157221 9533 15686c RtlFreeHeap 9532->9533 9533->9530 9534->9530 9534->9532 9535 157000 9534->9535 9536 156844 RtlAllocateHeap 9534->9536 9537 156844 RtlAllocateHeap 9535->9537 9538 157033 9535->9538 9536->9535 9537->9538 9539 157066 9538->9539 9540 156844 RtlAllocateHeap 9538->9540 9541 156844 RtlAllocateHeap 9539->9541 9543 157099 9539->9543 9540->9539 9541->9543 9542 157132 9549 156844 RtlAllocateHeap 9542->9549 9550 157169 9542->9550 9544 1570cc 9543->9544 9545 156844 RtlAllocateHeap 9543->9545 9546 156844 RtlAllocateHeap 9544->9546 9547 1570ff 9544->9547 9545->9544 9546->9547 9547->9542 9548 156844 RtlAllocateHeap 9547->9548 9548->9542 9549->9550 9550->9532 9551 156844 RtlAllocateHeap 9550->9551 9552 1571a4 9551->9552 9552->9532 9652 156ee4 9552->9652 9554 1571cc 9555 156844 RtlAllocateHeap 9554->9555 9556 1571eb 9555->9556 9556->9532 9557 15686c RtlFreeHeap 9556->9557 9557->9532 9558->9378 9560 156844 RtlAllocateHeap 9559->9560 9561 156d55 9560->9561 9561->9377 9563 156844 RtlAllocateHeap 9562->9563 9564 15bb81 9563->9564 9564->9382 9566 15b715 9565->9566 9567 15b71c RtlAdjustPrivilege 9566->9567 9568 159a0a 9566->9568 9567->9566 9567->9568 9569 15b674 9568->9569 9570 15b68b 9569->9570 9571 159a0f 9570->9571 9572 15b68f NtQueryInformationToken 9570->9572 9571->9393 9573 15b388 9571->9573 9572->9571 9661 1597d8 9573->9661 9575 15b3a5 9577 159a29 9575->9577 9671 159880 9575->9671 9577->9393 9620 15b4dc CheckTokenMembership 9577->9620 9579 15b1ca 9578->9579 9580 156844 RtlAllocateHeap 9579->9580 9582 15b1d5 9580->9582 9581 159a58 9581->9392 9638 15b5b8 9581->9638 9582->9581 9583 15686c RtlFreeHeap 9582->9583 9585 15b1f6 9583->9585 9584 15686c RtlFreeHeap 9584->9581 9591 15b350 9585->9591 9678 156e18 9585->9678 9587 15b306 9588 156e18 RtlAllocateHeap 9587->9588 9589 15b32b 9588->9589 9590 156e18 RtlAllocateHeap 9589->9590 9590->9591 9591->9584 9593 15c418 9592->9593 9594 159af3 9592->9594 9595 156de8 RtlAllocateHeap 9593->9595 9602 15e2b8 9594->9602 9596 15c429 9595->9596 9596->9594 9597 156844 RtlAllocateHeap 9596->9597 9601 15c445 9597->9601 9598 15c645 9599 15686c RtlFreeHeap 9598->9599 9599->9594 9600 15686c RtlFreeHeap 9600->9598 9601->9598 9601->9600 9603 15e2d4 9602->9603 9681 15e350 9603->9681 9605 15e32a 9606 159af8 9605->9606 9607 15686c RtlFreeHeap 9605->9607 9606->9317 9607->9606 9610 15b511 9608->9610 9609 1599ce 9609->9388 9614 15babc 9609->9614 9610->9609 9611 156844 RtlAllocateHeap 9610->9611 9612 15b54a 9611->9612 9612->9609 9613 15686c RtlFreeHeap 9612->9613 9613->9609 9616 15bad1 9614->9616 9615 15bb66 9615->9388 9616->9615 9685 159740 9616->9685 9619 15686c RtlFreeHeap 9619->9615 9620->9397 9622 15aebf 9621->9622 9637 15b074 9622->9637 9689 15ac28 9622->9689 9624 15aecd 9625 15b0cf 9624->9625 9626 15afbb 9624->9626 9624->9637 9628 156de8 RtlAllocateHeap 9625->9628 9625->9637 9627 156de8 RtlAllocateHeap 9626->9627 9626->9637 9630 15afee 9627->9630 9629 15b0fe 9628->9629 9631 15686c RtlFreeHeap 9629->9631 9629->9637 9632 15686c RtlFreeHeap 9630->9632 9630->9637 9631->9637 9633 15b010 9632->9633 9634 156de8 RtlAllocateHeap 9633->9634 9633->9637 9635 15b056 9634->9635 9636 15686c RtlFreeHeap 9635->9636 9635->9637 9636->9637 9637->9393 9640 15b5cd 9638->9640 9639 159a71 9639->9392 9644 15b4dc CheckTokenMembership 9639->9644 9640->9639 9641 156844 RtlAllocateHeap 9640->9641 9642 15b606 9641->9642 9642->9639 9643 15686c RtlFreeHeap 9642->9643 9643->9639 9644->9408 9646 1631f8 9645->9646 9648 163256 9646->9648 9699 162f58 9646->9699 9648->9396 9650 156844 RtlAllocateHeap 9649->9650 9651 156df9 9650->9651 9651->9527 9653 156f0b 9652->9653 9658 156e8c 9653->9658 9655 156f2b 9656 15686c RtlFreeHeap 9655->9656 9657 156f3f 9656->9657 9657->9554 9659 156844 RtlAllocateHeap 9658->9659 9660 156eaf 9659->9660 9660->9655 9662 156844 RtlAllocateHeap 9661->9662 9667 1597f6 9662->9667 9663 1597f9 NtQuerySystemInformation 9663->9667 9669 15980f 9663->9669 9664 15982c 9666 15686c RtlFreeHeap 9664->9666 9666->9669 9667->9663 9667->9664 9675 156894 9667->9675 9668 15686c RtlFreeHeap 9670 159872 9668->9670 9669->9575 9669->9668 9670->9575 9674 1598a5 9671->9674 9672 15996e NtClose 9673 159977 9672->9673 9673->9577 9674->9672 9674->9673 9676 15689c 9675->9676 9677 1568aa RtlReAllocateHeap 9676->9677 9677->9667 9679 156844 RtlAllocateHeap 9678->9679 9680 156e2a 9679->9680 9680->9587 9682 15e35c 9681->9682 9684 15e369 9681->9684 9683 156844 RtlAllocateHeap 9682->9683 9682->9684 9683->9684 9684->9605 9686 159752 9685->9686 9688 15977a 9685->9688 9687 156844 RtlAllocateHeap 9686->9687 9687->9688 9688->9619 9690 156844 RtlAllocateHeap 9689->9690 9691 15ac4d 9690->9691 9692 15ac83 9691->9692 9693 156894 RtlReAllocateHeap 9691->9693 9698 15ac66 9691->9698 9694 15686c RtlFreeHeap 9692->9694 9693->9691 9695 15ac8b 9694->9695 9695->9624 9696 15686c RtlFreeHeap 9697 15adb0 9696->9697 9697->9624 9698->9696 9700 162f69 9699->9700 9702 1630f7 9700->9702 9703 15b3c0 9700->9703 9702->9648 9704 15b3d2 9703->9704 9705 15b3cf 9703->9705 9704->9705 9706 15b419 NtSetInformationThread 9704->9706 9705->9702 9707 15b42f NtClose 9706->9707 9708 15b42e 9706->9708 9707->9705 9708->9707 9710 159bc3 9709->9710 9711 159c5e 9709->9711 9989 157fbc 9710->9989 9718 167034 KiUserCallbackDispatcher 9711->9718 9714 159c11 9716 159c31 CreateMutexW 9714->9716 9715 1604b4 13 API calls 9715->9714 9993 1568ec 9716->9993 9719 1670ff 9718->9719 9726 167059 9718->9726 9720 167145 CreateThread CreateThread 9719->9720 9721 16711a CreateThread 9719->9721 9724 167183 9720->9724 9725 16717e 9720->9725 10465 15782c CoInitialize 9720->10465 10467 157468 GetLogicalDriveStringsW 9720->10467 9721->9720 9723 167135 9721->9723 10450 158f68 RtlAdjustPrivilege 9721->10450 9722 1670bc 9722->9719 9731 159c64 3 API calls 9722->9731 9723->9720 9728 1671a4 9724->9728 9729 16718c CreateThread 9724->9729 9999 157ca4 OpenSCManagerW 9725->9999 9726->9722 10104 159c64 9726->10104 9736 167221 9728->9736 10007 15b734 9728->10007 9729->9728 10472 157e58 9729->10472 9731->9719 9734 16727f 9738 1672a3 9734->9738 9739 167288 CreateThread 9734->9739 9735 16726b NtTerminateThread 9735->9734 9736->9734 9736->9735 9741 167392 9738->9741 9765 1672c3 9738->9765 9739->9738 10445 159628 9739->10445 10147 161934 9741->10147 9742 167201 9745 15e2b8 2 API calls 9742->9745 9746 167214 9742->9746 9750 16720f 9745->9750 9756 15e2b8 2 API calls 9746->9756 9749 167339 9751 15b674 NtQueryInformationToken 9749->9751 10061 15fc88 9750->10061 9755 16733e 9751->9755 9753 15e2b8 2 API calls 9758 1671f2 9753->9758 9759 167342 9755->9759 9760 167349 9755->9760 9756->9736 10030 160a38 9758->10030 10125 158960 9759->10125 10129 158230 9760->10129 9764 1671f7 9769 15e2b8 2 API calls 9764->9769 9765->9749 10083 15da00 9765->10083 9767 167390 9767->9418 9768 167347 9768->9767 10098 159640 9768->10098 9770 1671fc 9769->9770 10037 160be4 9770->10037 9775 1604b4 13 API calls 9775->9767 9777 156934 RtlAllocateHeap 9776->9777 9778 162074 9777->9778 9779 162096 9778->9779 9780 1620a5 9778->9780 9787 16210d 9778->9787 10585 160000 9779->10585 10611 157428 9780->10611 9784 162105 9785 15686c RtlFreeHeap 9784->9785 9785->9787 9786 156844 RtlAllocateHeap 9824 1620ea 9786->9824 9787->9418 9788 162122 9789 15686c RtlFreeHeap 9788->9789 9789->9787 9790 15a280 NtSetInformationThread NtClose 9790->9824 9791 15a338 2 API calls 9791->9824 9792 162196 9794 15686c RtlFreeHeap 9792->9794 9793 16236f 9795 15686c RtlFreeHeap 9793->9795 9794->9787 9795->9787 9796 16228e 9798 15686c RtlFreeHeap 9796->9798 9797 1622a1 10623 15a3dc 9797->10623 9798->9787 9799 162271 9804 15686c RtlFreeHeap 9799->9804 9800 1623a1 9802 156984 RtlAllocateHeap 9800->9802 9801 162382 9801->9800 9806 162397 9801->9806 9807 1623fa 9802->9807 9804->9787 9805 1622c5 9810 162323 9805->9810 9811 16232d 9805->9811 9812 15686c RtlFreeHeap 9806->9812 9813 15686c RtlFreeHeap 9807->9813 9815 156984 RtlAllocateHeap 9810->9815 10627 156a74 9811->10627 9812->9787 9817 162403 9813->9817 9814 1622b8 9819 15686c RtlFreeHeap 9814->9819 9820 16232b 9815->9820 9817->9787 9825 16096c 11 API calls 9817->9825 9818 15686c RtlFreeHeap 9818->9824 9819->9787 9822 15686c RtlFreeHeap 9820->9822 9821 15ab68 NtSetInformationThread NtClose 9821->9824 9823 16233e 9822->9823 9823->9787 10631 16096c 9823->10631 9824->9784 9824->9786 9824->9787 9824->9788 9824->9790 9824->9791 9824->9792 9824->9793 9824->9796 9824->9797 9824->9799 9824->9800 9824->9801 9824->9805 9824->9818 9824->9821 10617 15a958 9824->10617 9825->9787 9828 161d28 2 API calls 9827->9828 9829 161f02 9828->9829 9830 161f06 9829->9830 9831 161f27 9829->9831 9833 161f22 9830->9833 9835 1604b4 13 API calls 9830->9835 9832 159640 2 API calls 9831->9832 9834 161f2c 9832->9834 9833->9418 9836 161f30 9834->9836 9837 161f3a 9834->9837 9835->9833 9838 167034 117 API calls 9836->9838 10640 15b4dc CheckTokenMembership 9837->10640 9840 161f35 9838->9840 9840->9418 9841 161f3f 9842 162056 9841->9842 9843 161fb5 9841->9843 9844 159c64 3 API calls 9841->9844 9842->9418 9846 159c64 3 API calls 9843->9846 9848 161ffe 9843->9848 9844->9843 9846->9848 10641 160e30 9848->10641 9852 16202b 9852->9842 10689 161170 9852->10689 9855 158230 2 API calls 9856 16204f 9855->9856 9857 1616ac 2 API calls 9856->9857 9857->9842 10728 161be8 9858->10728 9861 158230 2 API calls 9862 1673bf 9861->9862 9863 15b674 NtQueryInformationToken 9862->9863 9865 1673d8 9863->9865 9864 167450 9864->9418 9865->9864 9866 159640 2 API calls 9865->9866 9867 167430 9866->9867 9868 1604b4 13 API calls 9867->9868 9868->9864 9870 163954 RtlAllocateHeap 9869->9870 9874 166fb2 9870->9874 9871 167021 9872 16702f 9871->9872 9873 15686c RtlFreeHeap 9871->9873 9884 166bbc 9872->9884 9873->9872 9874->9871 9875 166ff6 9874->9875 10742 166490 9874->10742 10760 163ea0 9875->10760 9881 167017 9883 163ea0 2 API calls 9881->9883 9883->9871 9885 166bd0 9884->9885 9886 166d9f 9884->9886 9887 163954 RtlAllocateHeap 9885->9887 9886->9418 9892 166be0 9887->9892 9888 166d91 9888->9886 9890 15686c RtlFreeHeap 9888->9890 9889 15686c RtlFreeHeap 9889->9888 9890->9886 9891 166c86 9891->9888 9891->9889 9892->9891 9893 156844 RtlAllocateHeap 9892->9893 9894 166ca8 9893->9894 9894->9891 11068 166688 9894->11068 9897 163954 RtlAllocateHeap 9896->9897 9901 16391e 9897->9901 9898 163942 9899 163950 9898->9899 9900 15686c RtlFreeHeap 9898->9900 9899->9418 9900->9899 9901->9898 11078 163784 9901->11078 9904 166dc4 9903->9904 9905 156de8 RtlAllocateHeap 9904->9905 9906 166ed5 9905->9906 9907 156de8 RtlAllocateHeap 9906->9907 9916 166ede 9906->9916 9908 166eef 9907->9908 9912 156de8 RtlAllocateHeap 9908->9912 9908->9916 9909 15686c RtlFreeHeap 9910 166f7b 9909->9910 9911 166f89 9910->9911 9913 15686c RtlFreeHeap 9910->9913 9914 166f97 9911->9914 9915 15686c RtlFreeHeap 9911->9915 9912->9916 9913->9911 9914->9447 9915->9914 9916->9909 9916->9910 9918 1604e9 9917->9918 9919 156de8 RtlAllocateHeap 9918->9919 9920 160562 9919->9920 9921 156844 RtlAllocateHeap 9920->9921 9922 16056b 9920->9922 9924 160582 9921->9924 9923 160930 9922->9923 9925 15686c RtlFreeHeap 9922->9925 9926 16093e 9923->9926 9928 15686c RtlFreeHeap 9923->9928 9924->9922 11096 160338 9924->11096 9925->9923 9929 16094c 9926->9929 9931 15686c RtlFreeHeap 9926->9931 9928->9926 9932 16095a 9929->9932 9933 15686c RtlFreeHeap 9929->9933 9930 1605b3 9930->9922 9934 1605d4 GetTempFileNameW CreateFileW 9930->9934 9931->9929 9932->9418 9933->9932 9934->9922 9935 160619 WriteFile 9934->9935 9935->9922 9936 160635 CreateProcessW 9935->9936 9936->9922 9938 16069f NtQueryInformationProcess 9936->9938 9938->9922 9939 1606c3 NtReadVirtualMemory 9938->9939 9939->9922 9940 1606ea 9939->9940 9941 156de8 RtlAllocateHeap 9940->9941 9942 1606f4 9941->9942 9942->9922 9943 160758 NtProtectVirtualMemory 9942->9943 9943->9922 9944 160784 NtWriteVirtualMemory 9943->9944 9944->9922 9945 16079e 9944->9945 9945->9922 9946 160829 CreateNamedPipeW 9945->9946 9946->9922 9947 160895 ResumeThread ConnectNamedPipe 9946->9947 9947->9922 9949 15a35b 9948->9949 9950 15b3c0 2 API calls 9949->9950 9951 15a375 9949->9951 9950->9951 9951->9453 9951->9455 9953 156934 RtlAllocateHeap 9952->9953 9982 162440 9953->9982 9954 15a338 2 API calls 9954->9982 9955 1625bc 9956 15686c RtlFreeHeap 9955->9956 9988 1624c6 9956->9988 9957 1624db 9960 15686c RtlFreeHeap 9957->9960 9958 1624ee 9965 15a3dc 2 API calls 9958->9965 9959 15a280 NtSetInformationThread NtClose 9959->9982 9960->9988 9961 1624be 9966 15686c RtlFreeHeap 9961->9966 9962 1625ee 9964 156984 RtlAllocateHeap 9962->9964 9963 1625cf 9963->9962 9968 1625e4 9963->9968 9969 162647 9964->9969 9970 162501 9965->9970 9966->9988 9967 162512 9971 162570 9967->9971 9972 16257a 9967->9972 9973 15686c RtlFreeHeap 9968->9973 9974 15686c RtlFreeHeap 9969->9974 9970->9967 9975 162505 9970->9975 9976 156984 RtlAllocateHeap 9971->9976 9977 156a74 RtlAllocateHeap 9972->9977 9973->9988 9978 162650 9974->9978 9979 15686c RtlFreeHeap 9975->9979 9980 162578 9976->9980 9977->9980 9985 16096c 11 API calls 9978->9985 9978->9988 9979->9988 9983 15686c RtlFreeHeap 9980->9983 9981 15ab68 NtSetInformationThread NtClose 9981->9982 9982->9954 9982->9955 9982->9957 9982->9958 9982->9959 9982->9961 9982->9962 9982->9963 9982->9967 9982->9981 9986 15686c RtlFreeHeap 9982->9986 9982->9988 9984 16258b 9983->9984 9987 16096c 11 API calls 9984->9987 9984->9988 9985->9988 9986->9982 9987->9988 9988->9418 9990 157fd5 9989->9990 9992 15808e 9990->9992 9996 1568c0 9990->9996 9992->9714 9992->9715 9994 15686c RtlFreeHeap 9993->9994 9995 1568fb 9994->9995 9995->9711 9997 156844 RtlAllocateHeap 9996->9997 9998 1568d6 9997->9998 9998->9992 10000 157dda 9999->10000 10001 157cd2 9999->10001 10002 157df7 10000->10002 10004 15686c RtlFreeHeap 10000->10004 10003 156844 RtlAllocateHeap 10001->10003 10002->9724 10005 157d01 10003->10005 10004->10002 10005->10000 10176 15dc60 10005->10176 10008 1568c0 RtlAllocateHeap 10007->10008 10009 15b73c 10008->10009 10010 15b784 10009->10010 10011 15b742 NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess 10009->10011 10013 15e1e8 10010->10013 10012 1568ec RtlFreeHeap 10011->10012 10012->10010 10016 15e1f5 10013->10016 10014 15e25a 10014->9736 10014->9742 10019 15a68c 10014->10019 10015 15e22a CreateThread 10015->10016 10180 15de78 SetThreadPriority 10015->10180 10016->10014 10016->10015 10017 15b444 NtSetInformationThread 10016->10017 10018 15e24b NtClose 10017->10018 10018->10016 10020 15a6b3 GetVolumeNameForVolumeMountPointW 10019->10020 10022 15a6f6 FindFirstVolumeW 10020->10022 10023 15a947 10022->10023 10029 15a712 10022->10029 10023->9753 10024 15a72b GetVolumePathNamesForVolumeNameW 10024->10029 10025 15a75c GetDriveTypeW 10025->10029 10026 15a7fd CreateFileW 10027 15a823 DeviceIoControl 10026->10027 10026->10029 10027->10029 10028 15a600 6 API calls 10028->10029 10029->10023 10029->10024 10029->10025 10029->10026 10029->10028 10031 160a92 10030->10031 10034 160b08 10031->10034 10036 160b63 10031->10036 10188 15b4dc CheckTokenMembership 10031->10188 10033 160b0c 10033->9764 10034->10033 10189 156984 10034->10189 10036->9764 10038 160bf9 10037->10038 10193 15a488 CreateThread 10038->10193 10040 160c0b 10041 156844 RtlAllocateHeap 10040->10041 10058 160c11 10040->10058 10043 160c23 10041->10043 10042 160e0a 10045 160e18 10042->10045 10047 15686c RtlFreeHeap 10042->10047 10046 15a488 6 API calls 10043->10046 10043->10058 10044 15686c RtlFreeHeap 10044->10042 10048 160e26 10045->10048 10050 15686c RtlFreeHeap 10045->10050 10049 160c40 10046->10049 10047->10045 10048->9742 10051 156844 RtlAllocateHeap 10049->10051 10049->10058 10050->10048 10052 160c5b 10051->10052 10053 156844 RtlAllocateHeap 10052->10053 10052->10058 10060 160c76 10053->10060 10055 156984 RtlAllocateHeap 10056 160cd2 CreateThread 10055->10056 10056->10060 10211 15f308 GetFileAttributesW 10056->10211 10057 156984 RtlAllocateHeap 10057->10060 10058->10042 10058->10044 10059 15b3c0 2 API calls 10059->10060 10060->10055 10060->10057 10060->10058 10060->10059 10201 15a1c0 CreateThread 10060->10201 10062 15fcb4 10061->10062 10063 156844 RtlAllocateHeap 10062->10063 10064 15fcc1 10063->10064 10079 15fcca 10064->10079 10373 15f82c CoInitialize 10064->10373 10067 15ffdb 10069 15ffe9 10067->10069 10071 15686c RtlFreeHeap 10067->10071 10068 15686c RtlFreeHeap 10068->10067 10072 15fff7 10069->10072 10074 15686c RtlFreeHeap 10069->10074 10070 156844 RtlAllocateHeap 10073 15fcf7 10070->10073 10071->10069 10072->9746 10075 156844 RtlAllocateHeap 10073->10075 10073->10079 10074->10072 10077 15fd12 10075->10077 10076 15f59c NtSetInformationThread NtClose 10076->10077 10077->10076 10077->10079 10080 15f6d8 NtSetInformationThread NtClose 10077->10080 10081 15b3c0 2 API calls 10077->10081 10082 15686c RtlFreeHeap 10077->10082 10379 1569e0 10077->10379 10079->10067 10079->10068 10080->10077 10081->10077 10082->10077 10383 15cedc 10083->10383 10085 15da39 10091 156de8 RtlAllocateHeap 10085->10091 10093 15da42 10085->10093 10086 15db6a 10088 15db78 10086->10088 10089 15686c RtlFreeHeap 10086->10089 10087 15686c RtlFreeHeap 10087->10086 10090 15db86 10088->10090 10092 15686c RtlFreeHeap 10088->10092 10089->10088 10090->9749 10094 15da8f 10091->10094 10092->10090 10093->10086 10093->10087 10094->10093 10095 156844 RtlAllocateHeap 10094->10095 10096 15dac5 10095->10096 10096->10093 10387 15cfcc 10096->10387 10101 159669 10098->10101 10099 159735 10099->9775 10100 15686c RtlFreeHeap 10100->10099 10103 159698 10101->10103 10426 15c8c4 10101->10426 10103->10099 10103->10100 10106 159c96 10104->10106 10105 159c9a 10105->9722 10106->10105 10432 163954 10106->10432 10108 15a04a 10110 15a05e 10108->10110 10111 15686c RtlFreeHeap 10108->10111 10109 15686c RtlFreeHeap 10109->10108 10112 15a072 10110->10112 10113 15686c RtlFreeHeap 10110->10113 10111->10110 10114 15a086 10112->10114 10115 15686c RtlFreeHeap 10112->10115 10113->10112 10114->9722 10115->10114 10116 159e11 10117 15b674 NtQueryInformationToken 10116->10117 10122 159e20 10116->10122 10118 159ee2 10117->10118 10119 156de8 RtlAllocateHeap 10118->10119 10118->10122 10120 159f25 10119->10120 10121 156de8 RtlAllocateHeap 10120->10121 10120->10122 10123 159f45 10121->10123 10122->10108 10122->10109 10123->10122 10124 156de8 RtlAllocateHeap 10123->10124 10124->10122 10126 158971 10125->10126 10127 15b3c0 2 API calls 10126->10127 10128 158b6c 10126->10128 10127->10128 10128->9768 10134 158290 10129->10134 10146 15828b 10129->10146 10130 158909 10132 15686c RtlFreeHeap 10130->10132 10133 158917 10130->10133 10131 15686c RtlFreeHeap 10131->10130 10132->10133 10133->9768 10135 156844 RtlAllocateHeap 10134->10135 10134->10146 10136 1583cf 10135->10136 10137 1583e7 10136->10137 10138 158401 10136->10138 10136->10146 10140 156de8 RtlAllocateHeap 10137->10140 10139 156de8 RtlAllocateHeap 10138->10139 10141 1583f1 10139->10141 10140->10141 10142 158434 10141->10142 10144 158448 10141->10144 10141->10146 10143 15686c RtlFreeHeap 10142->10143 10143->10146 10144->10146 10435 156c98 10144->10435 10146->10130 10146->10131 10148 156de8 RtlAllocateHeap 10147->10148 10152 161967 10148->10152 10149 161aa8 10151 161ab6 10149->10151 10153 15686c RtlFreeHeap 10149->10153 10150 15686c RtlFreeHeap 10150->10149 10154 161ac4 10151->10154 10156 15686c RtlFreeHeap 10151->10156 10161 161970 10152->10161 10439 1618b8 10152->10439 10153->10151 10164 161d28 10154->10164 10156->10154 