Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LBB.exe

Overview

General Information

Sample name:LBB.exe
Analysis ID:1473023
MD5:827fd84e6c235dbb400442390a538441
SHA1:f88eafeeb71837534f32d7de483497d8d74fb279
SHA256:7de7ce42cde20847749fa5bc4048cf5cacec8c2bf49169d7d262ea38630640ea
Tags:exeRansomware
Infos:

Detection

LockBit ransomware
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected LockBit ransomware
AI detected suspicious sample
Changes the wallpaper picture
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Deletes itself after installation
Found Tor onion address
Found potential ransomware demand text
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Writes to foreign memory regions
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Potentially Suspicious Desktop Background Change Via Registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • LBB.exe (PID: 7328 cmdline: "C:\Users\user\Desktop\LBB.exe" MD5: 827FD84E6C235DBB400442390A538441)
    • 1EB6.tmp (PID: 7744 cmdline: "C:\ProgramData\1EB6.tmp" MD5: 294E9F64CB1642DD89229FFF0592856B)
      • cmd.exe (PID: 1908 cmdline: "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\1EB6.tmp >> NUL MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 4408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
{"URL": "http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion", "Ransom Note": "\r\n~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~\r\n\r\n>>>>> Your data is stolen and encrypted.\r\n\r\nBLOG Tor Browser Links:\r\nhttp://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/\r\nhttp://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/\r\nhttp://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/\r\nhttp://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/\r\nhttp://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/\r\nhttp://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/\r\nhttp://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/\r\n\r\n>>>>> What guarantee is there that we won't cheat you? \r\nWe are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situation simply as a paid training session for your system administrators, because it was the misconfiguration of your corporate network that allowed us to attack you. Our pentesting services should be paid for the same way you pay your system administrators salaries. You can get more information about us on Ilon Musk's Twitter https://twitter.com/hashtag/lockbit?f=live\r\n \r\n>>>>> You need to contact us on TOR darknet sites with your personal ID\r\n\r\nDownload and install Tor Browser https://www.torproject.org/\r\nWrite to the chat room and wait for an answer, we'll guarantee a response from us. If you need a unique ID for correspondence with us that no one will know about, ask it in the chat, we will generate a secret chat for you and give you his ID via private one-time memos service, no one can find out this ID but you. Sometimes you will have to wait some time for our reply, this is because we have a lot of work and we attack hundreds of companies around the world.\r\n\r\nTor Browser personal link for CHAT available only to you (available during a ddos attack): \r\n\r\n\r\nTor Browser Links for CHAT (sometimes unavailable due to ddos attacks):\r\nhttp://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion\r\nhttp://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion\r\nhttp://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion\r\nhttp://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion\r\nhttp://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion\r\nhttp://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion\r\nhttp://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion\r\n\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n>> Your personal Black ID: 0B4A03D462BADECEA17AD5946A9F7CB1 <<\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n\r\n>>>>> Warning! Do not delete or modify encrypted files, it will lead to problems with decryption of files!\r\n\r\n>>>>> Don't go to the police or the FBI for help and don't tell anyone that we attacked you. "}
SourceRuleDescriptionAuthorStrings
LBB.exeJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
    LBB.exeWindows_Ransomware_Lockbit_369e1e94unknownunknown
    • 0x1a21d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
    • 0x4b0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
    SourceRuleDescriptionAuthorStrings
    C:\$WinREAgent\Scratch\bMHeBJMks.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
      C:\$WinREAgent\Scratch\bMHeBJMks.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
        C:\$WinREAgent\Scratch\bMHeBJMks.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
          C:\$WinREAgent\Scratch\bMHeBJMks.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
            C:\$WinREAgent\Scratch\bMHeBJMks.README.txtJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
              Click to see the 36 entries
              SourceRuleDescriptionAuthorStrings
              00000000.00000000.1656749006.00000000004A1000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                00000000.00000000.1656749006.00000000004A1000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
                • 0x1a41d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
                • 0xb0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
                00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                  00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                    00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
                    • 0x1a41d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
                    • 0xb0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
                    Click to see the 5 entries
                    SourceRuleDescriptionAuthorStrings
                    0.0.LBB.exe.4a0000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                      0.0.LBB.exe.4a0000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
                      • 0x1a21d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
                      • 0x4b0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
                      0.2.LBB.exe.4a0000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
                        0.2.LBB.exe.4a0000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
                        • 0x1a21d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
                        • 0x4b0:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...

                        System Summary

                        barindex
                        Source: Registry Key setAuthor: Nasreddine Bencherchali (Nextron Systems), Stephen Lincoln @slincoln-aiq (AttackIQ): Data: Details: C:\ProgramData\bMHeBJMks.bmp, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\LBB.exe, ProcessId: 7328, TargetObject: HKEY_CURRENT_USER\Control Panel\Desktop\WallPaper
                        No Snort rule has matched

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Source: LBB.exeAvira: detected
                        Source: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/Avira URL Cloud: Label: malware
                        Source: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/Avira URL Cloud: Label: malware
                        Source: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/Avira URL Cloud: Label: malware
                        Source: C:\ProgramData\1EB6.tmpAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
                        Source: bMHeBJMks.README.txt24.0.drMalware Configuration Extractor: Lockbit {"URL": "http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion", "Ransom Note": "\r\n~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~\r\n\r\n>>>>> Your data is stolen and encrypted.\r\n\r\nBLOG Tor Browser Links:\r\nhttp://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/\r\nhttp://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/\r\nhttp://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/\r\nhttp://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/\r\nhttp://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/\r\nhttp://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/\r\nhttp://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/\r\n\r\n>>>>> What guarantee is there that we won't cheat you? \r\nWe are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situation simply as a paid training session for your system administrators, because it was the misconfiguration of your corporate network that allowed us to attack you. Our pentesting services should be paid for the same way you pay your system administrators salaries. You can get more information about us on Ilon Musk's Twitter https://twitter.com/hashtag/lockbit?f=live\r\n \r\n>>>>> You need to contact us on TOR darknet sites with your personal ID\r\n\r\nDownload and install Tor Browser https://www.torproject.org/\r\nWrite to the chat room and wait for an answer, we'll guarantee a response from us. If you need a unique ID for correspondence with us that no one will know about, ask it in the chat, we will generate a secret chat for you and give you his ID via private one-time memos service, no one can find out this ID but you. Sometimes you will have to wait some time for our reply, this is because we have a lot of work and we attack hundreds of companies around the world.\r\n\r\nTor Browser personal link for CHAT available only to you (available during a ddos attack): \r\n\r\n\r\nTor Browser Links for CHAT (sometimes unavailable due to ddos attacks):\r\nhttp://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion\r\nhttp://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion\r\nhttp://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion\r\nhttp://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion\r\nhttp://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion\r\nhttp://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion\r\nhttp://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion\r\n\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n>> Your personal Black ID: 0B4A03D462BADECEA17AD5946A9F7CB1 <<\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
                        Source: C:\ProgramData\1EB6.tmpReversingLabs: Detection: 91%
                        Source: LBB.exeReversingLabs: Detection: 86%
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Source: C:\ProgramData\1EB6.tmpJoe Sandbox ML: detected
                        Source: LBB.exeJoe Sandbox ML: detected
                        Source: LBB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Videos\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Searches\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Saved Games\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Recent\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Pictures\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Pictures\Saved Pictures\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Pictures\Camera Roll\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\OneDrive\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Music\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Links\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Favorites\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Favorites\Links\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Downloads\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\VLZDGUKUTZ\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\VAMYDFPUND\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\UMMBDNEQBN\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\RAYHIWGKDI\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\ONBQCLYSPU\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\NWTVCDUMOB\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\NIKHQAIQAU\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\MXPXCVPDVN\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\LTKMYBSEYZ\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\VLZDGUKUTZ\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\VAMYDFPUND\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\UMMBDNEQBN\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\RAYHIWGKDI\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\ONBQCLYSPU\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\NWTVCDUMOB\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\NIKHQAIQAU\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\MXPXCVPDVN\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\LTKMYBSEYZ\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Contacts\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\3D Objects\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\.ms-ad\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\$WinREAgent\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\$WinREAgent\Scratch\bMHeBJMks.README.txtJump to behavior
                        Source: LBB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A9400 FindFirstFileExW,FindClose,0_2_004A9400
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A94DC FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_004A94DC
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004B0DD4 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_004B0DD4
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A7AA0 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_004A7AA0
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004ABEB4 FindFirstFileExW,FindClose,0_2_004ABEB4
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A932C FindFirstFileExW,FindNextFileW,0_2_004A932C
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_0040227C FindFirstFileExW,3_2_0040227C
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,3_2_0040152C
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A92D8 GetLogicalDriveStringsW,GetDriveTypeW,0_2_004A92D8