10157 1619a4 10158 156934 RtlAllocateHeap 10157->10158 10157->10161 10159 1619bf 10158->10159 10160 156de8 RtlAllocateHeap 10159->10160 10159->10161 10162 161a25 10160->10162 10161->10149 10161->10150 10163 15686c RtlFreeHeap 10162->10163 10163->10161 10165 161e2c 10164->10165 10167 161e5a 10165->10167 10442 161c34 10165->10442 10168 161eeb 10167->10168 10169 15686c RtlFreeHeap 10167->10169 10170 1616ac 10168->10170 10169->10168 10171 1616c4 10170->10171 10172 156de8 RtlAllocateHeap 10171->10172 10173 1616fe 10172->10173 10174 161707 10173->10174 10175 15686c RtlFreeHeap 10173->10175 10174->9767 10175->10174 10177 15dcba 10176->10177 10178 15dcbe NtTerminateProcess 10177->10178 10179 15dcd2 10177->10179 10178->10179 10179->10005 10186 15de8f 10180->10186 10181 15def1 ReadFile 10181->10186 10182 15e0aa WriteFile 10182->10186 10183 15e150 NtClose 10183->10186 10184 15dee2 10185 15686c RtlFreeHeap 10185->10186 10186->10181 10186->10182 10186->10183 10186->10184 10186->10185 10187 15e031 WriteFile 10186->10187 10187->10186 10188->10034 10190 15699c 10189->10190 10191 156844 RtlAllocateHeap 10190->10191 10192 1569b2 10190->10192 10191->10192 10192->10036 10194 15a524 10193->10194 10195 15a4c8 10193->10195 10209 15a470 GetLogicalDriveStringsW 10193->10209 10194->10040 10196 15a4fa ResumeThread 10195->10196 10197 15b3c0 2 API calls 10195->10197 10199 15a50e GetExitCodeThread 10196->10199 10198 15a4d9 10197->10198 10198->10196 10200 15a4dd 10198->10200 10199->10194 10200->10040 10202 15a1f3 10201->10202 10203 15a24f 10201->10203 10210 15a1b0 GetDriveTypeW 10201->10210 10204 15a225 ResumeThread 10202->10204 10205 15b3c0 2 API calls 10202->10205 10203->10060 10206 15a239 GetExitCodeThread 10204->10206 10207 15a204 10205->10207 10206->10203 10207->10204 10208 15a208 10207->10208 10208->10060 10212 15f37f SetThreadPriority 10211->10212 10214 15f321 10211->10214 10217 15f38e 10212->10217 10213 15f371 10215 15686c RtlFreeHeap 10213->10215 10214->10213 10293 15a094 FindFirstFileExW 10214->10293 10218 15f379 10215->10218 10220 156844 RtlAllocateHeap 10217->10220 10225 15f3ad 10220->10225 10221 15f34b 10223 15c19c 10 API calls 10221->10223 10224 15f355 10223->10224 10227 15ef6c 14 API calls 10224->10227 10228 15686c RtlFreeHeap 10225->10228 10231 15686c RtlFreeHeap 10225->10231 10232 15f54c 10225->10232 10234 15f514 FindNextFileW 10225->10234 10237 15f1c8 RtlAllocateHeap 10225->10237 10239 15c19c 10225->10239 10258 15f164 10225->10258 10262 15ef6c 10225->10262 10229 15f36b 10227->10229 10230 15f3dd FindFirstFileExW 10228->10230 10230->10225 10231->10225 10233 15686c RtlFreeHeap 10232->10233 10236 15f56f 10233->10236 10234->10225 10235 15f52c FindClose 10234->10235 10235->10225 10237->10225 10240 15c1b8 10239->10240 10254 15c1b3 10239->10254 10296 156934 10240->10296 10243 15c1d0 GetFileAttributesW 10244 15c1e0 10243->10244 10245 15c225 10244->10245 10246 15c23e 10244->10246 10247 15c28c 5 API calls 10245->10247 10248 15c255 GetFileAttributesW 10246->10248 10249 15c246 10246->10249 10253 15c22d 10247->10253 10251 15c262 10248->10251 10252 15c26e CopyFileW 10248->10252 10300 15c28c CreateFileW 10249->10300 10255 15686c RtlFreeHeap 10251->10255 10256 15686c RtlFreeHeap 10252->10256 10257 15686c RtlFreeHeap 10253->10257 10254->10225 10255->10249 10256->10254 10257->10254 10259 15f17c 10258->10259 10260 15f192 10259->10260 10261 156844 RtlAllocateHeap 10259->10261 10260->10225 10261->10260 10263 15f155 10262->10263 10264 15ef8d 10262->10264 10263->10225 10311 15e3ac 10264->10311 10267 15f14d 10269 15686c RtlFreeHeap 10267->10269 10269->10263 10270 15efa5 10270->10267 10271 15efcc 10270->10271 10272 15efb9 10270->10272 10324 15ece4 10271->10324 10348 15ec00 10272->10348 10275 15efe7 MoveFileExW 10276 15eff9 10275->10276 10281 15efc7 10275->10281 10279 15f051 CreateFileW 10276->10279 10287 15f075 10276->10287 10277 15f034 10278 15686c RtlFreeHeap 10277->10278 10278->10276 10282 15f07a 10279->10282 10279->10287 10280 15686c RtlFreeHeap 10280->10281 10281->10267 10281->10275 10281->10276 10281->10277 10281->10280 10283 15ece4 RtlAllocateHeap 10281->10283 10328 15ed30 10282->10328 10283->10281 10284 15686c RtlFreeHeap 10284->10267 10287->10267 10287->10284 10288 15f0a3 CreateIoCompletionPort 10289 15f0dc 10288->10289 10290 15f0ba 10288->10290 10289->10287 10292 15686c RtlFreeHeap 10289->10292 10291 15686c RtlFreeHeap 10290->10291 10291->10287 10292->10287 10294 15a0e5 10293->10294 10295 15a0c5 FindClose 10293->10295 10294->10213 10294->10221 10295->10294 10297 15694a 10296->10297 10298 156961 10297->10298 10299 156844 RtlAllocateHeap 10297->10299 10298->10243 10298->10254 10299->10298 10301 15c3ed 10300->10301 10302 15c2bd 10300->10302 10301->10254 10303 15c2f5 WriteFile 10302->10303 10304 15c32c WriteFile 10303->10304 10305 15c31a 10303->10305 10306 15c365 WriteFile 10304->10306 10307 15c353 10304->10307 10305->10254 10308 15c39c WriteFile 10306->10308 10309 15c38a 10306->10309 10307->10254 10308->10302 10310 15c3c3 10308->10310 10309->10254 10310->10254 10312 15e3c5 SetFileAttributesW CreateFileW 10311->10312 10313 15e40b 10312->10313 10315 15e3f3 10312->10315 10313->10267 10316 15e45c SetFileAttributesW CreateFileW 10313->10316 10315->10312 10315->10313 10352 15de48 10315->10352 10317 15e508 10316->10317 10318 15e49c SetFilePointerEx 10316->10318 10317->10270 10318->10317 10319 15e4bb ReadFile 10318->10319 10319->10317 10320 15e4da 10319->10320 10321 15e350 RtlAllocateHeap 10320->10321 10322 15e4eb 10321->10322 10322->10317 10323 15686c RtlFreeHeap 10322->10323 10323->10317 10325 15ecf2 10324->10325 10326 156934 RtlAllocateHeap 10325->10326 10327 15ed01 10326->10327 10327->10281 10330 15ed60 10328->10330 10329 15ed91 10332 156844 RtlAllocateHeap 10329->10332 10330->10329 10331 15e2b8 2 API calls 10330->10331 10331->10329 10339 15ed9d 10332->10339 10333 15ef39 10335 15ef47 10333->10335 10337 15686c RtlFreeHeap 10333->10337 10334 15686c RtlFreeHeap 10334->10333 10336 15ef55 10335->10336 10338 15686c RtlFreeHeap 10335->10338 10336->10287 10336->10288 10337->10335 10338->10336 10340 156844 RtlAllocateHeap 10339->10340 10347 15eee4 10339->10347 10341 15edfa 10340->10341 10342 156844 RtlAllocateHeap 10341->10342 10341->10347 10343 15ee29 10342->10343 10344 156844 RtlAllocateHeap 10343->10344 10343->10347 10345 15eedb 10344->10345 10346 15686c RtlFreeHeap 10345->10346 10345->10347 10346->10347 10347->10333 10347->10334 10349 15ec0d 10348->10349 10350 156934 RtlAllocateHeap 10349->10350 10351 15ec19 10350->10351 10351->10281 10353 15de53 10352->10353 10354 15de60 10353->10354 10358 15dce4 10353->10358 10356 15de66 Sleep 10354->10356 10357 15de71 10354->10357 10356->10357 10357->10315 10359 15dd1b 10358->10359 10362 15ddf0 10359->10362 10363 156844 RtlAllocateHeap 10359->10363 10360 15de3d 10360->10354 10361 15686c RtlFreeHeap 10361->10360 10362->10360 10362->10361 10364 15dd74 10363->10364 10364->10362 10365 156894 RtlReAllocateHeap 10364->10365 10366 15dd9d 10364->10366 10365->10364 10366->10362 10368 15dc60 NtTerminateProcess 10366->10368 10369 15db90 10366->10369 10368->10366 10371 15dbb0 10369->10371 10370 15dc2d 10370->10366 10371->10370 10372 15dc60 NtTerminateProcess 10371->10372 10372->10370 10374 15fa12 10373->10374 10376 15f869 10373->10376 10374->10070 10374->10079 10375 156844 RtlAllocateHeap 10375->10376 10376->10375 10377 15f8ee 10376->10377 10377->10374 10378 156844 RtlAllocateHeap 10377->10378 10378->10377 10380 1569f9 10379->10380 10381 156844 RtlAllocateHeap 10380->10381 10382 156a19 10381->10382 10382->10077 10384 15cef8 10383->10384 10385 156844 RtlAllocateHeap 10384->10385 10386 15cf7d 10384->10386 10385->10386 10386->10085 10388 15d01f 10387->10388 10389 15d024 10387->10389 10391 15d45e 10388->10391 10392 15686c RtlFreeHeap 10388->10392 10389->10388 10390 156844 RtlAllocateHeap 10389->10390 10399 15d065 10390->10399 10393 15d46c 10391->10393 10394 15686c RtlFreeHeap 10391->10394 10392->10391 10395 15d47a 10393->10395 10396 15686c RtlFreeHeap 10393->10396 10394->10393 10397 15d488 10395->10397 10400 15686c RtlFreeHeap 10395->10400 10396->10395 10398 15d496 10397->10398 10401 15686c RtlFreeHeap 10397->10401 10402 15d4a4 10398->10402 10404 15686c RtlFreeHeap 10398->10404 10399->10388 10414 15d67c 10399->10414 10400->10397 10401->10398 10402->10093 10404->10402 10405 15d08e 10405->10388 10418 15d4b0 10405->10418 10407 15d0a1 10407->10388 10422 15d638 10407->10422 10410 156de8 RtlAllocateHeap 10411 15d0cc 10410->10411 10411->10388 10412 156844 RtlAllocateHeap 10411->10412 10413 15686c RtlFreeHeap 10411->10413 10412->10411 10413->10411 10415 15d6a7 10414->10415 10416 156844 RtlAllocateHeap 10415->10416 10417 15d7a4 10416->10417 10417->10405 10419 15d540 10418->10419 10420 156844 RtlAllocateHeap 10419->10420 10421 15d57e 10420->10421 10421->10407 10423 15d657 10422->10423 10424 156de8 RtlAllocateHeap 10423->10424 10425 15d0b4 10424->10425 10425->10388 10425->10410 10427 15c8e5 10426->10427 10428 156844 RtlAllocateHeap 10427->10428 10430 15c8f5 10428->10430 10429 15c917 10429->10103 10430->10429 10431 15686c RtlFreeHeap 10430->10431 10431->10429 10433 156844 RtlAllocateHeap 10432->10433 10434 16396b 10433->10434 10434->10116 10438 156cbb 10435->10438 10436 156d24 10436->10146 10437 15686c RtlFreeHeap 10437->10436 10438->10436 10438->10437 10440 156844 RtlAllocateHeap 10439->10440 10441 1618ce 10440->10441 10441->10157 10443 156844 RtlAllocateHeap 10442->10443 10444 161c4e 10443->10444 10444->10167 10482 1591c8 10445->10482 10447 15962d 10448 15963c 10447->10448 10499 1590bc 10447->10499 10451 1597d8 4 API calls 10450->10451 10452 158fa0 10451->10452 10453 159880 NtClose 10452->10453 10456 159010 10452->10456 10454 158fae 10453->10454 10454->10456 10457 158fb7 NtSetInformationThread 10454->10457 10455 159035 10456->10455 10522 158ecc 10456->10522 10457->10456 10459 158fcb 10457->10459 10511 158da8 10459->10511 10462 159880 NtClose 10463 158fee 10462->10463 10463->10456 10516 158be0 10463->10516 10466 157861 10465->10466 10468 1574b3 10467->10468 10469 15748b 10467->10469 10469->10468 10470 157494 GetDriveTypeW 10469->10470 10525 1574bc 10469->10525 10470->10469 10473 157e60 10472->10473 10474 156844 RtlAllocateHeap 10473->10474 10475 157e72 NtQuerySystemInformation 10473->10475 10476 157ea5 10473->10476 10477 156894 RtlReAllocateHeap 10473->10477 10480 15686c RtlFreeHeap 10473->10480 10474->10473 10475->10473 10478 15686c RtlFreeHeap 10476->10478 10477->10473 10479 157ead 10478->10479 10481 157f40 Sleep 10480->10481 10481->10473 10483 1592a9 10482->10483 10484 15946d RegCreateKeyExW 10483->10484 10485 1594a1 RegEnumKeyW 10484->10485 10486 1594c7 RegCreateKeyExW 10484->10486 10485->10486 10489 1594cc RegCreateKeyExW 10485->10489 10493 1595e2 10486->10493 10495 1595bc RegEnumKeyW 10486->10495 10489->10485 10490 1594fa RegSetValueExW 10489->10490 10490->10485 10494 15951c RegSetValueExW 10490->10494 10492 1595e4 OpenEventLogW 10492->10495 10496 1595fc ClearEventLogW 10492->10496 10493->10447 10494->10485 10497 15953a OpenEventLogW 10494->10497 10495->10492 10495->10493 10496->10495 10497->10485 10498 159552 ClearEventLogW 10497->10498 10498->10485 10506 15903c RtlAdjustPrivilege 10499->10506 10501 1591b5 10501->10448 10502 1591ac CloseServiceHandle 10502->10501 10503 1590d5 10504 159194 10503->10504 10505 15dc60 NtTerminateProcess 10503->10505 10504->10501 10504->10502 10505->10504 10507 1597d8 4 API calls 10506->10507 10508 159074 10507->10508 10509 159880 NtClose 10508->10509 10510 159082 10508->10510 10509->10510 10510->10503 10512 1597d8 4 API calls 10511->10512 10513 158dd3 10512->10513 10514 158de0 OpenSCManagerW 10513->10514 10515 158df9 10513->10515 10514->10515 10515->10456 10515->10462 10517 158c11 10516->10517 10519 156844 RtlAllocateHeap 10517->10519 10521 158c4d 10517->10521 10518 158d9c 10518->10456 10519->10521 10520 15686c RtlFreeHeap 10520->10518 10521->10518 10521->10520 10523 1597d8 4 API calls 10522->10523 10524 158ee5 10523->10524 10524->10455 10533 157590 10525->10533 10527 157580 10527->10469 10528 1574d4 10528->10527 10529 157506 FindFirstFileExW 10528->10529 10529->10527 10531 15752e 10529->10531 10530 15756c FindNextFileW 10530->10527 10530->10531 10531->10530 10539 15766c 10531->10539 10534 1575b0 FindFirstFileExW 10533->10534 10536 157662 10534->10536 10537 15760e FindClose 10534->10537 10536->10528 10537->10536 10540 15768e 10539->10540 10541 157822 10540->10541 10542 156844 RtlAllocateHeap 10540->10542 10541->10530 10546 1576a6 10542->10546 10543 157814 10543->10541 10545 15686c RtlFreeHeap 10543->10545 10544 15686c RtlFreeHeap 10544->10543 10545->10541 10547 1576de FindFirstFileExW 10546->10547 10549 1577fd 10546->10549 10547->10549 10554 157706 10547->10554 10548 1577e5 FindNextFileW 10548->10549 10548->10554 10549->10543 10549->10544 10550 156844 RtlAllocateHeap 10550->10554 10551 157780 GetFileAttributesW 10551->10554 10553 15686c RtlFreeHeap 10553->10554 10554->10548 10554->10550 10554->10551 10554->10553 10555 15766c 12 API calls 10554->10555 10556 156668 10554->10556 10555->10554 10557 15667e 10556->10557 10557->10557 10558 15a094 2 API calls 10557->10558 10559 156695 10558->10559 10560 1566a5 CreateFileW 10559->10560 10563 1567a5 10559->10563 10560->10563 10566 1566cd 10560->10566 10561 1566d2 NtAllocateVirtualMemory 10564 156703 10561->10564 10561->10566 10562 1567d4 NtFreeVirtualMemory 10562->10563 10563->10562 10565 1567f9 10563->10565 10564->10563 10571 156763 WriteFile 10564->10571 10567 1567ff NtClose 10565->10567 10568 156808 10565->10568 10566->10561 10566->10564 10567->10568 10576 156550 10568->10576 10571->10564 10573 15677d SetFilePointerEx 10571->10573 10572 156821 10574 156836 10572->10574 10575 15686c RtlFreeHeap 10572->10575 10573->10564 10573->10571 10574->10554 10575->10574 10577 156934 RtlAllocateHeap 10576->10577 10578 15656a 10577->10578 10579 156573 10578->10579 10580 156934 RtlAllocateHeap 10578->10580 10581 15661e DeleteFileW 10579->10581 10583 15686c RtlFreeHeap 10579->10583 10582 156582 10580->10582 10581->10572 10582->10579 10584 1565df MoveFileExW 10582->10584 10583->10581 10584->10579 10584->10582 10636 15f59c 10585->10636 10588 15f59c 2 API calls 10589 160080 10588->10589 10593 1600a8 10589->10593 10595 15f59c 2 API calls 10589->10595 10590 160313 10592 160321 10590->10592 10594 15686c RtlFreeHeap 10590->10594 10591 15686c RtlFreeHeap 10591->10590 10596 16032f 10592->10596 10598 15686c RtlFreeHeap 10592->10598 10597 156844 RtlAllocateHeap 10593->10597 10606 1600d1 10593->10606 10594->10592 10595->10593 10596->9418 10599 1600c8 10597->10599 10598->10596 10600 156844 RtlAllocateHeap 10599->10600 10599->10606 10601 1600e3 10600->10601 10602 15e1e8 9 API calls 10601->10602 10601->10606 10607 1600f6 10602->10607 10603 1569e0 RtlAllocateHeap 10603->10607 10604 16028d 10605 15686c RtlFreeHeap 10604->10605 10604->10606 10605->10606 10606->10590 10606->10591 10607->10603 10607->10604 10608 15f6d8 NtSetInformationThread NtClose 10607->10608 10609 15b3c0 2 API calls 10607->10609 10610 15686c RtlFreeHeap 10607->10610 10608->10607 10609->10607 10610->10607 10612 157433 10611->10612 10613 156934 RtlAllocateHeap 10612->10613 10615 157441 10613->10615 10614 157464 10614->9824 10615->10614 10616 15686c RtlFreeHeap 10615->10616 10616->10614 10618 15a983 10617->10618 10619 15a488 6 API calls 10618->10619 10621 15a99a 10619->10621 10620 15a9c9 10620->9824 10621->10620 10622 156844 RtlAllocateHeap 10621->10622 10622->10620 10624 15a3ff 10623->10624 10625 15b3c0 2 API calls 10624->10625 10626 15a419 10624->10626 10625->10626 10626->9805 10626->9814 10628 156a8d 10627->10628 10629 156844 RtlAllocateHeap 10628->10629 10630 156aa3 10628->10630 10629->10630 10630->9820 10632 15e1e8 9 API calls 10631->10632 10633 160977 10632->10633 10634 15b3c0 2 API calls 10633->10634 10635 1609c8 10633->10635 10634->10635 10635->9787 10637 15f5f6 10636->10637 10638 15f610 10637->10638 10639 15b3c0 2 API calls 10637->10639 10638->10588 10638->10593 10639->10638 10640->9841 10642 160e8d 10641->10642 10643 160e48 10641->10643 10642->9842 10647 161400 10642->10647 10644 15c8c4 2 API calls 10643->10644 10645 160e4d 10644->10645 10645->10642 10646 15686c RtlFreeHeap 10645->10646 10646->10642 10699 161240 10647->10699 10649 161441 10650 156de8 RtlAllocateHeap 10649->10650 10675 161445 10649->10675 10658 161454 10650->10658 10651 1615e0 10653 1615ee 10651->10653 10655 15686c RtlFreeHeap 10651->10655 10652 15686c RtlFreeHeap 10652->10651 10654 1615fc 10653->10654 10656 15686c RtlFreeHeap 10653->10656 10657 16160a 10654->10657 10659 15686c RtlFreeHeap 10654->10659 10655->10653 10656->10654 10657->9842 10676 161760 10657->10676 10658->10675 10721 161611 10658->10721 10659->10657 10662 156de8 RtlAllocateHeap 10663 16149b 10662->10663 10664 161611 RtlFreeHeap 10663->10664 10663->10675 10665 1614d4 10664->10665 10666 156de8 RtlAllocateHeap 10665->10666 10667 1614de 10666->10667 10668 161611 RtlFreeHeap 10667->10668 10667->10675 10669 161521 10668->10669 10670 156de8 RtlAllocateHeap 10669->10670 10671 16152b 10670->10671 10672 161611 RtlFreeHeap 10671->10672 10671->10675 10673 16156b 10672->10673 10674 156de8 RtlAllocateHeap 10673->10674 10674->10675 10675->10651 10675->10652 10677 156de8 RtlAllocateHeap 10676->10677 10682 161791 10677->10682 10678 16179a 10679 161890 10678->10679 10680 15686c RtlFreeHeap 10678->10680 10681 16189e 10679->10681 10683 15686c RtlFreeHeap 10679->10683 10680->10679 10681->9852 10682->10678 10684 1618b8 RtlAllocateHeap 10682->10684 10683->10681 10685 1617ce 10684->10685 10685->10678 10686 156de8 RtlAllocateHeap 10685->10686 10687 161809 10686->10687 10688 15686c RtlFreeHeap 10687->10688 10688->10678 10690 161190 10689->10690 10691 156de8 RtlAllocateHeap 10690->10691 10698 161195 10690->10698 10696 1611a1 10691->10696 10692 161219 10694 161227 10692->10694 10695 15686c RtlFreeHeap 10692->10695 10693 15686c RtlFreeHeap 10693->10692 10694->9855 10695->10694 10697 156de8 RtlAllocateHeap 10696->10697 10696->10698 10697->10698 10698->10692 10698->10693 10700 16126f 10699->10700 10704 161282 10699->10704 10702 156de8 RtlAllocateHeap 10700->10702 10700->10704 10701 16130f 10701->10649 10703 16128d 10702->10703 10703->10704 10705 156de8 RtlAllocateHeap 10703->10705 10704->10701 10725 1610cc 10704->10725 10707 1612a5 10705->10707 10707->10704 10709 1612b4 10707->10709 10708 161336 10710 156934 RtlAllocateHeap 10708->10710 10711 156de8 RtlAllocateHeap 10709->10711 10713 161345 10710->10713 10712 1612bd 10711->10712 10712->10649 10713->10701 10714 156934 RtlAllocateHeap 10713->10714 10715 161377 10714->10715 10715->10701 10716 1613bd 10715->10716 10717 15686c RtlFreeHeap 10715->10717 10718 1613cb 10716->10718 10719 15686c RtlFreeHeap 10716->10719 10717->10716 10718->10701 10720 15686c RtlFreeHeap 10718->10720 10719->10718 10720->10701 10722 161491 10721->10722 10723 161617 10721->10723 10722->10662 10724 15686c RtlFreeHeap 10723->10724 10724->10722 10726 156844 RtlAllocateHeap 10725->10726 10727 1610e2 10726->10727 10727->10708 10729 161bef 10728->10729 10732 161b50 10729->10732 10731 161c07 10731->9861 10733 156844 RtlAllocateHeap 10732->10733 10735 161b67 10733->10735 10734 161b9d 10737 15686c RtlFreeHeap 10734->10737 10735->10734 10736 156894 RtlReAllocateHeap 10735->10736 10738 161b80 10735->10738 10736->10735 10739 161ba5 10737->10739 10740 15686c RtlFreeHeap 10738->10740 10739->10731 10741 