                        Networking

                        barindex
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: LBB.exe, 00000000.00000002.1747982315.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000002.1747982315.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: bMHeBJMks.README.txt27.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: bMHeBJMks.README.txt27.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: bMHeBJMks.README.txt27.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: bMHeBJMks.README.txt27.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: bMHeBJMks.README.txt27.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: bMHeBJMks.README.txt27.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: bMHeBJMks.README.txt27.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: bMHeBJMks.README.txt27.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1675127376.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://locNTUSER.DATkl4kul
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drString found in binary or memory: http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000002.1747982315.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drString found in binary or memory: http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000002.1747982315.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.drString found in binary or memory: http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.drString found in binary or memory: https://twitter.com/hashtag/lockbit?f=live
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.drString found in binary or memory: https://www.torproject.org/

                        Spam, unwanted Advertisements and Ransom Demands

                        barindex
                        Source: C:\Users\user\Documents\RAYHIWGKDI\bMHeBJMks.README.txtDropped file: ~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~>>>>> Your data is stolen and encrypted.BLOG Tor Browser Links:http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/>>>>> What guarantee is there that we won't cheat you? We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situation simply as a paid training session for your system administrators, because it was the misconfiguration of your corporate network that allowed us to attack you. Our pentesting services should be paid for the same way you pay your system administrators salaries. You can get more information about us on Ilon Musk's Twitter https://twitter.com/hashtag/lockbit?f=live >>>>> You need to contact us on TOR darknet sites with your personal IDDownload and install Tor Browser https://www.torproject.org/Write to the chat room and wait for an answer, we'll guarantee a response from us. If you need a unique ID for correspondence with us that no one will know about, ask it in the chat, we will generate a secret chat for you and give you his ID via private one-time memos service, no one can find out this ID but you. Sometimes you will have to wait some time for our reply, this is because we have a lot of work and we attack hundreds of companies around the world.Tor Browser personal link for CHAT available only to you (available during a ddos attack): Tor Browser Links for CHAT (sometimes unavailable due to ddos attacks):http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onionhttp://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onionhttp://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onionhttp://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onionhttp://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onionhttp://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onionhttp://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Your personal Black ID: 0B4A03D462BADECEA17AD5946A9F7CB1 <<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Warning! Do not delete or modify encrypted files, it will lead to problems with decryption of files!>>>>> Don't go to the police or the FBI for help Jump to dropped file
                        Source: Yara matchFile source: LBB.exe, type: SAMPLE
                        Source: Yara matchFile source: 0.0.LBB.exe.4a0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.LBB.exe.4a0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000000.1656749006.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: LBB.exe PID: 7328, type: MEMORYSTR
                        Source: Yara matchFile source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, type: DROPPED
                        Source: C:\Users\user\Desktop\LBB.exeKey value created or modified: HKEY_CURRENT_USER\Control Panel\Desktop WallPaper C:\ProgramData\bMHeBJMks.bmpJump to behavior
                        Source: LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: LBB.exe, 00000000.00000002.1747982315.0000000000CEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
                        Source: LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt24.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt29.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt9.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt5.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt10.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt18.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt26.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt21.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt20.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt12.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt0.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt17.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt7.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt34.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt30.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt28.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt16.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt1.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt22.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt36.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt14.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt19.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt6.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt2.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt38.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt8.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt33.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt27.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt25.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt39.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt35.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt32.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt11.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt15.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt23.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt31.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt4.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt13.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt37.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: bMHeBJMks.README.txt3.0.drString found in binary or memory : >>>>> Your data is stolen and encrypted.
                        Source: C:\Users\user\Desktop\LBB.exeFile moved: C:\Users\user\Desktop\KATAXZVCPS.jpgJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile moved: C:\Users\user\Desktop\VLZDGUKUTZ.docxJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile moved: C:\Users\user\Desktop\CURQNKVOIX.mp3Jump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile moved: C:\Users\user\Desktop\ONBQCLYSPU\ONBQCLYSPU.docxJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile moved: C:\Users\user\Desktop\UMMBDNEQBN\WUTJSCBCFX.pdfJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Documents\RAYHIWGKDI\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Documents\ONBQCLYSPU\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Documents\NWTVCDUMOB\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Documents\NIKHQAIQAU\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Videos\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Documents\MXPXCVPDVN\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Searches\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Saved Games\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Recent\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile dropped: C:\Users\user\Pictures\bMHeBJMks.README.txt -> decryption of files!>>>>> don't go to the police or the fbi for help and don't tell anyone that we attacked you. Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\LBB.exe entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\AAAAAAA (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\BBBBBBB (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\CCCCCCC (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\DDDDDDD (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\EEEEEEE (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\FFFFFFF (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\GGGGGGG (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\HHHHHHH (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\IIIIIII (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\JJJJJJJ (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\KKKKKKK (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\LLLLLLL (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\MMMMMMM (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\NNNNNNN (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\OOOOOOO (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\PPPPPPP (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\QQQQQQQ (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\RRRRRRR (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\SSSSSSS (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\TTTTTTT (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\UUUUUUU (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\VVVVVVV (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\WWWWWWW (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\XXXXXXX (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\YYYYYYY (copy) entropy: 7.99699941124Jump to dropped file
                        Source: C:\ProgramData\1EB6.tmpFile created: C:\Users\user\Desktop\ZZZZZZZ (copy) entropy: 7.99699941124Jump to dropped file