161be0 10740->10741 10741->10731 10745 1664b6 10742->10745 10743 1665f0 10743->9875 10744 15686c RtlFreeHeap 10744->10743 10759 1664ce 10745->10759 10794 166124 10745->10794 10759->10743 10759->10744 10761 163fa4 10760->10761 10765 163fd5 10761->10765 11055 163d98 10761->11055 10763 164066 10763->9871 10766 164508 10763->10766 10764 15686c RtlFreeHeap 10764->10763 10765->10763 10765->10764 10767 16452e 10766->10767 10785 164532 10767->10785 11058 162af8 10767->11058 10769 164684 10772 164692 10769->10772 10774 15686c RtlFreeHeap 10769->10774 10771 15686c RtlFreeHeap 10771->10769 10775 1646a0 10772->10775 10777 15686c RtlFreeHeap 10772->10777 10773 156844 RtlAllocateHeap 10776 164553 10773->10776 10774->10772 10775->9881 10786 1646a8 10775->10786 10778 159640 2 API calls 10776->10778 10776->10785 10777->10775 10779 164566 10778->10779 10780 15f82c 2 API calls 10779->10780 10781 16457f 10780->10781 10782 156844 RtlAllocateHeap 10781->10782 10781->10785 10783 16459d 10782->10783 10784 156844 RtlAllocateHeap 10783->10784 10783->10785 10784->10785 10785->10769 10785->10771 10787 1646b9 10786->10787 10788 1648ba 10787->10788 10789 159640 2 API calls 10787->10789 10788->9881 10790 1646c7 10789->10790 10790->10788 10791 156de8 RtlAllocateHeap 10790->10791 10793 1646e1 10791->10793 10792 15686c RtlFreeHeap 10792->10788 10793->10788 10793->10792 11026 1660a8 10794->11026 10796 16616c 10797 166450 10796->10797 10798 15686c RtlFreeHeap 10796->10798 10799 16645e 10797->10799 10800 15686c RtlFreeHeap 10797->10800 10798->10797 10801 16646c 10799->10801 10803 15686c RtlFreeHeap 10799->10803 10800->10799 10804 16647a 10801->10804 10805 15686c RtlFreeHeap 10801->10805 10803->10801 10806 166488 10804->10806 10807 15686c RtlFreeHeap 10804->10807 10805->10804 10806->10759 10817 165d28 10806->10817 10807->10806 10808 156844 RtlAllocateHeap 10809 1661a8 10808->10809 10809->10796 10810 156844 RtlAllocateHeap 10809->10810 10811 166249 10810->10811 10811->10796 10812 156844 RtlAllocateHeap 10811->10812 10813 166299 10812->10813 10813->10796 10814 156844 RtlAllocateHeap 10813->10814 10815 166344 10814->10815 10815->10796 10816 15686c RtlFreeHeap 10815->10816 10816->10796 10818 165d8f 10817->10818 10819 156de8 RtlAllocateHeap 10818->10819 10820 165da4 10818->10820 10825 165e1b 10819->10825 10821 16608f 10820->10821 10822 15686c RtlFreeHeap 10820->10822 10823 16609d 10821->10823 10824 15686c RtlFreeHeap 10821->10824 10822->10821 10823->10759 10827 164c60 10823->10827 10824->10823 10825->10820 10826 156de8 RtlAllocateHeap 10825->10826 10826->10820 10828 156844 RtlAllocateHeap 10827->10828 10830 164c93 10828->10830 10829 164e1b 10832 164e29 10829->10832 10834 15686c RtlFreeHeap 10829->10834 10833 156844 RtlAllocateHeap 10830->10833 10839 164c9c 10830->10839 10831 15686c RtlFreeHeap 10831->10829 10835 164e37 10832->10835 10837 15686c RtlFreeHeap 10832->10837 10836 164cc6 10833->10836 10834->10832 10835->10759 10840 165a84 10835->10840 10838 156844 RtlAllocateHeap 10836->10838 10836->10839 10837->10835 10838->10839 10839->10829 10839->10831 10841 156844 RtlAllocateHeap 10840->10841 10844 165add 10841->10844 10842 165caa 10843 165cb8 10842->10843 10846 15686c RtlFreeHeap 10842->10846 10847 165cc6 10843->10847 10849 15686c RtlFreeHeap 10843->10849 10877 165ae6 10844->10877 11032 16497c 10844->11032 10845 15686c RtlFreeHeap 10845->10842 10846->10843 10850 165cd4 10847->10850 10851 15686c RtlFreeHeap 10847->10851 10849->10847 10852 165ce2 10850->10852 10853 15686c RtlFreeHeap 10850->10853 10851->10850 10854 165cf0 10852->10854 10855 15686c RtlFreeHeap 10852->10855 10853->10852 10856 165cfe 10854->10856 10857 15686c RtlFreeHeap 10854->10857 10855->10854 10858 165d0c 10856->10858 10860 15686c RtlFreeHeap 10856->10860 10857->10856 10858->10759 10879 1657b4 10858->10879 10859 165b0e 10859->10877 11035 164a30 10859->11035 10860->10858 10862 165b3a 10863 15686c RtlFreeHeap 10862->10863 10862->10877 10864 165b5c 10863->10864 10865 164a30 RtlAllocateHeap 10864->10865 10866 165b75 10865->10866 10866->10877 11038 164aa8 10866->11038 10868 165bbd 10868->10877 11041 164c08 10868->11041 10871 156844 RtlAllocateHeap 10872 165bf2 10871->10872 10873 156de8 RtlAllocateHeap 10872->10873 10872->10877 10874 165c0a 10873->10874 10875 156844 RtlAllocateHeap 10874->10875 10874->10877 10876 165c33 10875->10876 10876->10877 10878 15686c RtlFreeHeap 10876->10878 10877->10842 10877->10845 10878->10876 10880 156844 RtlAllocateHeap 10879->10880 10881 1657fc 10880->10881 10882 156844 RtlAllocateHeap 10881->10882 10903 165805 10881->10903 10893 165814 10882->10893 10883 165a22 10885 165a30 10883->10885 10886 15686c RtlFreeHeap 10883->10886 10884 15686c RtlFreeHeap 10884->10883 10887 165a3e 10885->10887 10888 15686c RtlFreeHeap 10885->10888 10886->10885 10889 165a4c 10887->10889 10891 15686c RtlFreeHeap 10887->10891 10888->10887 10890 165a5a 10889->10890 10892 15686c RtlFreeHeap 10889->10892 10890->10759 10904 164e50 10890->10904 10891->10889 10892->10890 10894 156844 RtlAllocateHeap 10893->10894 10893->10903 10895 165943 10894->10895 10896 156de8 RtlAllocateHeap 10895->10896 10895->10903 10897 16595b 10896->10897 10898 15686c RtlFreeHeap 10897->10898 10897->10903 10899 1659a4 10898->10899 10900 156844 RtlAllocateHeap 10899->10900 10901 1659bd 10900->10901 10902 156de8 RtlAllocateHeap 10901->10902 10901->10903 10902->10903 10903->10883 10903->10884 10905 156844 RtlAllocateHeap 10904->10905 10909 164e98 10905->10909 10906 165065 10908 165073 10906->10908 10911 15686c RtlFreeHeap 10906->10911 10907 15686c RtlFreeHeap 10907->10906 10912 165081 10908->10912 10913 15686c RtlFreeHeap 10908->10913 10910 16497c RtlAllocateHeap 10909->10910 10940 164ea1 10909->10940 10923 164ec9 10910->10923 10911->10908 10914 16508f 10912->10914 10915 15686c RtlFreeHeap 10912->10915 10913->10912 10916 16509d 10914->10916 10917 15686c RtlFreeHeap 10914->10917 10915->10914 10918 1650ab 10916->10918 10919 15686c RtlFreeHeap 10916->10919 10917->10916 10920 1650b9 10918->10920 10921 15686c RtlFreeHeap 10918->10921 10919->10918 10922 1650c7 10920->10922 10924 15686c RtlFreeHeap 10920->10924 10921->10920 10922->10759 10943 1650e0 10922->10943 10923->10940 11046 164920 10923->11046 10924->10922 10926 164ef5 10927 15686c RtlFreeHeap 10926->10927 10926->10940 10928 164f17 10927->10928 10929 164920 RtlAllocateHeap 10928->10929 10930 164f30 10929->10930 10931 164aa8 RtlAllocateHeap 10930->10931 10930->10940 10932 164f78 10931->10932 10933 164c08 RtlAllocateHeap 10932->10933 10932->10940 10934 164f8d 10933->10934 10935 156844 RtlAllocateHeap 10934->10935 10934->10940 10936 164fad 10935->10936 10937 156de8 RtlAllocateHeap 10936->10937 10936->10940 10938 164fc5 10937->10938 10939 156844 RtlAllocateHeap 10938->10939 10938->10940 10941 164fee 10939->10941 10940->10906 10940->10907 10941->10940 10942 15686c RtlFreeHeap 10941->10942 10942->10941 10944 156844 RtlAllocateHeap 10943->10944 10966 165143 10944->10966 10945 16514c 10946 16571b 10945->10946 10947 15686c RtlFreeHeap 10945->10947 10948 165729 10946->10948 10949 15686c RtlFreeHeap 10946->10949 10947->10946 10950 165737 10948->10950 10951 15686c RtlFreeHeap 10948->10951 10949->10948 10952 165745 10950->10952 10953 15686c RtlFreeHeap 10950->10953 10951->10950 10954 165753 10952->10954 10956 15686c RtlFreeHeap 10952->10956 10953->10952 10955 165761 10954->10955 10957 15686c RtlFreeHeap 10954->10957 10958 16576f 10955->10958 10959 15686c RtlFreeHeap 10955->10959 10956->10954 10957->10955 10960 16577d 10958->10960 10961 15686c RtlFreeHeap 10958->10961 10959->10958 10962 16578b 10960->10962 10963 15686c RtlFreeHeap 10960->10963 10961->10960 10964 165799 10962->10964 10965 15686c RtlFreeHeap 10962->10965 10963->10962 10964->10759 10965->10964 10966->10945 10967 156844 RtlAllocateHeap 10966->10967 10968 1651ff 10967->10968 10968->10945 10969 16497c RtlAllocateHeap 10968->10969 10970 165230 10969->10970 10970->10945 11049 1648c4 10970->11049 10972 16525c 10972->10945 10973 15686c RtlFreeHeap 10972->10973 10974 16527e 10973->10974 10975 1648c4 RtlAllocateHeap 10974->10975 10976 165297 10975->10976 10976->10945 10977 164aa8 RtlAllocateHeap 10976->10977 10978 1652df 10977->10978 10978->10945 10979 164c08 RtlAllocateHeap 10978->10979 10980 1652f4 10979->10980 10980->10945 10981 156844 RtlAllocateHeap 10980->10981 10982 16533d 10981->10982 10982->10945 10983 156de8 RtlAllocateHeap 10982->10983 10984 165355 10983->10984 10984->10945 10985 156844 RtlAllocateHeap 10984->10985 10986 165381 10985->10986 10986->10945 10987 15686c RtlFreeHeap 10986->10987 10988 165427 10987->10988 10989 165435 10988->10989 10990 15686c RtlFreeHeap 10988->10990 10991 16544a 10989->10991 10992 15686c RtlFreeHeap 10989->10992 10990->10989 10993 16545f 10991->10993 10994 15686c RtlFreeHeap 10991->10994 10992->10991 10995 165474 10993->10995 10997 15686c RtlFreeHeap 10993->10997 10994->10993 10996 165489 10995->10996 10998 15686c RtlFreeHeap 10995->10998 10999 16549e 10996->10999 11000 15686c RtlFreeHeap 10996->11000 10997->10995 10998->10996 11001 1654b3 10999->11001 11002 15686c RtlFreeHeap 10999->11002 11000->10999 11003 1654c8 11001->11003 11004 15686c RtlFreeHeap 11001->11004 11002->11001 11005 156844 RtlAllocateHeap 11003->11005 11004->11003 11006 1654ef 11005->11006 11006->10945 11007 16497c RtlAllocateHeap 11006->11007 11008 165520 11007->11008 11008->10945 11052 1649c0 11008->11052 11010 16554c 11010->10945 11011 15686c RtlFreeHeap 11010->11011 11012 165579 11011->11012 11013 1649c0 RtlAllocateHeap 11012->11013 11014 165587 11013->11014 11014->10945 11015 164aa8 RtlAllocateHeap 11014->11015 11016 1655cf 11015->11016 11016->10945 11017 164c08 RtlAllocateHeap 11016->11017 11018 1655e4 11017->11018 11018->10945 11019 156844 RtlAllocateHeap 11018->11019 11020 16565b 11019->11020 11020->10945 11021 156de8 RtlAllocateHeap 11020->11021 11022 165673 11021->11022 11022->10945 11023 156844 RtlAllocateHeap 11022->11023 11024 16569c 11023->11024 11024->10945 11025 15686c RtlFreeHeap 11024->11025 11025->10945 11027 1660c8 11026->11027 11028 166108 11027->11028 11029 156934 RtlAllocateHeap 11027->11029 11028->10796 11028->10808 11030 1660f1 11029->11030 11030->11028 11031 156934 RtlAllocateHeap 11030->11031 11031->11028 11033 156844 RtlAllocateHeap 11032->11033 11034 164985 11033->11034 11034->10859 11036 156844 RtlAllocateHeap 11035->11036 11037 164a3c 11036->11037 11037->10862 11039 156844 RtlAllocateHeap 11038->11039 11040 164ab8 11039->11040 11040->10868 11042 156844 RtlAllocateHeap 11041->11042 11044 164c27 11042->11044 11043 156844 RtlAllocateHeap 11043->11044 11044->11043 11045 164c54 11044->11045 11045->10871 11045->10877 11047 156844 RtlAllocateHeap 11046->11047 11048 16492c 11047->11048 11048->10926 11050 156844 RtlAllocateHeap 11049->11050 11051 1648d0 11050->11051 11051->10972 11053 156844 RtlAllocateHeap 11052->11053 11054 1649cc 11053->11054 11054->11010 11056 156844 RtlAllocateHeap 11055->11056 11057 163db2 11056->11057 11057->10765 11061 162b21 11058->11061 11059 162b25 11059->10773 11061->11059 11062 162954 11061->11062 11063 16297b 11062->11063 11064 1597d8 4 API calls 11063->11064 11065 16298b 11064->11065 11066 1597d8 4 API calls 11065->11066 11067 16299f 11065->11067 11066->11067 11067->11059 11069 1666b6 11068->11069 11071 166714 11069->11071 11075 156de8 RtlAllocateHeap 11069->11075 11070 166ba4 11073 166bb2 11070->11073 11074 15686c RtlFreeHeap 11070->11074 11071->11070 11072 15686c RtlFreeHeap 11071->11072 11072->11070 11073->9891 11074->11073 11076 1667ec 11075->11076 11076->11071 11077 156844 RtlAllocateHeap 11076->11077 11077->11071 11079 1637a7 11078->11079 11080 162af8 4 API calls 11079->11080 11095 1637ab 11079->11095 11081 1637c2 11080->11081 11083 156844 RtlAllocateHeap 11081->11083 11082 1638e9 11085 1638f7 11082->11085 11087 15686c RtlFreeHeap 11082->11087 11086 1637cc 11083->11086 11084 15686c RtlFreeHeap 11084->11082 11088 163905 11085->11088 11089 15686c RtlFreeHeap 11085->11089 11090 15f82c 2 API calls 11086->11090 11086->11095 11087->11085 11088->9898 11089->11088 11091 1637e4 11090->11091 11092 156844 RtlAllocateHeap 11091->11092 11091->11095 11093 163802 11092->11093 11094 156844 RtlAllocateHeap 11093->11094 11093->11095 11094->11095 11095->11082 11095->11084 11097 160350 11096->11097 11098 156844 RtlAllocateHeap 11097->11098 11099 160371 11098->11099 11099->9930 11230 15ac68 11231 15ac50 11230->11231 11232 15ac66 11231->11232 11233 15ac83 11231->11233 11235 156894 RtlReAllocateHeap 11231->11235 11234 15686c RtlFreeHeap 11232->11234 11237 15686c RtlFreeHeap 11233->11237 11236 15adb0 11234->11236 11235->11231 11238 15ac8b 11237->11238 11527 163168 11528 16317f 11527->11528 11529 162af8 4 API calls 11528->11529 11530 1631ce 11528->11530 11529->11530 11157 15782a 11158 15782c CoInitialize 11157->11158 11159 157861 11158->11159

                  Executed Functions

                  Function 001604B4 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 342COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 9 1604b4-160569 call 15164c call 156de8 18 160570-160589 call 156844 9->18 19 16056b 9->19 27 160590-1605a3 call 168c34 18->27 28 16058b 18->28 20 1608e9-1608f0 19->20 22 1608f2 20->22 23 1608fe-160905 20->23 22->23 25 160907 23->25 26 160913-160917 23->26 25->26 30 160922-160926 26->30 31 160919 26->31 35 1605a5 27->35 36 1605aa-1605ba call 160338 27->36 28->20 32 160930-160934 30->32 33 160928-16092b call 15686c 30->33 31->30 38 160936-160939 call 15686c 32->38 39 16093e-160942 32->39 33->32 35->20 48 1605c1-160612 GetTempFileNameW CreateFileW 36->48 49 1605bc 36->49 38->39 42 160944-160947 call 15686c 39->42 43 16094c-160950 39->43 42->43 46 160952-160955 call 15686c 43->46 47 16095a-160960 43->47 46->47 52 160614 48->52 53 160619-16062e WriteFile 48->53 49->20 52->20 54 160635-16064e 53->54 55 160630 53->55 57 160650-160655 54->57 55->20 58 160657-160698 CreateProcessW 57->58 59 160659-16065b 57->59 61 16069f-1606bc NtQueryInformationProcess 58->61 62 16069a 58->62 59->57 63 1606c3-1606e3 NtReadVirtualMemory 61->63 64 1606be 61->64 62->20 65 1606e5 63->65 66 1606ea-1606fb call 156de8 63->66 64->20 65->20 69 160702-16077d call 1692f4 call 169348 call 16941c NtProtectVirtualMemory 66->69 70 1606fd 66->70 77 160784-160797 NtWriteVirtualMemory 69->77 78 16077f 69->78 70->20 79 16079e-1607fa 77->79 80 160799 77->80 78->20 82 160801-160822 79->82 83 1607fc 79->83 80->20 85 160824 82->85 86 160829-160891 CreateNamedPipeW 82->86 83->20 85->20 87 160895-1608ae ResumeThread ConnectNamedPipe 86->87 88 160893 86->88 89 1608b0-1608bb 87->89 90 1608bf-1608dc 87->90 88->20 89->90 91 1608bd 89->91 93 1608e0 90->93 94 1608de 90->94 91->20 93->20 94->20
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID: D
                  • API String ID: 0-2746444292
                  • Opcode ID: d5b10ff87f000e6efb5068b08020807f7034d119e9b4bda92bca2dc9def57a44
                  • Instruction ID: c101a4a235f699792e7736a72b52c73e2ca33ce74eaf51c7e303772c7e8939eb
                  • Opcode Fuzzy Hash: d5b10ff87f000e6efb5068b08020807f7034d119e9b4bda92bca2dc9def57a44
                  • Instruction Fuzzy Hash: 4DE10871D00218EFEB21DF90DC49BEEBBB9FB08305F1040A5E609A61A1D7B55AD8DF91
                  Function 001591C8 Relevance: 16.7, APIs: 11, Instructions: 241registryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 95 1591c8-15949b call 151240 * 5 RegCreateKeyExW 106 1594a1 95->106 107 15957d-159581 95->107 110 1594a8-1594c5 RegEnumKeyW 106->110 108 159583 107->108 109 15958c-1595ba RegCreateKeyExW 107->109 108->109 111 159615-159619 109->111 112 1595bc 109->112 113 1594c7 110->113 114 1594cc-1594f8 RegCreateKeyExW 110->114 117 159624-159627 111->117 118 15961b 111->118 119 1595c3-1595e0 RegEnumKeyW 112->119 113->107 115 159575-159578 114->115 116 1594fa-15951a RegSetValueExW 114->116 115->110 122 159566-15956a 116->122 123 15951c-159538 RegSetValueExW 116->123 118->117 120 1595e4-1595fa OpenEventLogW 119->120 121 1595e2 119->121 124 159610-159613 120->124 125 1595fc-159607 ClearEventLogW 120->125 121->111 122->115 127 15956c 122->127 123->122 126 15953a-159550 OpenEventLogW 123->126 124->119 125->124 126->122 128 159552-15955d ClearEventLogW 126->128 127->115 128->122
                  APIs
                  • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000,?,00000007,?,00000004,?,00000019,?), ref: 00159493
                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 001594BA
                  • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 001594F0
                  • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000004,00000000,00000004), ref: 00159512
                  • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000001,?,00000064), ref: 00159530
                  • OpenEventLogW.ADVAPI32(00000000,?), ref: 00159543
                  • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 00159557
                  • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 001595B2
                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 001595D5
                  • OpenEventLogW.ADVAPI32(00000000,?), ref: 001595ED
                  • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 00159601
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Event$Create$ClearEnumOpenValue
                  • String ID:
                  • API String ID: 1260815474-0
                  • Opcode ID: 330d68f16b5b9e85eff2622a90fdd5e041bc7b7a5ed3181a5f131a179b676e27
                  • Instruction ID: 55ddb01cb1059a163f48905915d5c6c0236cf26db86ff55cfc4499dd6ec033e2
                  • Opcode Fuzzy Hash: 330d68f16b5b9e85eff2622a90fdd5e041bc7b7a5ed3181a5f131a179b676e27
                  • Instruction Fuzzy Hash: 93C107B8850306EFDB208F50D845F997B78FF04744F528089E6185F2B2D7BA9A88CF56
                  Function 0015A68C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 129 15a68c-15a70c GetVolumeNameForVolumeMountPointW FindFirstVolumeW 133 15a950-15a955 129->133 134 15a712-15a718 129->134 135 15a91f-15a941 134->135 136 15a71e-15a725 134->136 135->134 143 15a947 135->143 136->135 137 15a72b-15a742 GetVolumePathNamesForVolumeNameW 136->137 137->135 139 15a748-15a74c 137->139 139->135 140 15a752-15a756 139->140 140->135 142 15a75c-15a766 GetDriveTypeW 140->142 144 15a771-15a779 call 151564 142->144 145 15a768-15a76b 142->145 143->133 148 15a7f7-15a81d call 1516f0 CreateFileW 144->148 149 15a77b-15a7c3 144->149 145->135 145->144 153 15a916 148->153 154 15a823-15a849 DeviceIoControl 148->154 159 15a7c5-15a7de call 15a600 149->159 160 15a7e3-15a7e7 149->160 153->135 154->153 155 15a84f-15a856 154->155 157 15a8bc-15a8c3 155->157 158 15a858-15a864 155->158 157->153 161 15a8c5-15a8cc 157->161 162 15a866-15a86d 158->162 163 15a883-15a889 158->163 159->160 164 15a7f2 160->164 165 15a7e9 160->165 161->153 166 15a8ce-15a8d5 161->166 162->163 167 15a86f-15a876 162->167 169 15a8a8-15a8b5 call 1516c0 call 15a600 163->169 170 15a88b-15a892 163->170 164->135 165->164 166->153 171 15a8d7-15a8f1 call 1516c0 166->171 167->163 172 15a878-15a87f 167->172 181 15a8ba 169->181 170->169 174 15a894-15a89b 170->174 185 15a8f3-15a8fa 171->185 186 15a90a-15a911 call 15a600 171->186 172->163 177 15a881 172->177 174->169 178 15a89d-15a8a4 174->178 177->181 178->169 182 15a8a6 178->182 181->153 182->181 187 15a8fc-15a903 call 15a600 185->187 188 15a908 185->188 186->153 187->188 188->153