                        System Summary

                        barindex
                        Source: LBB.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: 0.0.LBB.exe.4a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: 0.2.LBB.exe.4a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: 00000000.00000000.1656749006.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AFC5C SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,0_2_004AFC5C
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A84CC CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,0_2_004A84CC
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A9C88 NtQuerySystemInformation,Sleep,0_2_004A9C88
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AD494 NtQueryInformationToken,0_2_004AD494
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AE0AC CreateFileW,WriteFile,WriteFile,WriteFile,WriteFile,NtClose,0_2_004AE0AC
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AD554 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,0_2_004AD554
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AD1E0 NtSetInformationThread,NtClose,0_2_004AD1E0
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AB5FC NtQuerySystemInformation,0_2_004AB5FC
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AAD98 RtlAdjustPrivilege,NtSetInformationThread,0_2_004AAD98
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AFA44 NtTerminateProcess,0_2_004AFA44
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AD264 NtSetInformationThread,0_2_004AD264
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AE218 CreateFileW,WriteFile,RegCreateKeyExW,RegSetValueExW,RegCreateKeyExW,RegSetValueExW,SHChangeNotify,NtClose,0_2_004AE218
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A9EE8 NtQueryDefaultUILanguage,0_2_004A9EE8
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A8AFC NtQueryInformationToken,0_2_004A8AFC
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AD290 NtProtectVirtualMemory,0_2_004AD290
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AB6A4 NtClose,0_2_004AB6A4
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004B8B04 CreateThread,CreateThread,NtTerminateThread,CreateThread,0_2_004B8B04
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AFFD0 CreateThread,NtClose,0_2_004AFFD0
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004B1F84 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtDuplicateObject,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_004B1F84
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A9CD3 NtQuerySystemInformation,Sleep,0_2_004A9CD3
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A9CBA NtQuerySystemInformation,Sleep,0_2_004A9CBA
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AAD96 RtlAdjustPrivilege,NtSetInformationThread,0_2_004AAD96
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AB64E NtQuerySystemInformation,0_2_004AB64E
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AB635 NtQuerySystemInformation,0_2_004AB635
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_00402760 CreateFileW,ReadFile,NtClose,3_2_00402760
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,3_2_0040286C
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_00403478 SetThreadPriority,WriteFile,SetFilePointerEx,SetEndOfFile,NtClose,3_2_00403478
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,3_2_00402F18
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_0040362E GetLogicalDriveStringsW,GetDriveTypeW,CreateThread,NtClose,Sleep,RemoveDirectoryW,3_2_0040362E
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_00401DC2 NtProtectVirtualMemory,3_2_00401DC2
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_004031E0 NtClose,3_2_004031E0
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_00401D94 NtSetInformationThread,3_2_00401D94
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory,3_2_004016B4
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AC4AC: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,0_2_004AC4AC
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A9EE80_2_004A9EE8
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A70940_2_004A7094
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004B03680_2_004B0368
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A6B7F0_2_004A6B7F
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A6B840_2_004A6B84
                        Source: Joe Sandbox ViewDropped File: C:\ProgramData\1EB6.tmp 917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
                        Source: C:\Users\user\Desktop\LBB.exeProcess token adjusted: SecurityJump to behavior
                        Source: LBB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: LBB.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: 0.0.LBB.exe.4a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: 0.2.LBB.exe.4a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: 00000000.00000000.1656749006.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
                        Source: 1EB6.tmp.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: LBB.exe, 00000000.00000003.1659897261.0000000000CDB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: oxQ.SLN
                        Source: classification engineClassification label: mal100.rans.evad.winEXE@6/259@0/0
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_004032E8 SetThreadPriority,GetDiskFreeSpaceW,GetDiskFreeSpaceExW,GetTempFileNameW,CreateFileW,DeviceIoControl,CreateIoCompletionPort,3_2_004032E8
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4408:120:WilError_03
                        Source: C:\ProgramData\1EB6.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
                        Source: C:\Users\user\Desktop\LBB.exeMutant created: \Sessions\1\BaseNamedObjects\Global\a17c24f30f1de6ac8ace3ee49e811f24
                        Source: C:\ProgramData\1EB6.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: LBB.exeReversingLabs: Detection: 86%
                        Source: unknownProcess created: C:\Users\user\Desktop\LBB.exe "C:\Users\user\Desktop\LBB.exe"
                        Source: C:\Users\user\Desktop\LBB.exeProcess created: C:\ProgramData\1EB6.tmp "C:\ProgramData\1EB6.tmp"
                        Source: C:\ProgramData\1EB6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\1EB6.tmp >> NUL
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\LBB.exeProcess created: C:\ProgramData\1EB6.tmp "C:\ProgramData\1EB6.tmp"Jump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\1EB6.tmp >> NULJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: wtsapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: netapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: samcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: logoncli.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: activeds.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: adsldpc.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: wsock32.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: gpedit.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: dssec.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: dsuiext.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: dsrole.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: ntdsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: authz.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: adsldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeSection loaded: textshaping.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: apphelp.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: ncrypt.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: ntasn1.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: windows.storage.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: wldp.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: uxtheme.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: propsys.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: profapi.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: edputil.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: urlmon.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: iertutil.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: srvcli.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: netutils.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: sspicli.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: wintypes.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: appresolver.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: slc.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: userenv.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: sppc.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\ProgramData\1EB6.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.iniJump to behavior
                        Source: LBB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Source: LBB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: LBB.exeStatic PE information: real checksum: 0x2726e should be: 0x35553
                        Source: 1EB6.tmp.0.drStatic PE information: real checksum: 0x8fd0 should be: 0x4f26
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A544F push 0000006Ah; retf 0_2_004A54C0
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A5451 push 0000006Ah; retf 0_2_004A54C0
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A53E7 push 0000006Ah; retf 0_2_004A54C0
                        Source: 1EB6.tmp.0.drStatic PE information: section name: .text entropy: 7.985216639497568
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\ProgramData\1EB6.tmpJump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\ProgramData\1EB6.tmpJump to dropped file
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Videos\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Searches\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Saved Games\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Recent\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Pictures\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Pictures\Saved Pictures\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Pictures\Camera Roll\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\OneDrive\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Music\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Links\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Favorites\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Favorites\Links\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Downloads\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\VLZDGUKUTZ\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\VAMYDFPUND\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\UMMBDNEQBN\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\RAYHIWGKDI\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\ONBQCLYSPU\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\NWTVCDUMOB\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\NIKHQAIQAU\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\MXPXCVPDVN\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Documents\LTKMYBSEYZ\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\VLZDGUKUTZ\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\VAMYDFPUND\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\UMMBDNEQBN\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\RAYHIWGKDI\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\ONBQCLYSPU\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\NWTVCDUMOB\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\NIKHQAIQAU\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\MXPXCVPDVN\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Desktop\LTKMYBSEYZ\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\Contacts\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\3D Objects\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\Users\user\.ms-ad\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\$WinREAgent\bMHeBJMks.README.txtJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeFile created: C:\$WinREAgent\Scratch\bMHeBJMks.README.txtJump to behavior