                  APIs
                  • GetVolumeNameForVolumeMountPointW.KERNELBASE(?,?,00000104), ref: 0015A6D6
                  • FindFirstVolumeW.KERNELBASE(?,00000104), ref: 0015A6FF
                  • GetVolumePathNamesForVolumeNameW.KERNELBASE(?,?,00000040,00000000), ref: 0015A73A
                  • GetDriveTypeW.KERNELBASE(?), ref: 0015A75D
                  • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?), ref: 0015A810
                  • DeviceIoControl.KERNELBASE(000000FF,00070048,00000000,00000000,?,00000090,00000001,00000000), ref: 0015A841
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Volume$Name$ControlCreateDeviceDriveFileFindFirstMountNamesPathPointType
                  • String ID: '
                  • API String ID: 754975672-1997036262
                  • Opcode ID: 352b70747a1ae2581871179dcaacfabef34ca7f3e0d18901a8f5586364429176
                  • Instruction ID: 6bc2880f324e30a79f2114c05599bab0aad8f9c2042979ebe04739df523620eb
                  • Opcode Fuzzy Hash: 352b70747a1ae2581871179dcaacfabef34ca7f3e0d18901a8f5586364429176
                  • Instruction Fuzzy Hash: 3871E530880624EFDB315B50DC09B9E7B79EF01317F518295FA29AA0A1D7B05BC9CF66
                  Function 00167034 Relevance: 10.7, APIs: 7, Instructions: 248threadnativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 191 167034-167053 KiUserCallbackDispatcher 192 167111-167118 191->192 193 167059-167060 191->193 194 167145-16717c CreateThread * 2 192->194 195 16711a-167133 CreateThread 192->195 196 167062-167088 call 156ae8 193->196 197 16708b-167092 193->197 201 167183-16718a 194->201 202 16717e call 157ca4 194->202 195->194 200 167135-16713e 195->200 196->197 198 167094-16709b 197->198 199 1670ce-1670d5 197->199 198->199 204 16709d-1670c7 call 159c64 198->204 199->192 206 1670d7-1670de 199->206 200->194 207 1671a4-1671ab 201->207 208 16718c-1671a1 CreateThread 201->208 202->201 204->199 206->192 213 1670e0-16710a call 159c64 206->213 209 1671b6-1671dd call 15b734 call 15e1e8 207->209 210 1671ad-1671b4 207->210 208->207 240 167221-167225 209->240 241 1671df-1671e6 209->241 210->209 216 16722e-167232 210->216 213->192 218 167234-16723f 216->218 219 167248-16724c 216->219 218->219 224 167262-167269 219->224 225 16724e-167259 219->225 231 16727f-167286 224->231 232 16726b-167276 NtTerminateThread 224->232 225->224 235 1672b3-1672bd 231->235 236 167288-1672a1 CreateThread 231->236 232->231 243 167392-1673a0 call 161934 call 161d28 call 1616ac 235->243 244 1672c3-1672ca 235->244 236->235 238 1672a3-1672ac 236->238 238->235 240->216 245 167201-167208 241->245 246 1671e8-1671fc call 15a68c call 15e2b8 call 160a38 call 15e2b8 call 160be4 241->246 284 1673a5-1673a9 243->284 249 1672f7-1672fe 244->249 250 1672cc-1672e5 244->250 247 167214-16721c call 15e270 call 15e2b8 245->247 248 16720a-16720f call 15e2b8 call 15fc88 245->248 246->245 247->240 248->247 257 167300-167304 249->257 258 167339-167340 call 15b674 249->258 250->249 268 1672e7-1672f0 250->268 265 167306-167311 257->265 266 16731a-167334 call 156ae8 call 15da00 257->266 275 167342-167347 call 158960 258->275 276 167349-16734b call 158230 258->276 265->266 266->258 268->249 285 167350-167357 275->285 276->285 289 16736b-16738b call 159640 call 1604b4 285->289 290 167359-167360 285->290 296 167390 289->296 290->289 293 167362-167369 290->293 293->289 293->296 296->284
                  APIs
                  • KiUserCallbackDispatcher.NTDLL(00000043,00000000), ref: 0016704B
                  • CreateThread.KERNELBASE(00000000,00000000,00158F68,00000000,00000000,00000000), ref: 00167129
                  • CreateThread.KERNELBASE(00000000,00000000,00157468,00000000,00000000,00000000), ref: 00167154
                  • CreateThread.KERNELBASE(00000000,00000000,0015782C,00000000,00000000,00000000), ref: 0016716C
                  • CreateThread.KERNELBASE(00000000,00000000,00157E58,00000000,00000000,00000000), ref: 0016719B
                  • NtTerminateThread.NTDLL(?,00000000), ref: 00167270
                  • CreateThread.KERNELBASE(00000000,00000000,00159628,00000000,00000000,00000000), ref: 00167297
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Thread$Create$CallbackDispatcherTerminateUser
                  • String ID:
                  • API String ID: 1743520491-0
                  • Opcode ID: df1c62750887ff925f45b0ab60d7f2418443c21ce4f40bf2525501f91eb52d47
                  • Instruction ID: ab568e980db703d18422a03b653a5aa6bd3789aa4a3b0308c17d42a4cc5b6f62
                  • Opcode Fuzzy Hash: df1c62750887ff925f45b0ab60d7f2418443c21ce4f40bf2525501f91eb52d47
                  • Instruction Fuzzy Hash: 9691B270A48700FEEB216BB4AC4EB6D3EB6AB1570BF640114F619685F1DBF409D4CB25
                  Function 00156668 Relevance: 10.7, APIs: 7, Instructions: 161filenativememoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 299 156668-15667b 300 15667e-156683 299->300 300->300 301 156685-156699 call 15a094 300->301 304 1566a5-1566c7 CreateFileW 301->304 305 15669b-15669f 301->305 306 1567ca-1567cc 304->306 307 1566cd-1566cf 304->307 305->304 305->306 308 1567cf-1567d2 306->308 309 1566d2-1566fb NtAllocateVirtualMemory 307->309 310 1567d4-1567ed NtFreeVirtualMemory 308->310 311 1567f3-1567f7 308->311 312 156703 309->312 313 1566fd-156708 309->313 310->311 311->308 314 1567f9-1567fd 311->314 316 156733-156738 312->316 320 15671b-15671e 313->320 321 15670a-156719 313->321 318 1567ff-156802 NtClose 314->318 319 156808-15681f call 156550 DeleteFileW 314->319 317 15673b-156746 316->317 322 156754 317->322 323 156748-156752 317->323 318->319 331 156821 319->331 332 156828-15682c 319->332 325 15672d-156731 320->325 326 156720-156728 call 156628 320->326 321->325 328 156759-156760 322->328 323->328 325->309 325->316 326->325 330 156763-156779 WriteFile 328->330 333 15677d-15679a SetFilePointerEx 330->333 334 15677b 330->334 331->332 335 156836-15683f 332->335 336 15682e-156831 call 15686c 332->336 333->330 337 15679c-1567a3 333->337 334->337 336->335 339 1567a5 337->339 340 1567a7-1567c5 337->340 339->306 340->317
                  APIs
                  • CreateFileW.KERNELBASE(001577D6,40000000,00000003,00000000,00000003,80000000,00000000,001577D6,?,?,00000000,?), ref: 001566BA
                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004,?,00000000,?), ref: 001566F3
                  • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000,?,00000000,?), ref: 00156771
                  • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001,?,00000000,?), ref: 0015678D
                  • NtFreeVirtualMemory.NTDLL(000000FF,?,00010000,00008000,?,00000000,?), ref: 001567ED
                  • NtClose.NTDLL(000000FF,?,00000000,?), ref: 00156802
                  • DeleteFileW.KERNELBASE(?,000000FF,?,?,00000000,?), ref: 00156817
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$MemoryVirtual$AllocateCloseCreateDeleteFreePointerWrite
                  • String ID:
                  • API String ID: 3569053182-0
                  • Opcode ID: b5471152dc330e83a1279c0441a488a745473ad8dcc3dacaaec191cde052b383
                  • Instruction ID: a3a4a524eaf27287eb2cff691bf6c60dfb4db6133f8793e0a467aafd54fdcd22
                  • Opcode Fuzzy Hash: b5471152dc330e83a1279c0441a488a745473ad8dcc3dacaaec191cde052b383
                  • Instruction Fuzzy Hash: 61514071900209EFDF11CFA4CC45BEEBBB5EB08726F600225F925BA090D7B55AC9CB91
                  Function 0015DE78 Relevance: 7.8, APIs: 5, Instructions: 256filethreadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 342 15de78-15de89 SetThreadPriority 343 15de8f-15deae 342->343 345 15deb0-15deb8 343->345 346 15dede-15dee0 343->346 345->346 347 15deba 345->347 348 15dee6-15deeb 346->348 349 15dee2-15dee5 346->349 350 15dec1-15ded6 347->350 351 15def1-15df23 ReadFile 348->351 352 15dfa0-15dfa3 348->352 368 15ded8-15dedc 350->368 369 15deda 350->369 353 15df25-15df30 351->353 354 15df96 351->354 355 15e0a1-15e0a4 352->355 356 15dfa9-15dfee call 1520ac 352->356 353->354 357 15df32-15df3a 353->357 361 15e180-15e19f 354->361 358 15e131-15e134 355->358 359 15e0aa-15e0e9 WriteFile 355->359 396 15e007-15e00f 356->396 397 15dff0-15e005 356->397 362 15df3c-15df56 357->362 363 15df58-15df7f 357->363 358->361 365 15e136-15e13a 358->365 366 15e12d 359->366 367 15e0eb-15e0f6 359->367 380 15e1a1 361->380 381 15e1a3-15e1ab 361->381 362->354 399 15df81-15df8c 363->399 400 15df92 363->400 371 15e150-15e16e NtClose call 151074 call 15686c 365->371 372 15e13c-15e142 365->372 366->361 367->366 374 15e0f8-15e116 367->374 368->343 369->350 401 15e173-15e17e 371->401 378 15e144 372->378 379 15e146-15e14e 372->379 406 15e129 374->406 407 15e118-15e123 374->407 378->371 379->372 386 15e1d3-15e1d5 380->386 384 15e1d1 381->384 385 15e1ad 381->385 384->361 384->386 389 15e1b4-15e1c9 385->389 392 15e1d7-15e1da 386->392 393 15e1db 386->393 410 15e1cd 389->410 411 15e1cb-15e1cf 389->411 393->348 404 15e011-15e013 396->404 405 15e01e-15e02a 396->405 403 15e031-15e04d WriteFile 397->403 408 15df90 399->408 409 15df8e 399->409 400->354 401->361 420 15e1e0 401->420 415 15e097 403->415 416 15e04f-15e05a 403->416 404->405 412 15e015-15e01c 404->412 405->403 406->366 413 15e125 407->413 414 15e127 407->414 408->363 409->354 410->389 411->361 412->403 413->366 414->374 415->361 416->415 419 15e05c-15e080 416->419 423 15e093 419->423 424 15e082-15e08d 419->424 420->343 423->415 425 15e091 424->425 426 15e08f 424->426 425->419 426->415
                  APIs
                  • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 0015DE89
                  • ReadFile.KERNELBASE(?,?,?,?,?), ref: 0015DF1B
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: FilePriorityReadThread
                  • String ID:
                  • API String ID: 3643687941-0
                  • Opcode ID: c9327cc8b5097caaefb20881b4a30ba46c4094134a56291d754bd14078ec3a66
                  • Instruction ID: 7f15af9ec7716ed1352c4e2e5be277ebf30f049628aa4880fb3591971358b34c
                  • Opcode Fuzzy Hash: c9327cc8b5097caaefb20881b4a30ba46c4094134a56291d754bd14078ec3a66
                  • Instruction Fuzzy Hash: E9A17EB1900604EFDF299F50DCC4BAA3BFDEB04716F204266ED2ACD195D7B09A88DB51
                  Function 0015F308 Relevance: 7.7, APIs: 5, Instructions: 175filethreadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 427 15f308-15f31f GetFileAttributesW 428 15f321-15f32d call 15bbf4 427->428 429 15f37f-15f391 SetThreadPriority call 151564 427->429 434 15f371-15f37c call 15686c 428->434 435 15f32f-15f33d call 15a094 428->435 436 15f393-15f39a 429->436 437 15f39c 429->437 435->434 444 15f33f-15f343 435->444 440 15f3a3-15f3b6 call 156844 436->440 437->440 446 15f3bd-15f3fd call 15c19c call 15f164 call 15686c FindFirstFileExW 440->446 447 15f345-15f349 444->447 448 15f34b-15f36e call 15c19c call 157290 call 15ef6c 444->448 461 15f535-15f54a call 15686c 446->461 462 15f403-15f411 446->462 447->434 447->448 466 15f54c-15f56a call 15686c 461->466 467 15f54e-15f562 461->467 468 15f416-15f41f 462->468 476 15f56f-15f572 466->476 467->446 470 15f421-15f427 468->470 471 15f429 468->471 470->471 473 15f42e-15f438 470->473 474 15f514-15f526 FindNextFileW 471->474 477 15f43f-15f446 473->477 478 15f43a 473->478 474->468 475 15f52c-15f52f FindClose 474->475 475->461 479 15f453-15f457 477->479 480 15f448-15f44c 477->480 478->474 482 15f481-15f489 call 15f21c 479->482 483 15f459-15f461 call 15f2b4 479->483 480->479 481 15f44e 480->481 481->474 490 15f490-15f497 482->490 491 15f48b 482->491 488 15f463-15f467 call 15f1c8 483->488 489 15f47c 483->489 497 15f46c-15f47a 488->497 489->474 493 15f4a4-15f4ae call 15bbf4 490->493 494 15f499-15f4a0 490->494 491->474 499 15f4b0 493->499 500 15f4b2-15f4d0 call 15f1c8 call 157290 call 15ef6c 493->500 494->493 495 15f4a2 494->495 495->474 497->489 499->474 506 15f4d5-15f4dc 500->506 506->474 507 15f4de-15f4e0 506->507 508 15f4e2-15f507 507->508 509 15f509 507->509 508->474 509->474
                  APIs
                  • GetFileAttributesW.KERNELBASE(?), ref: 0015F314
                  • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 0015F383
                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000,?,?,?,00175180,003D0900), ref: 0015F3F0
                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 0015F51E
                  • FindClose.KERNELBASE(000000FF), ref: 0015F52F
                    • Part of subcall function 0015A094: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 0015A0B6
                    • Part of subcall function 0015A094: FindClose.KERNELBASE(000000FF), ref: 0015A0DC
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$File$CloseFirst$AttributesNextPriorityThread
                  • String ID:
                  • API String ID: 3755735135-0
                  • Opcode ID: 14ffcee2eb540852dc2461ea81c1acbe5f6e69b456452077dfd5355a72ff6898
                  • Instruction ID: 7ef0902b3859bc47b42156d071d2e86d22b51ad0ec4210e8d911bf64f54b0427
                  • Opcode Fuzzy Hash: 14ffcee2eb540852dc2461ea81c1acbe5f6e69b456452077dfd5355a72ff6898
                  • Instruction Fuzzy Hash: 6C618C30900209EFDF21AF60DC45BAEBB76FF11316F104179FC286A1A2D7715A9ADB91
                  Function 0015766C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 531 15766c-157693 533 157822-157827 531->533 534 157699-1576ad call 156844 531->534 537 157806-15780a 534->537 538 1576b3-157700 call 1516c0 FindFirstFileExW 534->538 539 157814-157818 537->539 540 15780c-15780f call 15686c 537->540 538->537 548 157706-15770f 538->548 539->533 542 15781a-15781d call 15686c 539->542 540->539 542->533 549 1577e5-1577f7 FindNextFileW 548->549 550 157715-15771b 548->550 549->548 552 1577fd 549->552 550->549 551 157721-15774f call 156844 550->551 551->549 557 157755-157791 GetFileAttributesW 551->557 552->537 561 157793-15779e 557->561 562 1577ce-1577d1 call 156668 557->562 567 1577a0 561->567 568 1577a2-1577ad 561->568 564 1577d6-1577de call 15686c 562->564 564->549 570 1577bd-1577cc call 15686c 567->570 571 1577af-1577bb call 15766c 568->571 572 1577b9 568->572 570->549 571->561 572->570
                  APIs
                    • Part of subcall function 00156844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00167764,?,00000000,00000000), ref: 00156860
                  • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 001576F3
                  • GetFileAttributesW.KERNELBASE(00000000), ref: 00157786
                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 001577EF
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$Find$AllocateAttributesFirstHeapNext
                  • String ID: *
                  • API String ID: 2400493143-163128923
                  • Opcode ID: b750be68fb74bf005f504665c1fc8dc5caebcf3e99750a935810b6e756702f89
                  • Instruction ID: 3285ebfc72ae30a2a81b4d792935368b3cc8452e967adcf80a108162fe3fbdd2
                  • Opcode Fuzzy Hash: b750be68fb74bf005f504665c1fc8dc5caebcf3e99750a935810b6e756702f89
                  • Instruction Fuzzy Hash: 17414C70C04218EBDF115FA0EC4EBAD7B76FF04307F404560E82AA90A1E7B55AA8DF91
                  Function 00155C24 Relevance: 6.1, APIs: 4, Instructions: 99fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 578 155c24-155c35 579 155c37-155c51 call 155aec 578->579 580 155c56-155c5d 578->580 579->580 581 155c5f-155c79 call 155aec 580->581 582 155c7e-155c85 580->582 581->582 585 155c87-155ca1 call 155aec 582->585 586 155ca6-155cad call 151658 582->586 585->586 592 155cb2-155cb6 586->592 593 155cdd-155ce0 592->593 594 155cb8-155ce2 call 151240 592->594 593->592 598 155ce9-155d04 FindFirstFileW 594->598 599 155d54-155d58 598->599 600 155d06-155d17 call 1511c4 598->600 602 155d5c-155d66 599->602 603 155d5a-155d9c 599->603 608 155d37-155d49 FindNextFileW 600->608 609 155d19-155d2b FindClose call 155a20 600->609 606 155d68-155d6d 602->606 607 155d8b-155d8e 602->607 610 155d86-155d89 606->610 611 155d6f-155d84 call 151240 606->611 607->598 608->600 613 155d4b-155d4e FindClose 608->613 615 155d30-155d34 609->615 610->606 611->607 613->599
                  APIs
                  • FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00155CF7
                  • FindClose.KERNELBASE(000000FF,?,00000000), ref: 00155D1C
                  • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00155D41
                  • FindClose.KERNELBASE(000000FF), ref: 00155D4E
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$CloseFile$FirstNext
                  • String ID:
                  • API String ID: 1164774033-0
                  • Opcode ID: c3eda659aedd4d46ea872c7a58a35f579332376822e9b54d5a2fecde3582b2c1
                  • Instruction ID: 22b45ba286ea184afe6e52d62ab206091b58b9d2a3824662f9d7f0d389105251
                  • Opcode Fuzzy Hash: c3eda659aedd4d46ea872c7a58a35f579332376822e9b54d5a2fecde3582b2c1
                  • Instruction Fuzzy Hash: 8441C071800B08EFDB219FA0DC987997B7AFB10303F6081A1E82E9F561E7B549C9DB11
                  Function 0015B734 Relevance: 4.5, APIs: 3, Instructions: 31nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtSetInformationProcess.NTDLL(000000FF,00000021,00000000,00000004,00000004,00000000,001671D1), ref: 0015B751
                  • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002), ref: 0015B763
                  • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004), ref: 0015B778
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationProcess
                  • String ID:
                  • API String ID: 1801817001-0
                  • Opcode ID: cf4af1bb0b12afafe486cd409977a661ff02259e252dbc2ec39d51ae4659c947
                  • Instruction ID: d053b9cf52963dc3379e6ddab4b74dca42f4048d9ce7c37978e02cbc6904f4c7
                  • Opcode Fuzzy Hash: cf4af1bb0b12afafe486cd409977a661ff02259e252dbc2ec39d51ae4659c947
                  • Instruction Fuzzy Hash: C6F0F8B1680610AFEB21AB94DCC6F1137AC9B05722F500360B6319E0D6D7B09488CA52
                  Function 0015B470 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,9870B143), ref: 0015B4B1
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: MemoryProtectVirtual
                  • String ID:
                  • API String ID: 2706961497-3916222277
                  • Opcode ID: 11e4cddcdac44ed99a4d4e70e1bb329ec3128b7cee80322c28830ff2a0752a6a
                  • Instruction ID: 335f48c80159a2d6cb69ba6c286d52cfb69a80d4e3585ea059847ed7ecdd000c
                  • Opcode Fuzzy Hash: 11e4cddcdac44ed99a4d4e70e1bb329ec3128b7cee80322c28830ff2a0752a6a
                  • Instruction Fuzzy Hash: 34F0BE70904208FBEB10CFA4CC88B9EB7BCEB04326F604294A929EB1C1E7755B448B60
                  Function 00157E58 Relevance: 3.1, APIs: 2, Instructions: 73sleepnativeCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00156844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00167764,?,00000000,00000000), ref: 00156860
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00157E7E
                  • Sleep.KERNELBASE(000007D0,?), ref: 00157F45
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeapInformationQuerySleepSystem
                  • String ID:
                  • API String ID: 3184523392-0
                  • Opcode ID: 44dfd82d376ddda13c7e46be1f3f59561abe339e9fcefb7e479983f2063ec5a5