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Source: C:\ProgramData\1EB6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\1EB6.tmp >> NUL
                        Source: C:\ProgramData\1EB6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\1EB6.tmp >> NULJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004AAFF8 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,0_2_004AAFF8
                        Source: C:\Users\user\Desktop\LBB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A10B0 0_2_004A10B0
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_00401E28 3_2_00401E28
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A10B0 rdtsc 0_2_004A10B0
                        Source: C:\ProgramData\1EB6.tmp TID: 7748Thread sleep count: 106 > 30Jump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\ProgramData\1EB6.tmpFile Volume queried: C:\1BB1D848 FullSizeInformationJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A9400 FindFirstFileExW,FindClose,0_2_004A9400
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A94DC FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_004A94DC
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004B0DD4 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_004B0DD4
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A7AA0 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_004A7AA0
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004ABEB4 FindFirstFileExW,FindClose,0_2_004ABEB4
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A932C FindFirstFileExW,FindNextFileW,0_2_004A932C
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_0040227C FindFirstFileExW,3_2_0040227C
                        Source: C:\ProgramData\1EB6.tmpCode function: 3_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,3_2_0040152C
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A92D8 GetLogicalDriveStringsW,GetDriveTypeW,0_2_004A92D8
                        Source: LBB.exe, 00000000.00000003.1710029805.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1710007240.0000000000D0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\LBB.exeProcess information queried: ProcessInformationJump to behavior