                  • Instruction ID: d73bab1f08e54b174df9d8df721f1d0a1f6f09c842c2ef872d05690e4f2f497f
                  • Opcode Fuzzy Hash: 44dfd82d376ddda13c7e46be1f3f59561abe339e9fcefb7e479983f2063ec5a5
                  • Instruction Fuzzy Hash: CE213271D04208EFDF01DF90DC46BDEBB79EF04306F608195E925AA191E7B29A89DF90
                  Function 00158F66 Relevance: 3.1, APIs: 2, Instructions: 70nativethreadCOMMON
                  Download Yara Rule
                  APIs
                  • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00158F8A
                    • Part of subcall function 001597D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00159805
                    • Part of subcall function 00159880: NtClose.NTDLL(00000000), ref: 00159971
                  • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,D1F935A5), ref: 00158FC1
                    • Part of subcall function 00158DA8: OpenSCManagerW.SECHOST(00000000,00000000,00000001,7DDDCD9C), ref: 00158DE6
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                  • String ID:
                  • API String ID: 1903255304-0
                  • Opcode ID: 53ae720d71b40a2551967449c9119aa9b4722186fc712b672bf6ca4dc6fb79b1
                  • Instruction ID: 22bc90b9ba4e9b169a56f876e5d767f117bebadeaa66ec47ab83f33529e6330b
                  • Opcode Fuzzy Hash: 53ae720d71b40a2551967449c9119aa9b4722186fc712b672bf6ca4dc6fb79b1
                  • Instruction Fuzzy Hash: 93212770900308FAEF20ABA4CC4EB9E7A7CAF44717F104554B925BE1D5E7B48AC8D752
                  Function 00158F68 Relevance: 3.1, APIs: 2, Instructions: 69nativethreadCOMMON
                  Download Yara Rule
                  APIs
                  • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00158F8A
                    • Part of subcall function 001597D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00159805
                    • Part of subcall function 00159880: NtClose.NTDLL(00000000), ref: 00159971
                  • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,D1F935A5), ref: 00158FC1
                    • Part of subcall function 00158DA8: OpenSCManagerW.SECHOST(00000000,00000000,00000001,7DDDCD9C), ref: 00158DE6
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                  • String ID:
                  • API String ID: 1903255304-0
                  • Opcode ID: 1dd5e9eabec0e3fb2c0a737afd3f19e6055e690facb7006fdd35243d65054b3b
                  • Instruction ID: 84ed27b604d79b35850ea6fb0c44a41f750945460bfc49738b6a3820f5d2f577
                  • Opcode Fuzzy Hash: 1dd5e9eabec0e3fb2c0a737afd3f19e6055e690facb7006fdd35243d65054b3b
                  • Instruction Fuzzy Hash: 4F212770900308FAEF20ABA4CC4EB9E7A7CAF44707F104554B925BE1D5E7B44AC8D752
                  Function 001574BC Relevance: 3.1, APIs: 2, Instructions: 60fileCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00157590: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 001575FF
                    • Part of subcall function 00157590: FindClose.KERNELBASE(000000FF), ref: 0015765C
                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 0015751F
                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 00157576
                    • Part of subcall function 0015766C: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 001576F3
                    • Part of subcall function 0015766C: GetFileAttributesW.KERNELBASE(00000000), ref: 00157786
                    • Part of subcall function 0015766C: FindNextFileW.KERNELBASE(000000FF,?), ref: 001577EF
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: FileFind$First$Next$AttributesClose
                  • String ID:
                  • API String ID: 95010735-0
                  • Opcode ID: ba4faffee94cd3a31abe3fafd3ae8f28db0ae3e8590a2fb22931e75988d1a6da
                  • Instruction ID: d8b3a73ac7da4022c6a775ebccc9086a3571c0d15823bcb8c6a5cc11744496b7
                  • Opcode Fuzzy Hash: ba4faffee94cd3a31abe3fafd3ae8f28db0ae3e8590a2fb22931e75988d1a6da
                  • Instruction Fuzzy Hash: DC210BB194020DEBDB10EBA0DD4EFD9B77DAB14302F4004A1BA1DD6191F7719B988F62
                  Function 00157590 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                  Download Yara Rule
                  APIs
                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 001575FF
                  • FindClose.KERNELBASE(000000FF), ref: 0015765C
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$CloseFileFirst
                  • String ID:
                  • API String ID: 2295610775-0
                  • Opcode ID: add20d1baa868f8ed246cf2e7dc89f68d944b1a78c473d71b7a85b604a331af0
                  • Instruction ID: 8e0906c43e4c456318baa171355ec8ea1508bbd49ea91986fec739e98617d9ba
                  • Opcode Fuzzy Hash: add20d1baa868f8ed246cf2e7dc89f68d944b1a78c473d71b7a85b604a331af0
                  • Instruction Fuzzy Hash: C32130B0800608EFDB109F94ED0DB9C7FB9FB04306F104191E9199A1A1E7719AD8DF55
                  Function 00157E8A Relevance: 3.1, APIs: 2, Instructions: 56sleepnativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00157E7E
                  • Sleep.KERNELBASE(000007D0,?), ref: 00157F45
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQuerySleepSystem
                  • String ID:
                  • API String ID: 3518162127-0
                  • Opcode ID: 7b39daa26f9b2385e594b4d04f92d5e0beb3e75ec004e29ecda22302e217a7eb
                  • Instruction ID: 2bc841be351bb0d016e187f73d414a5ad1922e953b57e59ea1d1b5b6c29e5a72
                  • Opcode Fuzzy Hash: 7b39daa26f9b2385e594b4d04f92d5e0beb3e75ec004e29ecda22302e217a7eb
                  • Instruction Fuzzy Hash: 7B212171904208EFDF01CF90DD46B9DBB75FF04306F608095E925AE191D7B69A89DFA0
                  Function 00157EA3 Relevance: 3.1, APIs: 2, Instructions: 56sleepnativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00157E7E
                  • Sleep.KERNELBASE(000007D0,?), ref: 00157F45
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQuerySleepSystem
                  • String ID:
                  • API String ID: 3518162127-0
                  • Opcode ID: 2907739171055bad1b6481b676f596d0756bd51254182368a52d37e70afdf14a
                  • Instruction ID: 2bc841be351bb0d016e187f73d414a5ad1922e953b57e59ea1d1b5b6c29e5a72
                  • Opcode Fuzzy Hash: 2907739171055bad1b6481b676f596d0756bd51254182368a52d37e70afdf14a
                  • Instruction Fuzzy Hash: 7B212171904208EFDF01CF90DD46B9DBB75FF04306F608095E925AE191D7B69A89DFA0
                  Function 0015E1E8 Relevance: 3.0, APIs: 2, Instructions: 46nativethreadCOMMON
                  Download Yara Rule
                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,0015DE78,00000000,00000000,00000000,?,00000000), ref: 0015E239
                    • Part of subcall function 0015B444: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,00156541,00000000,0017586C,00156390,00000000,00000000,00175858,00156378,00000000,00000000,0017584C), ref: 0015B465
                  • NtClose.NTDLL(00000000,00000000,?,00000000), ref: 0015E24C
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Thread$CloseCreateInformation
                  • String ID:
                  • API String ID: 3895992022-0
                  • Opcode ID: 74c665e797e2b404f9c8e0b44d55c3d16459d37597c34fc400c7d09a8474d99b
                  • Instruction ID: dc06aa419ed032fcd9a35d96eb4fe938ea58272e0e55760840cb030c27124314
                  • Opcode Fuzzy Hash: 74c665e797e2b404f9c8e0b44d55c3d16459d37597c34fc400c7d09a8474d99b
                  • Instruction Fuzzy Hash: 3901AE70740B14FBE3216B546C8AB9D77B9EB14717F200211FE2AAA2D1FBF05EC88655
                  Function 0015B3C0 Relevance: 3.0, APIs: 2, Instructions: 43nativethreadCOMMON
                  Download Yara Rule
                  APIs
                  • NtSetInformationThread.NTDLL(000000FE,00000005,00000008,00000004), ref: 0015B424
                  • NtClose.NTDLL(00000008), ref: 0015B432
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: CloseInformationThread
                  • String ID:
                  • API String ID: 3167811113-0
                  • Opcode ID: ee9357f4c221e80927ea9f3284869ba705ae28480f62096aaf41bbd6b5ee4b4b
                  • Instruction ID: 373c6e3453629608b951f39f005e1a86857bef2a992a44e3788c50918eb610f9
                  • Opcode Fuzzy Hash: ee9357f4c221e80927ea9f3284869ba705ae28480f62096aaf41bbd6b5ee4b4b
                  • Instruction Fuzzy Hash: 5C014F70504208EFF710CF50DC89FAABBB8FB00305F558165EA159F1A1E7B58A98DBA0
                  Function 0015A094 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                  Download Yara Rule
                  APIs
                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 0015A0B6
                  • FindClose.KERNELBASE(000000FF), ref: 0015A0DC
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$CloseFileFirst
                  • String ID:
                  • API String ID: 2295610775-0
                  • Opcode ID: aa5ce46739900c9e3f990e4fad90a7917250cd43e96e3fe2bfd36f8c887389c3
                  • Instruction ID: 586f330e4930a2ada7bc1472af08535f382fece26f1d9047ca6d725f146b3e59
                  • Opcode Fuzzy Hash: aa5ce46739900c9e3f990e4fad90a7917250cd43e96e3fe2bfd36f8c887389c3
                  • Instruction Fuzzy Hash: 8EF0DA74941208EFDB60DFA4CC49B9CBBB5EB44311F208295A918AB2E0D7716F95DF44
                  Function 00159880 Relevance: 1.6, APIs: 1, Instructions: 68nativeCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Close
                  • String ID:
                  • API String ID: 3535843008-0
                  • Opcode ID: 3f1003cf52d396f33d2981644ed0137494dbd24e5a5bc01bc1fe2231f498b956
                  • Instruction ID: 56e93ad880b21a0081d4b22a99bf61850572ea51edc902728613327618f520f2
                  • Opcode Fuzzy Hash: 3f1003cf52d396f33d2981644ed0137494dbd24e5a5bc01bc1fe2231f498b956
                  • Instruction Fuzzy Hash: A8319C70900208EFEB01CF94D848BDEBBB9FB04319F508159E515BA290D7BA9A89DF91
                  Function 001597D8 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00156844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00167764,?,00000000,00000000), ref: 00156860
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00159805
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeapInformationQuerySystem
                  • String ID:
                  • API String ID: 3114120137-0
                  • Opcode ID: 18232c60906eaa7270b8f64e481825c63051f4bbd36daea836c7c831322158f6
                  • Instruction ID: 8394020e5f1a4048ae528853ebe12bc25975cf11cddbcd7d64de9b3b49f6aef0
                  • Opcode Fuzzy Hash: 18232c60906eaa7270b8f64e481825c63051f4bbd36daea836c7c831322158f6
                  • Instruction Fuzzy Hash: EA115B71D0010CFBCF11DF95D880ADDBB74EF25316F6081A6ED20AA251D7325E549B91
                  Function 00155A20 Relevance: 1.5, APIs: 1, Instructions: 40libraryloaderCOMMON
                  Download Yara Rule
                  APIs
                  • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 00155A71
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Load
                  • String ID:
                  • API String ID: 2234796835-0
                  • Opcode ID: d6b8f4b0f85d2d08b45f81c6d36b95d5f102c36fc2fd3bfec4ab25dc483b0aba
                  • Instruction ID: dc0018dac28c49207f8af5ed28af2ce771758fd247ce8a3cb7a4ebd78a955f70
                  • Opcode Fuzzy Hash: d6b8f4b0f85d2d08b45f81c6d36b95d5f102c36fc2fd3bfec4ab25dc483b0aba
                  • Instruction Fuzzy Hash: 80F03C36D0010DFADF10EE94D848FDEB7BDFB14315F4041A2A929AB040D330AB4C8BA0
                  Function 0015DC60 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtTerminateProcess.NTDLL(00157DB8,00000000), ref: 0015DCC3
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: ProcessTerminate
                  • String ID:
                  • API String ID: 560597551-0
                  • Opcode ID: 0b8a546c0166d135ddca1fba1b042635145c7f5ec61b6c454b3d3e0f29cd93d0
                  • Instruction ID: ce9831e844ba2abcc45e3f7a8ce2b9e7f1777bc20441271e342015191f5b3350
                  • Opcode Fuzzy Hash: 0b8a546c0166d135ddca1fba1b042635145c7f5ec61b6c454b3d3e0f29cd93d0
                  • Instruction Fuzzy Hash: 8601EC70900208EFDB00CF90D848BDEBBB8FB04319F108198E505AB291E7B79685CF91
                  Function 0015B674 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtQueryInformationToken.NTDLL(?,00000001,?,0000002C,?), ref: 0015B69E
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQueryToken
                  • String ID:
                  • API String ID: 4239771691-0
                  • Opcode ID: 3d2583f013c08b13c904991bfd4b6b0f694f58f85bfe78df023d3662697b6203
                  • Instruction ID: 13178c2d0cbd3ae7094d17957af57ebcfc3793cee20ef661aae9077af080724b
                  • Opcode Fuzzy Hash: 3d2583f013c08b13c904991bfd4b6b0f694f58f85bfe78df023d3662697b6203
                  • Instruction Fuzzy Hash: EAF03031605208EFEB10DB94DCC9EADB77DFB04316FA00165F919D71A0E7B19E948740
                  Function 00159811 Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00159805
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQuerySystem
                  • String ID:
                  • API String ID: 3562636166-0
                  • Opcode ID: 4c9c857ec65c413c3ace08c4a51a32ed993fc23e461ec58ed7bac24514d4be12
                  • Instruction ID: 6f68c506693d867e2867576ed50b95d2187a3e532721d6f6a589350e233f6714
                  • Opcode Fuzzy Hash: 4c9c857ec65c413c3ace08c4a51a32ed993fc23e461ec58ed7bac24514d4be12
                  • Instruction Fuzzy Hash: A0F03A35D04108EBDF15DF85D8C0BACB778EF25302F204092EE21AE150D371AA94EB92
                  Function 0015982A Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00159805
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationQuerySystem
                  • String ID:
                  • API String ID: 3562636166-0
                  • Opcode ID: 74a1305996e7ab8354033116ba54518f84e4f20256f72a55a1989fdd07779f97
                  • Instruction ID: 6f68c506693d867e2867576ed50b95d2187a3e532721d6f6a589350e233f6714
                  • Opcode Fuzzy Hash: 74a1305996e7ab8354033116ba54518f84e4f20256f72a55a1989fdd07779f97
                  • Instruction Fuzzy Hash: A0F03A35D04108EBDF15DF85D8C0BACB778EF25302F204092EE21AE150D371AA94EB92
                  Function 0015B444 Relevance: 1.5, APIs: 1, Instructions: 18nativethreadCOMMON
                  Download Yara Rule
                  APIs
                  • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,00156541,00000000,0017586C,00156390,00000000,00000000,00175858,00156378,00000000,00000000,0017584C), ref: 0015B465
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationThread
                  • String ID:
                  • API String ID: 4046476035-0
                  • Opcode ID: c9ffeccac38bfb9ef4045d6c9e8f8eb0c69d80d73f10f9d90aa26e959835e220
                  • Instruction ID: 2615b1722f2f9e6b4470e4af9217879a25af67f7ee31763cac523bcb5599a983
                  • Opcode Fuzzy Hash: c9ffeccac38bfb9ef4045d6c9e8f8eb0c69d80d73f10f9d90aa26e959835e220
                  • Instruction Fuzzy Hash: DCD05E725A460CEAE7109B54DC45BB6336DD311302F104124B61B8A4D1D7B0A4D48664
                  Function 0015A470 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                  Download Yara Rule
                  APIs
                  • GetLogicalDriveStringsW.KERNELBASE(?,?), ref: 0015A47B
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: DriveLogicalStrings
                  • String ID:
                  • API String ID: 2022863570-0
                  • Opcode ID: 047f9ad08350503ec417b72e7b6b731d32a654893986e9f3ff68aa92b62efa64
                  • Instruction ID: ad53394ca9d8eaeec2598a59fd2c2fbc9b5e8f90b2b52285b97a8dc5457809d6
                  • Opcode Fuzzy Hash: 047f9ad08350503ec417b72e7b6b731d32a654893986e9f3ff68aa92b62efa64
                  • Instruction Fuzzy Hash: C8C09236000208EF8B019F88ED48C85BFFAEB18B007048061F6084B531CB72E8A0EBA5
                  Function 0016946F Relevance: 47.5, APIs: 31, Instructions: 1045windowlibraryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: LibraryTextWindow$CreateDialogFreeLoad$BrushColorCommandErrorLastLineMenuPixelProc$ButtonCapsCheckedCountDeviceExitHeapImageItemMessageNamePaletteParamProcessSelectSolidTick
                  • String ID:
                  • API String ID: 2067994032-0
                  • Opcode ID: e459d95a846f37dc732affc18ba51a74a43572ae4b7586f2658c5aba3fcac418
                  • Instruction ID: 68d811fe0c0f388f5dbf2880e94ca6d8d674150c9f4d6ee0261ff526e9c75ebf
                  • Opcode Fuzzy Hash: e459d95a846f37dc732affc18ba51a74a43572ae4b7586f2658c5aba3fcac418
                  • Instruction Fuzzy Hash: 6101B295469401AAC2513BF0AC0BB6CBAA96F3632DF2A17A8B51C260E38F204430C633
                  Function 0015C28C Relevance: 7.6, APIs: 5, Instructions: 134fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 511 15c28c-15c2b7 CreateFileW 512 15c3ed-15c3f3 511->512 513 15c2bd-15c2d6 511->513 514 15c2dc-15c2ee call 1517ac 513->514 517 15c2f5-15c318 WriteFile 514->517 518 15c32c-15c351 WriteFile 517->518 519 15c31a-15c329 517->519 520 15c365-15c388 WriteFile 518->520 521 15c353-15c362 518->521 523 15c39c-15c3c1 WriteFile 520->523 524 15c38a-15c399 520->524 526 15c3d5-15c3e2 523->526 527 15c3c3-15c3d2 523->527 526->517 529 15c3e8 526->529 529->514
                  APIs
                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,00000000), ref: 0015C2AA
                  • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,00176000,?,?,?,00000000), ref: 0015C30B
                  • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,?,?,00000000), ref: 0015C344
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$Write$Create
                  • String ID:
                  • API String ID: 1602526932-0
                  • Opcode ID: 1958ff1fe99d623fa5d0f02206beb7b5e5c732f7a96cf75b788a80349d16e510
                  • Instruction ID: cfa757a80768bde8a8ecfee6eb477edb677f8d657d46ac1a26432c12c58979e0
                  • Opcode Fuzzy Hash: 1958ff1fe99d623fa5d0f02206beb7b5e5c732f7a96cf75b788a80349d16e510
                  • Instruction Fuzzy Hash: 1B412F71A0420CFFDB00DB94EC45BEEFB7AFB54312F5041A6EA04A6191E3714A94DB91
                  Function 0015E45C Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 617 15e45c-15e49a SetFileAttributesW CreateFileW 618 15e511-15e518 617->618 619 15e49c-15e4b9 SetFilePointerEx 617->619 620 15e508 619->620 621 15e4bb-15e4d8 ReadFile 619->621 620->618 621->620 622 15e4da-15e4ef call 15e350 621->622 622->620 625 15e4f1-15e4f9 622->625 626 15e502-15e503 call 15686c 625->626 627 15e4fb 625->627 626->620 627->626
                  APIs
                  • SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 0015E475
                  • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0015E48D
                  • SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 0015E4B1
                  • ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 0015E4D0
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$AttributesCreatePointerRead
                  • String ID:
                  • API String ID: 4170910816-0
                  • Opcode ID: 10e512b0cb0a719a08e2cb935fb7062518ce5d63e2d12c88e0f8f44b49440c64
                  • Instruction ID: 0761bb89932f78c529cd72ed6e1cde5ca126dfc735e8094ef344c34fce8e58ae
                  • Opcode Fuzzy Hash: 10e512b0cb0a719a08e2cb935fb7062518ce5d63e2d12c88e0f8f44b49440c64
                  • Instruction Fuzzy Hash: 8E114674A50308FBEB209F60DC49F5D7BB9BB04701F5040A4BA19EA0D1EBB19B948B14
                  Function 0015EF6C Relevance: 4.6, APIs: 3, Instructions: 139fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 629 15ef6c-15ef87 630 15f155-15f15e 629->630 631 15ef8d-15ef97 call 15e3ac 629->631 634 15f14d-15f150 call 15686c 631->634 635 15ef9d-15efa7 call 15e45c 631->635 634->630 635->634 639 15efad-15efb7 call 15ebd8 635->639 642 15efcc-15efd5 call 15ece4 639->642 643 15efb9-15efca call 15ec00 639->643 647 15efda 642->647 648 15efdd-15efe1 643->648 647->648 648->634 649 15efe7-15eff7 MoveFileExW 648->649 650 15eff9 649->650 651 15effb-15f006 649->651 652 15f047-15f04b 650->652 653 15f034-15f043 call 15686c 651->653 654 15f008-15f02c call 15686c call 15ece4 651->654 656 15f051-15f073 CreateFileW 652->656 657 15f13f-15f143 652->657 653->652 668 15f030 654->668 669 15f02e 654->669 662 15f075 656->662 663 15f07a-15f093 call 15ed30 656->663 657->634 660 15f145-15f148 call 15686c 657->660 660->634 662->657 672 15f095-15f09e 663->672 673 15f0a3-15f0b8 CreateIoCompletionPort 663->673 668->649 669->652 672->657 674 15f0dc-15f0fe 673->674 675 15f0ba-15f0da call 15686c 673->675 680 15f100-15f120 call 15686c 674->680 681 15f122-15f138 674->681 675->657 680->657 681->657
                  APIs
                    • Part of subcall function 0015E3AC: SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 0015E3CD
                    • Part of subcall function 0015E3AC: CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 0015E3E5
                    • Part of subcall function 0015E45C: SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 0015E475
                    • Part of subcall function 0015E45C: CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0015E48D
                    • Part of subcall function 0015E45C: SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 0015E4B1
                    • Part of subcall function 0015E45C: ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 0015E4D0
                  • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0015EFEF
                  • CreateIoCompletionPort.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 0015F0B0
                  • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 0015F066
                    • Part of subcall function 0015686C: RtlFreeHeap.NTDLL(?,00000000,00000000,?,001677F4,00000000), ref: 00156888
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$Create$Attributes$CompletionFreeHeapMovePointerPortRead
                  • String ID:
                  • API String ID: 97630321-0
                  • Opcode ID: 5062f1500ab2a84c8a8c8b09d06343f07aface737e0cd2a36f33d98f25778db8
                  • Instruction ID: 008cf41f8549c53e6460e2ea74f2a09a9f2be84c2694881346ab5a02684cc5d2
                  • Opcode Fuzzy Hash: 5062f1500ab2a84c8a8c8b09d06343f07aface737e0cd2a36f33d98f25778db8
                  • Instruction Fuzzy Hash: E7513830900604FBEF156FA1DC49B9D7FB6FB10346F208068F929A90A1D7B68AD9DF40
                  Function 0015C19C Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 690 15c19c-15c1b1 691 15c1b3 690->691 692 15c1b8-15c1c9 call 156934 690->692 693 15c283-15c287 691->693 696 15c1d0-15c1de GetFileAttributesW 692->696 697 15c1cb 692->697 698 15c1e0-15c1fa call 1516c0 696->698 699 15c1fc-15c21c call 1516c0 696->699 697->693 706 15c21f-15c223 698->706 699->706 708 15c225-15c23c call 15c28c call 15686c 706->708 709 15c23e-15c244 706->709 708->693 711 15c255-15c260 GetFileAttributesW 709->711 712 15c246-15c249 call 15c28c 709->712 714 15c262-15c26c call 15686c 711->714 715 15c26e-15c27e CopyFileW call 15686c 711->715 717 15c24e-15c253 712->717 714->712 715->693 717->693
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7bd900d43921ace40e41a17cc9a2e560b103927bbd94dfb4a43623f2bfc68c40
                  • Instruction ID: 1292228ab1e484d244d92747e87236eb008c6faeb5db1d2cad33fbc900f634f7
                  • Opcode Fuzzy Hash: 7bd900d43921ace40e41a17cc9a2e560b103927bbd94dfb4a43623f2bfc68c40
                  • Instruction Fuzzy Hash: FE21B630804608EFDF11AFA4DD4A75D7A72AB25316F6041A0F82969171C7B20EA8BB85
                  Function 0015A488 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 723 15a488-15a4c6 CreateThread 724 15a524-15a52a 723->724 725 15a4c8-15a4cc 723->725 726 15a4ce-15a4d4 call 15b3c0 725->726 727 15a4fa-15a51b ResumeThread GetExitCodeThread 725->727 729 15a4d9-15a4db 726->729 727->724 729->727 731 15a4dd-15a4f7 729->731
                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,0015A470,?,00000004,00000000), ref: 0015A4B9
                  • ResumeThread.KERNELBASE(00000000), ref: 0015A4FD
                  • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 0015A515
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Thread$CodeCreateExitResume
                  • String ID:
                  • API String ID: 4070214711-0
                  • Opcode ID: 864ae9c7f140bafa8f7f06407b9ff554a0630cf326f965a4d1bb4b48eb3de550
                  • Instruction ID: 17c9ca3a142b3a2d7aa617fe48cbbdbd5f50a61b1326000c34fb409076480462
                  • Opcode Fuzzy Hash: 864ae9c7f140bafa8f7f06407b9ff554a0630cf326f965a4d1bb4b48eb3de550
                  • Instruction Fuzzy Hash: 8D11E670940208FFDB11DF94DD09B9DBBB6FF04312F2041A5F929A62A0E7B15A94EB41
                  Function 0015A1C0 Relevance: 4.5, APIs: 3, Instructions: 46threadCOMMON
                  Download Yara Rule
                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,0015A1B0,?,00000004,00000000), ref: 0015A1E4
                  • ResumeThread.KERNELBASE(00000000), ref: 0015A228
                  • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 0015A240
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Thread$CodeCreateExitResume
                  • String ID:
                  • API String ID: 4070214711-0
                  • Opcode ID: 593e1563521df629a94859a44b55fa788710d382f3560971041ab173b146d915
                  • Instruction ID: f5400cdaf54c9505908e96c570acd0f6d2a03964835ee2fc5b4162feb931d2a8
                  • Opcode Fuzzy Hash: 593e1563521df629a94859a44b55fa788710d382f3560971041ab173b146d915
                  • Instruction Fuzzy Hash: 4E11E531944608FFDB119F90DD0AB9CBB72EF04312F204294FA19665A0E7B25A94EB41
                  Function 0015782C Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 295COMMON
                  Download Yara Rule
                  APIs
                  • CoInitialize.OLE32(00000000), ref: 00157853
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Initialize
                  • String ID: @
                  • API String ID: 2538663250-2766056989
                  • Opcode ID: 58072cde540292a56104258cbe1ee8b6d51d8b221edb172d6be6a2e72c25ad32
                  • Instruction ID: be158179c27ee41951dfc2d258775b0cc7bc101cc7fc60464762ff010d0a0721
                  • Opcode Fuzzy Hash: 58072cde540292a56104258cbe1ee8b6d51d8b221edb172d6be6a2e72c25ad32
                  • Instruction Fuzzy Hash: 0ED107B490020AEFDB10CF90D889F9ABB79FF04301F158195E914AF2A1D779DA84CF65
                  Function 0015E3AC Relevance: 3.1, APIs: 2, Instructions: 58fileCOMMON
                  Download Yara Rule
                  APIs
                  • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 0015E3CD
                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 0015E3E5
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$AttributesCreate
                  • String ID:
                  • API String ID: 415043291-0
                  • Opcode ID: 2842d01ec21d0a4bd6ad45a6a26a42d2b32b7e223fedc78fcb13ef0bc048cd6c
                  • Instruction ID: ffe97548ca5339374dbeaab6f4133eedeaa806859b89ecb1f6b4014ea753cf71
                  • Opcode Fuzzy Hash: 2842d01ec21d0a4bd6ad45a6a26a42d2b32b7e223fedc78fcb13ef0bc048cd6c
                  • Instruction Fuzzy Hash: 55118F70D04208FBEB284B50EC09BA97BB5EB04723F208226FD35AD4E0D3B05BC99A45
                  Function 0015F032 Relevance: 3.0, APIs: 2, Instructions: 36fileCOMMON
                  Download Yara Rule
                  APIs
                  • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0015EFEF
                  • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 0015F066
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$CreateMove
                  • String ID:
                  • API String ID: 3198096935-0
                  • Opcode ID: 752dd0011e1b7206231d4e22e386e2607ad7dc0ab709114a837ea8b053437069
                  • Instruction ID: 92168ab24affb454b8b7e40a00d54ede2c3f8d28a70f58735cf31c08533a8fa2
                  • Opcode Fuzzy Hash: 752dd0011e1b7206231d4e22e386e2607ad7dc0ab709114a837ea8b053437069
                  • Instruction Fuzzy Hash: 4AF06230D00204FADF255B54EC49FACBB72EB10713F20817AB931690E0C7711B99EB45
                  Function 00157468 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                  Download Yara Rule
                  APIs
                  • GetLogicalDriveStringsW.KERNELBASE(00000104,?), ref: 0015747F
                  • GetDriveTypeW.KERNELBASE(?), ref: 00157495
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Drive$LogicalStringsType
                  • String ID:
                  • API String ID: 1630765265-0
                  • Opcode ID: bc56cf19cc0dfbdcdd6b1ffa9d9639938a15d85a035b46192db546cc7a0d5819
                  • Instruction ID: e53a2b94c0ba22c9bc3870ae658bdbf4dff491b0e69eee72cf1fc166176238bc
                  • Opcode Fuzzy Hash: bc56cf19cc0dfbdcdd6b1ffa9d9639938a15d85a035b46192db546cc7a0d5819
                  • Instruction Fuzzy Hash: 43E02B32504719DBDF20B6D5BCC69EB776DCB11302F000150EE28D6041CBA49DCAC6E1
                  Function 0015E430 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                  Download Yara Rule
                  APIs
                  • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 0015E3CD
                  • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 0015E3E5
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: File$AttributesCreate
                  • String ID:
                  • API String ID: 415043291-0
                  • Opcode ID: 9b7375de71061f01fb6b2ed8f87369c59eaa4e1ed453122a93c29096dd450a70
                  • Instruction ID: b89b3f42b7a4d0e156bd7a23891b2b67531e50c2d1bdd277e514807d0974ac20
                  • Opcode Fuzzy Hash: 9b7375de71061f01fb6b2ed8f87369c59eaa4e1ed453122a93c29096dd450a70
                  • Instruction Fuzzy Hash: AAE04830D44604FAEB391B20DC09F583AB2AB04752F605121FE75EC0E0C7B097D9DB05
                  Function 00160BE4 Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateThread
                  • String ID:
                  • API String ID: 2422867632-0
                  • Opcode ID: c7105698eb3afe5ec50ecb5107fe8e66ffc9fba3e300a2061905320c6b4c8261
                  • Instruction ID: 25ee34c2a6ac29c3b2ac2a5dccb9b297a5f7a7062891b95237dd2de4fa09f1c0
                  • Opcode Fuzzy Hash: c7105698eb3afe5ec50ecb5107fe8e66ffc9fba3e300a2061905320c6b4c8261
                  • Instruction Fuzzy Hash: C2619C70D0060AEFDF129FD4DC45BAFBB75EB18306F204229E9157A1A0D7B56AA4CF90
                  Function 0015639C Relevance: 1.6, APIs: 1, Instructions: 134memoryCOMMON
                  Download Yara Rule
                  APIs
                  • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,E80C4717,?,?,00169487), ref: 001563C5
                    • Part of subcall function 0015B444: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,00156541,00000000,0017586C,00156390,00000000,00000000,00175858,00156378,00000000,00000000,0017584C), ref: 0015B465
                    • Part of subcall function 0015B470: NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,9870B143), ref: 0015B4B1
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateHeapInformationMemoryProtectThreadVirtual
                  • String ID:
                  • API String ID: 2986011945-0
                  • Opcode ID: 25ee65200b96ed725b4a6b1c4e08c849642ea26be4a7b1cb4acb516d14de5345
                  • Instruction ID: 599b68b61e2e5952a666c80fa92c7232f091dba883e92cae367e0ecfbf83e9a0
                  • Opcode Fuzzy Hash: 25ee65200b96ed725b4a6b1c4e08c849642ea26be4a7b1cb4acb516d14de5345
                  • Instruction Fuzzy Hash: 1D316931785BA0F9D7B032A68C1FE5F2E7E9DE2F977C041447C2CAE0868BE4644985B5
                  Function 00157CA4 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                  Download Yara Rule
                  APIs
                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000004), ref: 00157CBF
                    • Part of subcall function 00156844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00167764,?,00000000,00000000), ref: 00156860
                    • Part of subcall function 0015DC60: NtTerminateProcess.NTDLL(00157DB8,00000000), ref: 0015DCC3
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeapManagerOpenProcessTerminate
                  • String ID:
                  • API String ID: 3645570960-0
                  • Opcode ID: 870ffdf40061100a85cbc90db6425ead9790e7027ed004736f7e36a0b01fcd55
                  • Instruction ID: 4dda1049606bf768f4ae86bdab96e42ebfcbca4d3a743cc389bf26547695bc6f
                  • Opcode Fuzzy Hash: 870ffdf40061100a85cbc90db6425ead9790e7027ed004736f7e36a0b01fcd55
                  • Instruction Fuzzy Hash: 32411730940208FBEF119BD0EC0ABEDBB7AEF04706F504065FA15BA0E0D7B55A94DB50
                  Function 00155DA0 Relevance: 1.6, APIs: 1, Instructions: 106memoryCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00155C24: FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00155CF7
                    • Part of subcall function 00155C24: FindClose.KERNELBASE(000000FF,?,00000000), ref: 00155D1C
                  • RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,00156408,0017540C,00155EE8,00000000,00000000,7E631824), ref: 00155DE4
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$AllocateCloseFileFirstHeap
                  • String ID:
                  • API String ID: 1673784098-0
                  • Opcode ID: 6aa6ab6f3a8d40e69fdb75059b62d8e3266041796467851bdc4e4ca92ca89f1e
                  • Instruction ID: 70ce26eebbc393ab97f4afbb195af9f8e7dd60fbb2fa2969dd54fe691a4505a0
                  • Opcode Fuzzy Hash: 6aa6ab6f3a8d40e69fdb75059b62d8e3266041796467851bdc4e4ca92ca89f1e
                  • Instruction Fuzzy Hash: 1031F435604742DED721CF288891715FA96FF11312F18C7A9E919CF293EBB1C488CB9A
                  Function 001590BC Relevance: 1.6, APIs: 1, Instructions: 78serviceCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 0015903C: RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 0015905E
                  • CloseServiceHandle.ADVAPI32(00000000), ref: 001591AF
                    • Part of subcall function 0015DC60: NtTerminateProcess.NTDLL(00157DB8,00000000), ref: 0015DCC3
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: AdjustCloseHandlePrivilegeProcessServiceTerminate
                  • String ID:
                  • API String ID: 3176663195-0
                  • Opcode ID: 05710af6301bb4b18f80ac9fcfa558dff312eefc3dff184c5021fee03e60059a
                  • Instruction ID: 4638d68dbbf70a6edc9cae47c05e4567b8e882c29aeabed6f383084108c736fe
                  • Opcode Fuzzy Hash: 05710af6301bb4b18f80ac9fcfa558dff312eefc3dff184c5021fee03e60059a
                  • Instruction Fuzzy Hash: 6F312770940619EFEB109FA0DC4DB9DBFBAAF04716F404064FA18AA1E0D7B59AD8CB51
                  Function 00158DA8 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 001597D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00159805
                  • OpenSCManagerW.SECHOST(00000000,00000000,00000001,7DDDCD9C), ref: 00158DE6
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: InformationManagerOpenQuerySystem
                  • String ID:
                  • API String ID: 1910025873-0
                  • Opcode ID: e552acbd94fbc54529aa29874a77f67ef19bcdfaf226dd24fdc9c878020e9da3
                  • Instruction ID: 218b48547fecc9728592121333dc1bfa80b3e849cc7aef77e9f6530ad7000354
                  • Opcode Fuzzy Hash: e552acbd94fbc54529aa29874a77f67ef19bcdfaf226dd24fdc9c878020e9da3
                  • Instruction Fuzzy Hash: B231FA70900608EFDB14CF90C94ABADBBB5EB04706F548095F916BF2A1DBB58E88CF51
                  Function 00156550 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b2d80ffd685d7923ff0d7dd19942ae8faa16fbc18f95902915a9742b0cc66359
                  • Instruction ID: 055056a7604cb7ad6ff2b9c6ef55d1dd8983c586d1ec3290774344c8e255cb71
                  • Opcode Fuzzy Hash: b2d80ffd685d7923ff0d7dd19942ae8faa16fbc18f95902915a9742b0cc66359
                  • Instruction Fuzzy Hash: 87219A70951208EFDF109F94DC05BADBBB1FF15306FA001B4E814AB2A1E7714E98EB84
                  Function 0015F82C Relevance: 1.6, APIs: 1, Instructions: 302COMMON
                  Download Yara Rule
                  APIs
                  • CoInitialize.OLE32(00000000,?,?,?,?,00000000), ref: 0015F85B
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Initialize
                  • String ID:
                  • API String ID: 2538663250-0
                  • Opcode ID: 09c5439c418a1ea367010ffda71fbd1b810a17117c6dfd7a0c1b5b76cf121506
                  • Instruction ID: f8d24703755909af32f1a6356d88f074b7af0286fd4cfe302475d00bea7754a0
                  • Opcode Fuzzy Hash: 09c5439c418a1ea367010ffda71fbd1b810a17117c6dfd7a0c1b5b76cf121506
                  • Instruction Fuzzy Hash: D7C1397490020AEFDB14DFA0D948B9ABB79FF00301F118069E915AF262D7799A89CF61
                  Function 00159BB0 Relevance: 1.5, APIs: 1, Instructions: 46synchronizationCOMMON
                  Download Yara Rule
                  APIs
                  • CreateMutexW.KERNELBASE(0000000C,00000001,00000000), ref: 00159C4B
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateMutex
                  • String ID:
                  • API String ID: 1964310414-0
                  • Opcode ID: cb9b789ceb239d3e38279a1c1cc1b4ad4efff398433f35a06808a50fa3146a31
                  • Instruction ID: 9562250815e958c5add57c12a8bb3a3080d420426edebbc1ee713d32be779a27
                  • Opcode Fuzzy Hash: cb9b789ceb239d3e38279a1c1cc1b4ad4efff398433f35a06808a50fa3146a31
                  • Instruction Fuzzy Hash: CD118470904704EEEB12DBA0ED09B6D7BB6AB08303F540165F9289E5F0E7F51AC4DB46
                  Function 0015903C Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                  Download Yara Rule
                  APIs
                  • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 0015905E
                    • Part of subcall function 001597D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00159805
                    • Part of subcall function 00159880: NtClose.NTDLL(00000000), ref: 00159971
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: AdjustCloseInformationPrivilegeQuerySystem