                        Anti Debugging

                        barindex
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\ProgramData\1EB6.tmpThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A10B0 rdtsc 0_2_004A10B0
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A789C LdrLoadDll,0_2_004A789C
                        Source: C:\Users\user\Desktop\LBB.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeProcess token adjusted: DebugJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Source: C:\Users\user\Desktop\LBB.exeMemory written: C:\ProgramData\1EB6.tmp base: 401000Jump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeProcess created: C:\ProgramData\1EB6.tmp "C:\ProgramData\1EB6.tmp"Jump to behavior
                        Source: C:\ProgramData\1EB6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\1EB6.tmp >> NULJump to behavior
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004A10B0 cpuid 0_2_004A10B0
                        Source: C:\ProgramData\1EB6.tmpCode function: EntryPoint,ExitProcess,GetModuleHandleW,GetCommandLineW,GetModuleHandleA,GetCommandLineW,GetLocaleInfoW,GetLastError,FreeLibrary,FreeLibrary,GetProcAddress,CreateWindowExW,DefWindowProcW,GetWindowTextW,LoadMenuW,LoadMenuW,DefWindowProcW,SetTextColor,GetTextCharset,TextOutW,SetTextColor,GetTextColor,CreateFontW,GetTextColor,CreateDIBitmap,SelectObject,GetTextColor,CreateFontW,3_2_00403983
                        Source: C:\Users\user\Desktop\LBB.exeCode function: 0_2_004B1F84 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtDuplicateObject,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_004B1F84
                        Source: C:\Users\user\Desktop\LBB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                        DLL Side-Loading
                        112
                        Process Injection
                        1
                        Masquerading
                        OS Credential Dumping311
                        Security Software Discovery
                        Remote Services1
                        Archive Collected Data
                        1
                        Encrypted Channel
                        Exfiltration Over Other Network Medium2
                        Data Encrypted for Impact
                        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                        DLL Side-Loading
                        11
                        Virtualization/Sandbox Evasion
                        LSASS Memory11
                        Virtualization/Sandbox Evasion
                        Remote Desktop ProtocolData from Removable Media1
                        Proxy
                        Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)112
                        Process Injection
                        Security Account Manager1
                        Process Discovery
                        SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                        Obfuscated Files or Information
                        NTDS4
                        File and Directory Discovery
                        Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                        Software Packing
                        LSA Secrets124
                        System Information Discovery
                        SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        Indicator Removal
                        Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                        DLL Side-Loading
                        DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                        File Deletion
                        Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand
                        SourceDetectionScannerLabelLink
                        LBB.exe87%ReversingLabsWin32.Ransomware.Lockbit
                        LBB.exe100%AviraBDS/ZeroAccess.Gen7
                        LBB.exe100%Joe Sandbox ML
                        SourceDetectionScannerLabelLink
                        C:\ProgramData\1EB6.tmp100%AviraTR/Crypt.ZPACK.Gen
                        C:\ProgramData\1EB6.tmp100%Joe Sandbox ML
                        C:\ProgramData\1EB6.tmp92%ReversingLabsWin32.Trojan.Malgent
                        No Antivirus matches
                        No Antivirus matches
                        SourceDetectionScannerLabelLink
                        http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onion0%Avira URL Cloudsafe
                        https://twitter.com/hashtag/lockbit?f=live0%Avira URL Cloudsafe
                        http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onion0%Avira URL Cloudsafe
                        http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/100%Avira URL Cloudmalware
                        http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/0%Avira URL Cloudsafe
                        http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/0%Avira URL Cloudsafe
                        http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/0%Avira URL Cloudsafe
                        http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/0%Avira URL Cloudsafe
                        http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/100%Avira URL Cloudmalware
                        http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onion0%Avira URL Cloudsafe
                        http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onion0%Avira URL Cloudsafe
                        http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onion0%Avira URL Cloudsafe
                        https://www.torproject.org/0%Avira URL Cloudsafe
                        http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/100%Avira URL Cloudmalware