                  • String ID:
                  • API String ID: 327775174-0
                  • Opcode ID: d4fbdb2d89e6990dfe5b3d2104609fd186a8a0cb0135127983d3457d24bb3d02
                  • Instruction ID: e16f749ce8d6ebee493eabe90e3a40f11749577112def03d1608ac5fd0aceaaa
                  • Opcode Fuzzy Hash: d4fbdb2d89e6990dfe5b3d2104609fd186a8a0cb0135127983d3457d24bb3d02
                  • Instruction Fuzzy Hash: B601F470940308FFEB209FA4CC4DFDD7A799B04716F104594B915AA1D0E7B58AC4C792
                  Function 0015B708 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                  Download Yara Rule
                  APIs
                  • RtlAdjustPrivilege.NTDLL(00000000,00000001,00000000,?), ref: 0015B727
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: AdjustPrivilege
                  • String ID:
                  • API String ID: 3260937286-0
                  • Opcode ID: e4c5a2157b5a141660a829f744dbd99b3b56d2f8ffc3053d35a7e6d35c2c71cf
                  • Instruction ID: 52f068a7f2dbb0c4f8a319e9557c19f75207069df6b4c6bed631814e7a669b8b
                  • Opcode Fuzzy Hash: e4c5a2157b5a141660a829f744dbd99b3b56d2f8ffc3053d35a7e6d35c2c71cf
                  • Instruction Fuzzy Hash: B0D02B3150C205E6D73416546C81BF2336EC784323F100311AD27DF0D0FB625A8801E1
                  Function 00156894 Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
                  Download Yara Rule
                  APIs
                  • RtlReAllocateHeap.NTDLL(?,00000008,?,00000400,?,00159825,?,00000400), ref: 001568B3
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: b64f0949e2efd17e6a54dce09e9dca814bc81724fc1b9d551d7f33d5df7a2213
                  • Instruction ID: 476d68625189b9403e822d899ecb37b3d6a66151172ab86f9a9761ec2009cd41
                  • Opcode Fuzzy Hash: b64f0949e2efd17e6a54dce09e9dca814bc81724fc1b9d551d7f33d5df7a2213
                  • Instruction Fuzzy Hash: 24D0C735140704FFCB515F549C05FCA7729BB54711F418050FE554F461DB75D594DB90
                  Function 00156844 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                  Download Yara Rule
                  APIs
                  • RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00167764,?,00000000,00000000), ref: 00156860
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: b45b6ea3ff93fd8eb061d54c42a41e9064061bc0678e36c48de06467f0f52fd9
                  • Instruction ID: 77613b0431036ca6dbfd98efa4732bf7c311aff64b73b5e21ea7681cebc7a1d5
                  • Opcode Fuzzy Hash: b45b6ea3ff93fd8eb061d54c42a41e9064061bc0678e36c48de06467f0f52fd9
                  • Instruction Fuzzy Hash: 98D02230140704FFC3009F58A805FC63728AB20303F804010BB484F0A1CB71D8D0DBD0
                  Function 0015686C Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                  Download Yara Rule
                  APIs
                  • RtlFreeHeap.NTDLL(?,00000000,00000000,?,001677F4,00000000), ref: 00156888
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: FreeHeap
                  • String ID:
                  • API String ID: 3298025750-0
                  • Opcode ID: a11a2934dee54de11c996d3af8f5271086ee6067bd2c6818a9aa7db95aaf50f1
                  • Instruction ID: db18f501ec3906933a3ed61227f2210e20317dbd2a5900addeb4e65fd17b6f95
                  • Opcode Fuzzy Hash: a11a2934dee54de11c996d3af8f5271086ee6067bd2c6818a9aa7db95aaf50f1
                  • Instruction Fuzzy Hash: EAD01231144704EFC7259F58A809FD63769AB14705F850411BB494F0A1D775D8D0DAD4
                  Function 0015B4DC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                  Download Yara Rule
                  APIs
                  • CheckTokenMembership.KERNELBASE(00000000,0015B4CC,?), ref: 0015B4ED
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: CheckMembershipToken
                  • String ID:
                  • API String ID: 1351025785-0
                  • Opcode ID: be7b46d45ebbaa30fa168d31e9700013f75dcae325c091598d90a6c9b92b1c3d
                  • Instruction ID: ca8beb2187833c715a9a2fa671fef1db94296a05f1c8b33620070c727b5cc0b7
                  • Opcode Fuzzy Hash: be7b46d45ebbaa30fa168d31e9700013f75dcae325c091598d90a6c9b92b1c3d
                  • Instruction Fuzzy Hash: 6CC0123454420CE7D610D694EC46A59B3AC9704A21F500390BD1C922C1E7A15F5445D1
                  Function 0015A1B0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                  Download Yara Rule
                  APIs
                  • GetDriveTypeW.KERNELBASE(?), ref: 0015A1B6
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: DriveType
                  • String ID:
                  • API String ID: 338552980-0
                  • Opcode ID: 28cc259fdfa249a2eeab23d30f093b091f18e1043c35119021f998fdd97708d2
                  • Instruction ID: d42a87d74d9c751c3da62bce8f360c55f3faac800a56feeaeb90a29f38963b3c
                  • Opcode Fuzzy Hash: 28cc259fdfa249a2eeab23d30f093b091f18e1043c35119021f998fdd97708d2
                  • Instruction Fuzzy Hash: 7AB0123100010CE787005B41FC048857F6ED7107617004021F50800420877254E1D5A4
                  Function 0015782A Relevance: 1.4, APIs: 1, Instructions: 159COMMON
                  Download Yara Rule
                  APIs
                  • CoInitialize.OLE32(00000000), ref: 00157853
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Initialize
                  • String ID:
                  • API String ID: 2538663250-0
                  • Opcode ID: 8cc2dcaae67defe3b298f7317f26e5ff9a1553f554dca59db2b74f50c4eb3e84
                  • Instruction ID: 37299695148590f93ee9e3bf124b75fc2f1bb050cc254ac98d886921fc7f5a3d
                  • Opcode Fuzzy Hash: 8cc2dcaae67defe3b298f7317f26e5ff9a1553f554dca59db2b74f50c4eb3e84
                  • Instruction Fuzzy Hash: 7B8105B8850306DFC710DF50D989F89BB78BF05354F568198D9185F2A2C3BADA84CF66
                  Function 0015DE48 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                  Download Yara Rule
                  APIs
                  • Sleep.KERNELBASE(000000C8,?,?,0015E405,00000000,?,00000000,?,?,?), ref: 0015DE6B
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID: Sleep
                  • String ID:
                  • API String ID: 3472027048-0
                  • Opcode ID: d1c67dccaaa6a4d4df267e4f543a3c529a0c09a570f4f3c5227145d249a17778
                  • Instruction ID: 7ae4626051ae1806e1d2dd675a6fef12f1b28e708baada5fc6ae7e6ab2db48e0
                  • Opcode Fuzzy Hash: d1c67dccaaa6a4d4df267e4f543a3c529a0c09a570f4f3c5227145d249a17778
                  • Instruction Fuzzy Hash: D6D0A771205304ABDB217AE47CC290EF609EB21301F008137FE154D102CBF1CC5C8350

                  Non-executed Functions

                  Function 00154D08 Relevance: .3, Instructions: 328COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 420bca5a187862cd27c96e29248fb766339bf45bc93b718d9bd62a2612aaf525
                  • Instruction ID: ac5e974dfca54bd9810220fe5784a084271b2bb94400c1358af5f4cb0de44625
                  • Opcode Fuzzy Hash: 420bca5a187862cd27c96e29248fb766339bf45bc93b718d9bd62a2612aaf525
                  • Instruction Fuzzy Hash: 6EE1347AA24E02CFD729CF19E8C0635B3A2FB99341F198538C6258BF55C335F5A0DA90
                  Function 001520AC Relevance: .3, Instructions: 307COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                  • Instruction ID: e4b123a2d3a9719183ae4b43c3cdf6df100dfe233da9135040442d71019dd3dc
                  • Opcode Fuzzy Hash: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                  • Instruction Fuzzy Hash: CAD1E5729087818FC790CF29C48065AF7E1FFD9348F149A1EE9D9D3211E770EA998B42
                  Function 00155218 Relevance: .3, Instructions: 287COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f9a1a09792fe08e5297b8a4eea84afe7b2212f88bd305ab25166e09096886be6
                  • Instruction ID: e49881330af1730211b6fd64ad2b4349ed6fb39fe1a9b30fe05bd16ab2e61e0b
                  • Opcode Fuzzy Hash: f9a1a09792fe08e5297b8a4eea84afe7b2212f88bd305ab25166e09096886be6
                  • Instruction Fuzzy Hash: F7D1317AE2464ACFDB14CF58ECD0A7AB3B2FB89341F058538C71197B56C634AA50DB60
                  Function 001580B8 Relevance: .1, Instructions: 136COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b3012b51676e7f458d443a3e740a98c59bb7286e98c88d4d6486541732e8a0b4
                  • Instruction ID: 57304d35031efa67288f5b48b71e5bb4cc21cfaa2a07e00f428e441c35b4fb15
                  • Opcode Fuzzy Hash: b3012b51676e7f458d443a3e740a98c59bb7286e98c88d4d6486541732e8a0b4
                  • Instruction Fuzzy Hash: 1431042ABC6D06CAFF79E05086817F6A614A3107A3EEE015BCD7A3F5825F140C8F9756
                  Function 00154D03 Relevance: .1, Instructions: 77COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cd82799089856b6965674056bd0c096907c6bd101e02680852f238c5e5afe533
                  • Instruction ID: 052e6d76a503a8fff21dd91c7c6f3aa638a400326a650a9ea86599328a748e65
                  • Opcode Fuzzy Hash: cd82799089856b6965674056bd0c096907c6bd101e02680852f238c5e5afe533
                  • Instruction Fuzzy Hash: 65313876A21A06DFC328CF1AD884925F7B2FF9D311B15CA29C96987F51C730F990CA90
                  Function 001510BC Relevance: .0, Instructions: 37COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.2381666842.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
                  • Associated: 00000000.00000002.2381629811.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381707407.000000000016A000.00000002.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381750662.000000000016B000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381796412.0000000000174000.00000004.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381839446.0000000000176000.00000008.00000001.01000000.00000003.sdmpDownload File
                  • Associated: 00000000.00000002.2381923776.0000000000177000.00000002.00000001.01000000.00000003.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_150000_9gGB296kd4.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                  • Instruction ID: 26c7e54211510dd3ef339abacaf4fbe1ec6871777b550624da0a590e6a47d64d
                  • Opcode Fuzzy Hash: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                  • Instruction Fuzzy Hash: E9E04FBB20D3426FF928951174533A78387C380675E25849EF816DF1C0EF1BE8A56045

                  Execution Graph

                  Execution Coverage:32.4%
                  Dynamic/Decrypted Code Coverage:0%
                  Signature Coverage:1.3%
                  Total number of Nodes:160
                  Total number of Limit Nodes:1
                  execution_graph 890 403983 893 40389c 890->893 902 402a78 893->902 897 403903 932 4022dc 897->932 938 4028ba 902->938 904 402a9e 904->897 907 4026c0 904->907 905 402af0 CreateMutexW 905->904 952 4024f8 907->952 909 402729 909->897 913 402f18 909->913 910 4026e7 CreateFileW 910->909 911 40270b ReadFile 910->911 911->909 914 402f2e 913->914 914->914 956 40227c FindFirstFileExW 914->956 915 402f67 CreateFileW 917 402f57 915->917 920 402faf 915->920 916 402faa 919 4030c5 NtFreeVirtualMemory 916->919 921 4030ed 916->921 917->915 917->916 918 402fb4 NtAllocateVirtualMemory 918->920 927 402fe8 918->927 919->916 920->918 920->927 922 4030f3 NtClose 921->922 923 4030ff 921->923 922->923 958 402e10 923->958 925 40311f 925->897 926 40304b WriteFile 926->927 928 403068 SetFilePointerEx 926->928 927->916 927->926 929 403095 SetFilePointerEx 927->929 928->926 928->927 929->927 933 402303 932->933 934 402335 GetShortPathNameW 933->934 935 402330 27 API calls 933->935 934->935 936 40235e 934->936 936->935 937 40246d ShellExecuteW 936->937 937->935 939 4028dd 938->939 942 402760 CreateFileW 939->942 943 4027da 942->943 944 402797 942->944 945 402802 943->945 946 4027f6 NtClose 943->946 944->943 950 4020bc 944->950 945->904 945->905 946->945 947 4027b7 947->943 948 4027c0 ReadFile 947->948 948->943 951 4020c8 RtlAllocateHeap 950->951 951->947 953 402512 952->953 955 402760 4 API calls 953->955 954 402522 954->909 954->910 955->954 957 4022af 956->957 957->917 960 402e2e 958->960 959 402e37 DeleteFileW 959->925 960->959 960->960 961 402e7c MoveFileExW 960->961 961->959 961->960 962 403956 963 403963 962->963 964 403976 962->964 971 4019d4 963->971 1009 4016b4 971->1009 974 4016b4 9 API calls 975 4019f4 974->975 976 4016b4 9 API calls 975->976 977 401a05 976->977 978 4016b4 9 API calls 977->978 979 401a16 978->979 980 4016b4 9 API calls 979->980 981 401a27 980->981 982 4016b4 9 API calls 981->982 983 401a38 982->983 984 401b70 RtlCreateHeap 983->984 985 401ba6 RtlCreateHeap 984->985 995 401ba1 984->995 986 401bcb 985->986 985->995 986->995 1057 401a40 986->1057 988 401c03 989 401a40 RtlAllocateHeap 988->989 988->995 990 401c59 989->990 991 401a40 RtlAllocateHeap 990->991 990->995 992 401caf 991->992 993 401a40 RtlAllocateHeap 992->993 992->995 994 401d05 993->994 994->995 996 401a40 RtlAllocateHeap 994->996 1001 402812 995->1001 1005 402836 995->1005 997 401d55 996->997 997->995 1062 401d94 997->1062 998 401d7a 1065 401dc2 998->1065 1002 402836 1001->1002 1003 402850 RtlAdjustPrivilege 1002->1003 1004 40284e 1002->1004 1003->1002 1003->1004 1004->964 1006 402849 1005->1006 1007 402850 RtlAdjustPrivilege 1006->1007 1008 40284e 1006->1008 1007->1006 1007->1008 1008->964 1010 40176f 1009->1010 1011 4016cf 1009->1011 1010->974 1012 4016f5 NtAllocateVirtualMemory 1011->1012 1035 401000 1011->1035 1012->1010 1014 40172f NtAllocateVirtualMemory 1012->1014 1014->1010 1016 401752 1014->1016 1020 40152c 1016->1020 1018 40175f 1018->1010 1019 401000 3 API calls 1018->1019 1019->1018 1021 401540 1020->1021 1022 401558 1020->1022 1023 401000 3 API calls 1021->1023 1024 401000 3 API calls 1022->1024 1025 40157e 1022->1025 1023->1022 1024->1025 1026 401000 3 API calls 1025->1026 1029 4015a4 1025->1029 1026->1029 1027 4015ed FindFirstFileExW 1027->1029 1028 40166c 1028->1018 1029->1027 1029->1028 1030 401649 FindNextFileW 1029->1030 1031 40162a FindClose 1029->1031 1030->1029 1033 40165d FindClose 1030->1033 1043 401474 1031->1043 1033->1029 1034 401641 1034->1018 1036 401012 1035->1036 1037 40102a 1035->1037 1038 401000 3 API calls 1036->1038 1039 401000 3 API calls 1037->1039 1040 401050 1037->1040 1038->1037 1039->1040 1041 4010fb 1040->1041 1046 401394 1040->1046 1041->1012 1044 40148a 1043->1044 1045 4014b8 LdrLoadDll 1044->1045 1045->1034 1047 4013ee 1046->1047 1048 4013be 1046->1048 1047->1041 1048->1047 1049 401474 LdrLoadDll 1048->1049 1050 4013d2 1049->1050 1050->1047 1050->1050 1052 4014d8 1050->1052 1053 4014ee 1052->1053 1054 40150f LdrGetProcedureAddress 1052->1054 1056 4014fa LdrGetProcedureAddress 1053->1056 1055 401521 1054->1055 1055->1047 1056->1055 1058 401a5d RtlAllocateHeap 1057->1058 1059 401a79 1058->1059 1060 401a85 1058->1060 1059->988 1060->1058 1061 401b5b 1060->1061 1061->988 1063 401da8 NtSetInformationThread 1062->1063 1063->998 1066 401de9 1065->1066 1067 401e12 1066->1067 1068 401df2 NtProtectVirtualMemory 1066->1068 1067->995 1068->1067 1083 402126 1084 402141 1083->1084 1085 4020bc RtlAllocateHeap 1084->1085 1086 402158 1084->1086 1085->1086 1069 4019b7 1070 4019e0 1069->1070 1071 4016b4 9 API calls 1069->1071 1072 4016b4 9 API calls 1070->1072 1071->1070 1073 4019f4 1072->1073 1074 4016b4 9 API calls 1073->1074 1075 401a05 1074->1075 1076 4016b4 9 API calls 1075->1076 1077 401a16 1076->1077 1078 4016b4 9 API calls 1077->1078 1079 401a27 1078->1079 1080 4016b4 9 API calls 1079->1080 1081 401a38 1080->1081 1082 40286c NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess

                  Callgraph

                  • Executed
                  • Not Executed
                  • Opacity -> Relevance
                  • Disassembly available
                  callgraph 0 Function_004026C0 38 Function_004024F8 0->38 1 Function_00401A40 39 Function_00401E78 1->39 2 Function_00401DC2 3 Function_004024C2 4 Function_00402B44 5 Function_00403144 6 Function_00401FC8 7 Function_00401F4C 8 Function_0040204C 9 Function_00402B50 10 Function_00401350 71 Function_00401130 10->71 11 Function_00402ED0 12 Function_004024D4 13 Function_004019D4 76 Function_004016B4 13->76 14 Function_00403956 14->13 33 Function_00401B70 14->33 54 Function_00402812 14->54 78 Function_00402836 14->78 15 Function_00403258 16 Function_004014D8 81 Function_00401438 16->81 17 Function_00401FDB 18 Function_004022DC 19 Function_0040205C 20 Function_00401F5C 21 Function_004020DE 22 Function_00402760 83 Function_004020BC 22->83 23 Function_004031E0 24 Function_00402264 25 Function_00401EE4 26 Function_004032E4 27 Function_004032E8 28 Function_00401868 29 Function_0040286C 30 Function_00401F6C 31 Function_00401B6E 32 Function_00401FEF 33->1 33->2 55 Function_00401D94 33->55 34 Function_00401472 35 Function_00401474 41 Function_004013F8 35->41 36 Function_004013F6 37 Function_00402A78 82 Function_004028BA 37->82 38->22 62 Function_00401E28 39->62 40 Function_00403478 42 Function_0040227C 43 Function_0040217C 44 Function_00402BFC 45 Function_00401000 45->7 45->10 45->25 45->45 56 Function_00401394 45->56 73 Function_00401EB0 45->73 46 Function_00402D80 47 Function_00403983 60 Function_0040389C 47->60 48 Function_00402003 49 Function_00402104 50 Function_00402C88 51 Function_00402E10 52 Function_00401190 52->71 53 Function_00401911 56->16 56->35 57 Function_00402017 58 Function_00402F18 58->42 58->51 59 Function_00401F9A 60->0 60->18 60->37 60->58 61 Function_00402126 61->83 63 Function_00402DA8 64 Function_0040152A 65 Function_0040202A 66 Function_0040152C 66->19 66->25 66->35 66->45 67 Function_00401F2C 66->67 68 Function_004018AD 69 Function_0040362E 70 Function_00401EAE 72 Function_00403230 74 Function_00401FB1 75 Function_004016B2 76->39 76->45 76->66 77 Function_00402234 79 Function_00401436 80 Function_004019B7 80->76 82->22 84 Function_00401A3E

                  Executed Functions

                  Function 00403983 Relevance: 40.5, APIs: 27, Instructions: 32windowlibraryloaderCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: Text$Color$CreateWindow$Proc$CommandFontFreeHandleLibraryLineLoadMenuModule$AddressBitmapCharsetErrorExitInfoLastLocaleObjectProcessSelect
                  • String ID:
                  • API String ID: 3548022523-0
                  • Opcode ID: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                  • Instruction ID: 44f13d8dc4ada08d969f55db554330e9d88bd117b0c18836a0928b418f5903af
                  • Opcode Fuzzy Hash: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                  • Instruction Fuzzy Hash: 89F0B724B651416AC500BFFB9947A0D6E2C6E8472BB50657EB0C1344E74D3C87009EAF
                  Function 00402F18 Relevance: 12.2, APIs: 8, Instructions: 184filenativememoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 3 402f18-402f2b 4 402f2e-402f33 3->4 4->4 5 402f35-402f5b call 40227c 4->5 7 402f67-402f8c CreateFileW 5->7 8 402f5d-402f61 5->8 9 402f8e-402f96 7->9 10 402faf-402fb1 7->10 8->7 11 4030bb-4030bd 8->11 12 402f98-402fa6 9->12 13 402faa 9->13 14 402fb4-402fe0 NtAllocateVirtualMemory 10->14 15 4030c0-4030c3 11->15 12->13 27 402fa8 12->27 13->11 16 402fe2-402fed 14->16 17 402fe8 14->17 18 4030c5-4030e4 NtFreeVirtualMemory 15->18 19 4030e7-4030eb 15->19 28 403000-403003 16->28 29 402fef-402ffe 16->29 22 40301b-403020 17->22 18->19 19->15 23 4030ed-4030f1 19->23 26 403023-40302e 22->26 24 4030f3-4030fc NtClose 23->24 25 4030ff-40311d call 402e10 DeleteFileW 23->25 24->25 36 403126-40312a 25->36 37 40311f 25->37 30 403030-40303a 26->30 31 40303c 26->31 27->7 32 403015-403019 28->32 33 403005-403010 28->33 29->32 35 403041-403048 30->35 31->35 32->14 32->22 33->32 38 40304b-403064 WriteFile 35->38 39 403138-403141 36->39 40 40312c-403132 36->40 37->36 41 403066 38->41 42 403068-403088 SetFilePointerEx 38->42 40->39 43 40308a-403091 41->43 42->38 42->43 44 403093 43->44 45 403095-4030b6 SetFilePointerEx 43->45 44->11 45->26
                  APIs
                  • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,80000000,00000000), ref: 00402F82
                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004), ref: 00402FDB
                  • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000), ref: 0040305F
                  • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001), ref: 0040307E
                  • SetFilePointerEx.KERNELBASE(000000FF,00010000,00000000,00000000,00000000,?,00000000,00000001), ref: 004030B3
                  • NtFreeVirtualMemory.NTDLL(000000FF,00000000,00010000,00008000,?,00000000,00000001), ref: 004030E4
                  • NtClose.NTDLL(000000FF,?,00000000,00000001), ref: 004030FC
                  • DeleteFileW.KERNELBASE(?,?,00000000,00000001), ref: 00403118
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: File$MemoryPointerVirtual$AllocateCloseCreateDeleteFreeWrite
                  • String ID:
                  • API String ID: 590822095-0
                  • Opcode ID: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                  • Instruction ID: 1b8bdb635f3090c090aca30f1047892238d11e79f8ef36d2dcee79009cce4089
                  • Opcode Fuzzy Hash: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                  • Instruction Fuzzy Hash: ED714871901209AFDB11CF90DD48BEEBB79FB08311F204266E511B62D4D3759E85CF99
                  Function 0040152C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  • FindFirstFileExW.KERNELBASE(C:\Windows\System32\*.dll,00000000,?,00000000,00000000,00000000), ref: 00401601
                  • FindClose.KERNELBASE(000000FF,?,00000000), ref: 0040162D
                  • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00401653
                  • FindClose.KERNEL32(000000FF), ref: 00401660
                  Strings
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: Find$CloseFile$FirstNext
                  • String ID: C:\Windows\System32\*.dll
                  • API String ID: 1164774033-1305136377
                  • Opcode ID: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                  • Instruction ID: b8f602421e8d3e3309feb9384621a56ef9d54da146c7d7394d3b11ea37959a12
                  • Opcode Fuzzy Hash: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                  • Instruction Fuzzy Hash: 30418C71900608EFDB20AFA4DD48BAA77B4FB44325F608276E521BE1F0D7794A85DF48
                  Function 00402760 Relevance: 4.6, APIs: 3, Instructions: 62filenativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 82 402760-402795 CreateFileW 83 4027f0-4027f4 82->83 84 402797-4027a9 82->84 85 402802-40280b 83->85 86 4027f6-4027ff NtClose 83->86 84->83 88 4027ab-4027be call 4020bc 84->88 86->85 88->83 90 4027c0-4027d8 ReadFile 88->90 91 4027e4-4027ea 90->91 92 4027da-4027e2 90->92 91->83 92->83
                  APIs
                  • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040278B
                  • ReadFile.KERNELBASE(000000FF,00000000,00000000,00000000,00000000), ref: 004027D3
                  • NtClose.NTDLL(000000FF), ref: 004027FF
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: File$CloseCreateRead
                  • String ID:
                  • API String ID: 1419693385-0
                  • Opcode ID: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                  • Instruction ID: da411bd40fb0d6d878d2d447c4e829303a7e8bd202b0d35ae7576ead56d2946b
                  • Opcode Fuzzy Hash: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                  • Instruction Fuzzy Hash: CA211A35601209EBDB10CF94DD89B9EBB75FF08310F2082A5A510AB2E1D7719E51DF94
                  Function 0040286C Relevance: 4.5, APIs: 3, Instructions: 28nativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 94 40286c-4028b9 NtSetInformationProcess * 3
                  APIs
                  • NtSetInformationProcess.NTDLL(000000FF,00000021,?,00000004), ref: 00402888
                  • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002,?,00000004), ref: 0040289D
                  • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004,?,00000004), ref: 004028B5
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: InformationProcess
                  • String ID:
                  • API String ID: 1801817001-0
                  • Opcode ID: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                  • Instruction ID: 48adbd17ca007e7691ff2066b81a5959555298f4bd9a539b6f325b5cfe831ef7
                  • Opcode Fuzzy Hash: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                  • Instruction Fuzzy Hash: 2BF0F871141610EBEB15DB84DDC9F9637A8FB09720F2403A1F2319E1E6D3B0A484CF96
                  Function 00401DC2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38nativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 95 401dc2-401df0 97 401e21-401e27 95->97 98 401df2-401e10 NtProtectVirtualMemory 95->98 98->97 99 401e12-401e1f 98->99 99->97
                  APIs
                  • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?), ref: 00401E0B
                  Strings
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: MemoryProtectVirtual
                  • String ID:
                  • API String ID: 2706961497-3916222277
                  • Opcode ID: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                  • Instruction ID: 836d3446d31acb3b31e0b6cd8f4ee088cd02c28435d2c0c4ff934eaabbb3754d
                  • Opcode Fuzzy Hash: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                  • Instruction Fuzzy Hash: 72F03176500109ABDB00CF95D988BDFB7BCEB44324F2042A9EA14A72D1D7355E458B94
                  Function 004016B4 Relevance: 3.1, APIs: 2, Instructions: 130memorynativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 180 4016b4-4016c9 181 401859-401862 180->181 182 4016cf-4016d6 180->182 183 4016f5-401729 NtAllocateVirtualMemory 182->183 184 4016d8-4016f0 call 401000 182->184 183->181 186 40172f-40174c NtAllocateVirtualMemory 183->186 184->183 186->181 188 401752-40175a call 40152c 186->188 190 40175f-401761 188->190 190->181 191 401767-40176d 190->191 192 401774-401781 call 401000 191->192 193 40176f 191->193 196 401851-401854 192->196 197 401787-401798 call 401e78 192->197 193->181 196->191 200 4017c9-4017cc 197->200 201 40179a-4017c4 call 401e78 197->201 203 4017fa-4017fd 200->203 204 4017ce-4017f8 call 401e78 200->204 201->196 205 401815-401818 203->205 206 4017ff-401813 203->206 204->196 210 401830-401833 205->210 211 40181a-40182e 205->211 206->196 210->196 212 401835-40184b 210->212 211->196 212->196
                  APIs
                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,?,00103000,00000040), ref: 0040171F
                  • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00000000,00103000,00000004), ref: 00401742
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: AllocateMemoryVirtual
                  • String ID:
                  • API String ID: 2167126740-0
                  • Opcode ID: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                  • Instruction ID: ad4b5e7ce53ce887a57ee0cc443bca07838dd3003dcb7b2c4dfa2ad75add82e8
                  • Opcode Fuzzy Hash: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                  • Instruction Fuzzy Hash: E3416031904204DADF10EF58C884B9AB7A4FF05314F14C1BAE919EF2E6D7788A41CB6A
                  Function 0040227C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 288 40227c-4022ad FindFirstFileExW 289 4022d2-4022d8 288->289 290 4022af-4022cf 288->290 290->289
                  APIs
                  • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004022A4
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: FileFindFirst
                  • String ID:
                  • API String ID: 1974802433-0
                  • Opcode ID: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                  • Instruction ID: 55f0629c3eadcc188d8749e42e063c0b49bca1bc4f8f265f590f61ae6da82bee
                  • Opcode Fuzzy Hash: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                  • Instruction Fuzzy Hash: BBF0C974902608EFDB10DF94CD49B9DFBB4EB48310F2082A5A918AB2A0D7715E91CF84
                  Function 00401D94 Relevance: 1.5, APIs: 1, Instructions: 19nativethreadCOMMON
                  Download Yara Rule
                  APIs
                  • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000), ref: 00401DBB
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: InformationThread
                  • String ID:
                  • API String ID: 4046476035-0
                  • Opcode ID: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                  • Instruction ID: 482b214da63c1bafeb7c1bb62a0bbbc62c262419b9af6fea3894fce228737229
                  • Opcode Fuzzy Hash: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                  • Instruction Fuzzy Hash: FEE05E329A020DAFD710DB50DC45FBB376DEB55311F508236B5029A1E0D6B8F891DA98
                  Function 00401B70 Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 100 401b70-401b9f RtlCreateHeap 101 401ba1 100->101 102 401ba6-401bc4 RtlCreateHeap 100->102 103 401d8a-401d90 101->103 104 401bc6 102->104 105 401bcb-401be7 102->105 104->103 107 401be9 105->107 108 401bee-401c05 call 401a40 105->108 107->103 111 401c07 108->111 112 401c0c-401c3d 108->112 111->103 115 401c44-401c5b call 401a40 112->115 116 401c3f 112->116 119 401c62-401c93 115->119 120 401c5d 115->120 116->103 123 401c95 119->123 124 401c9a-401cb1 call 401a40 119->124 120->103 123->103 127 401cb3 124->127 128 401cb8-401ce9 124->128 127->103 131 401cf0-401d07 call 401a40 128->131 132 401ceb 128->132 135 401d09 131->135 136 401d0b-401d3c 131->136 132->103 135->103 139 401d40-401d57 call 401a40 136->139 140 401d3e 136->140 143 401d59 139->143 144 401d5b-401d80 call 401d94 call 401dc2 139->144 140->103 143->103 147 401d83 144->147 147->103
                  APIs
                  • RtlCreateHeap.NTDLL(00001002,00000000,00000000,00000000,00000000,00000000), ref: 00401B96
                  • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000), ref: 00401BBB
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: CreateHeap
                  • String ID:
                  • API String ID: 10892065-0
                  • Opcode ID: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                  • Instruction ID: eac1ce902914894448f3c06d12ced00cbe17960004271ddceb971b2a38276b5e
                  • Opcode Fuzzy Hash: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                  • Instruction Fuzzy Hash: 34513034A80A04FBD7109B60ED09B5B7770FF18701F2086BAE6117A2F1D775A5859F8D
                  Function 004022DC Relevance: 3.1, APIs: 2, Instructions: 133COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 150 4022dc-40232e 154 402330 150->154 155 402335-402347 GetShortPathNameW 150->155 156 402483-402487 154->156 157 402349-402359 155->157 158 40235e-402380 155->158 159 402495-402499 156->159 160 402489-40248f 156->160 157->156 168 402382 158->168 169 402387-402425 158->169 163 4024a7-4024ab 159->163 164 40249b-4024a1 159->164 160->159 165 4024b9-4024bf 163->165 166 4024ad-4024b3 163->166 164->163 166->165 168->156 175 402427 169->175 176 402429-402481 ShellExecuteW 169->176 175->156 176->156
                  APIs
                  • GetShortPathNameW.KERNELBASE(00000000,00000000,?), ref: 00402340
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: NamePathShort
                  • String ID:
                  • API String ID: 1295925010-0
                  • Opcode ID: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                  • Instruction ID: 5bcac900e59d09c9622bdf940851d370624af246baed8abb1bc217228d1f7e1b
                  • Opcode Fuzzy Hash: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                  • Instruction Fuzzy Hash: B6514E75900606EFDB00DF90E948B9EFB71FF48301F2082A9E6156B2A1C375AA91DFC5
                  Function 004026C0 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 213 4026c0-4026e5 call 4024f8 215 402730-402734 213->215 216 4026e7-402709 CreateFileW 213->216 218 402742-402746 215->218 219 402736-40273c 215->219 216->215 217 40270b-402727 ReadFile 216->217 217->215 220 402729 217->220 221 402754-40275a 218->221 222 402748-40274e 218->222 219->218 220->215 222->221
                  APIs
                  • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004026FF
                  • ReadFile.KERNELBASE(000000FF,000000FF,0000021C,?,00000000), ref: 00402722
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: File$CreateRead
                  • String ID:
                  • API String ID: 3388366904-0
                  • Opcode ID: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                  • Instruction ID: dec784d2d3492f4c007a4c80bb83cd8b4abde05e7af7cfb80cb91198c32a9eba
                  • Opcode Fuzzy Hash: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                  • Instruction Fuzzy Hash: 7511D774910209EFDB10DF94DD48B9FBBB5FB08311F2046A9A524B62E1D7B15A91CF84
                  Function 00401A40 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 224 401a40-401a5a 225 401a5d-401a77 RtlAllocateHeap 224->225 226 401a85-401a94 call 401e78 225->226 227 401a79-401a82 225->227 230 401ac5-401ac8 226->230 231 401a96-401ac0 call 401e78 226->231 233 401af6-401af9 230->233 234 401aca-401af4 call 401e78 230->234 239 401b4d-401b55 231->239 237 401b11-401b14 233->237 238 401afb-401b0f 233->238 234->239 241 401b16-401b2a 237->241 242 401b2c-401b2f 237->242 238->239 239->225 243 401b5b-401b6b 239->243 241->239 242->239 244 401b31-401b47 242->244 244->239
                  APIs
                  • RtlAllocateHeap.NTDLL(00000000,00000008,00000010), ref: 00401A6D
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                  • Instruction ID: 68c0462a3af62cc3e50a8e225ecc1fff045641083c52707b2e4de1a33f1d8fac
                  • Opcode Fuzzy Hash: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                  • Instruction Fuzzy Hash: 9F316935A14308DFDB10CF99C488E99F7F1BF24320F15D0AAD508AB2B2D7B59950DB4A
                  Function 00402E10 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 245 402e10-402e35 247 402e37 245->247 248 402e39-402e4e 245->248 249 402eab-402eb7 247->249 253 402e50 248->253 254 402e52-402e57 248->254 250 402ec5-402eca 249->250 251 402eb9-402ebf 249->251 251->250 253->249 255 402e5c-402e6d 254->255 257 402e70-402e7a 255->257 257->257 258 402e7c-402e8f MoveFileExW 257->258 259 402e91 258->259 260 402e93-402ea9 258->260 259->249 260->249 260->255
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                  • Instruction ID: 64be472d3da9365df722bb42b6a14b0a0006b9682bbf08d732ce7ada7e71b141
                  • Opcode Fuzzy Hash: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                  • Instruction Fuzzy Hash: 8A214C71940208EFDB109F90DE49B9ABB71FF18301F2081BAE505AA2E1D3759E91DF89
                  Function 00402A78 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 262 402a78-402a9c call 4028ba 264 402aa3-402ac2 262->264 265 402a9e 262->265 270 402ac4-402ad3 264->270 271 402ad5-402ae0 264->271 266 402b28-402b2c 265->266 267 402b3a-402b40 266->267 268 402b2e-402b34 266->268 268->267 270->266 274 402ae2-402ae8 271->274 275 402aea 271->275 276 402af0-402b1f CreateMutexW 274->276 275->276 276->266 277 402b21 276->277 277->266
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                  • Instruction ID: 5f31ce468cef0475a522e9655e813cee8f96e501922e94d34a843d9ecc1c4f5f
                  • Opcode Fuzzy Hash: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                  • Instruction Fuzzy Hash: A921F974901608EFDB00CF90EA8C79EBB71FF08301F6045A9E5017A2A0D7B95A85DF89
                  Function 00401474 Relevance: 1.5, APIs: 1, Instructions: 38libraryloaderCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 279 401474-401488 280 40148a-40148d 279->280 281 4014ac-4014b3 call 4013f8 279->281 282 401493-401498 280->282 285 4014b8-4014d2 LdrLoadDll 281->285 282->282 284 40149a-4014aa call 4013f8 282->284 284->285
                  APIs
                  • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 004014C4
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: Load
                  • String ID:
                  • API String ID: 2234796835-0
                  • Opcode ID: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                  • Instruction ID: 140de97a3c31e0856ca0b204e221eb1e366fb0b1d4fd9a07ba92ba20ce5f8dd4
                  • Opcode Fuzzy Hash: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                  • Instruction Fuzzy Hash: F7F03C3690020DFADF10EAA4D848FDE77BCEB14314F0041A6E904B7190D238AA099BA5
                  Function 00402836 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                  Download Yara Rule
                  APIs
                  • RtlAdjustPrivilege.NTDLL(?,00000001,00000000,00000000), ref: 00402861
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: AdjustPrivilege
                  • String ID:
                  • API String ID: 3260937286-0
                  • Opcode ID: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                  • Instruction ID: 70193a9dbc7aa9cd3770003b3bb97339f6e2972f30e24310785a39762e1cef45
                  • Opcode Fuzzy Hash: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                  • Instruction Fuzzy Hash: B9E0263251821AABCB20A2189E0CBA7739DD744314F1043B6A805F71D1EAF69A0A87DA
                  Function 004020BC Relevance: 1.5, APIs: 1, Instructions: 12memoryCOMMON
                  Download Yara Rule
                  APIs
                  • RtlAllocateHeap.NTDLL(?,00000008,?), ref: 004020D7
                  Memory Dump Source
                  • Source File: 00000004.00000002.2388345144.0000000000401000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000004.00000002.2388301368.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388379475.0000000000404000.00000002.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388418416.0000000000405000.00000004.00000001.01000000.00000005.sdmpDownload File
                  • Associated: 00000004.00000002.2388471340.0000000000406000.00000002.00000001.01000000.00000005.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_4_2_400000_C344.jbxd
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                  • Instruction ID: 701e22a529f931561d5ec47da2ef603e250127bb9ab3ab4db12cbc5835053477
                  • Opcode Fuzzy Hash: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                  • Instruction Fuzzy Hash: 05D0C97A140609ABC6009F94E949D87F769FF58711B00C6A1BA045B222C630E890CFD4