                        http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onion0%Avira URL Cloudsafe
                        http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onion0%Avira URL Cloudsafe
                        http://locNTUSER.DATkl4kul0%Avira URL Cloudsafe
                        No contacted domains info
                        NameSourceMaliciousAntivirus DetectionReputation
                        http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit5eevg7vec4vwwtzgkl4kulap6oxbic2ye4mnmlq6njnpc47qd.onionLBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        https://twitter.com/hashtag/lockbit?f=liveLBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit74beza5z3e3so7qmjnvlgoemscp7wtp33xo7xv7f7xtlqbkqd.onionLBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drtrue
                        • Avira URL Cloud: malware
                        unknown
                        http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit75naln4yj44rg6ez6vjmdcrt7up4kxmmmuvilcg4ak3zihxid.onionLBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drtrue
                        • Avira URL Cloud: malware
                        unknown
                        http://lockbitcuo23q7qrymbk6dsp2sadltspjvjxgcyp4elbnbr6tcnwq7qd.onionLBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000002.1747982315.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        https://www.torproject.org/LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbitb42tkml3ipianjbs6e33vhcshb7oxm2stubfvdzn3y2yqgbad.onionLBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/LBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.dr, bMHeBJMks.README.txt7.0.dr, bMHeBJMks.README.txt34.0.dr, bMHeBJMks.README.txt30.0.dr, bMHeBJMks.README.txt28.0.drtrue
                        • Avira URL Cloud: malware
                        unknown
                        http://lockbit7a2g6ve7etbcy6iyizjnuleffz4szgmxaawcbfauluavi5jqd.onionLBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.dr, bMHeBJMks.README.txt17.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://lockbitaa46gwjck2xzmi2xops6x4x3aqn6ez7yntitero2k7ae6yoyd.onionLBB.exe, 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000002.1747982315.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680815927.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1680374026.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1659897261.0000000000CE1000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, LBB.exe, 00000000.00000003.1675489639.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, bMHeBJMks.README.txt24.0.dr, bMHeBJMks.README.txt29.0.dr, bMHeBJMks.README.txt9.0.dr, bMHeBJMks.README.txt5.0.dr, bMHeBJMks.README.txt10.0.dr, bMHeBJMks.README.txt18.0.dr, bMHeBJMks.README.txt26.0.dr, bMHeBJMks.README.txt21.0.dr, bMHeBJMks.README.txt20.0.dr, bMHeBJMks.README.txt12.0.dr, bMHeBJMks.README.txt0.0.drtrue
                        • Avira URL Cloud: safe
                        unknown
                        http://locNTUSER.DATkl4kulLBB.exe, 00000000.00000003.1675127376.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        No contacted IP infos
                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1473023
                        Start date and time:2024-07-14 21:55:06 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 4m 52s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:11
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:LBB.exe
                        Detection:MAL
                        Classification:mal100.rans.evad.winEXE@6/259@0/0
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 90
                        • Number of non-executed functions: 5
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, VSSVC.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtCreateKey calls found.
                        • Report size getting too big, too many NtEnumerateKey calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • VT rate limit hit for: LBB.exe
                        TimeTypeDescription
                        15:56:52API Interceptor102x Sleep call for process: 1EB6.tmp modified
                        No context
                        No context
                        No context
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\ProgramData\1EB6.tmpggjLV4w8Ya.exeGet hashmaliciousLockBit ransomwareBrowse
                          yEB1xvr2rZ.exeGet hashmaliciousLockBit ransomwareBrowse
                            71p2xmx6rP.exeGet hashmaliciousLockBit ransomwareBrowse
                              98ST13Qdiy.exeGet hashmaliciousLockBit ransomwareBrowse
                                c8JakemodH.exeGet hashmaliciousLockBit ransomwareBrowse
                                  Document.doc.scr.exeGet hashmaliciousLockBit ransomware, TrojanRansomBrowse
                                    Rcqcps3y45.exeGet hashmaliciousLockBit ransomwareBrowse
                                      LBB.exeGet hashmaliciousLockBit ransomwareBrowse
                                        lockbit_unpacked.exeGet hashmaliciousLockBit ransomwareBrowse
                                          maXk5kqpyK.exeGet hashmaliciousLockBit ransomwareBrowse
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Reputation:low
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.590570956923321
                                            Encrypted:false
                                            SSDEEP:3:11WJvHxCGhrQo0EnCdtp38NNorhe7OCT8QkkzD0L:1cBRCTpEnQpMNN2he7OI8Qkkv0L
                                            MD5:A885BB57B6CC8593C999D382752778DE
                                            SHA1:FF52C80744443FB65D3D32168C37C8D960ACF2CA
                                            SHA-256:238C5801943842A3E92B426E9C6191124994A7892C879F66D488D0B2EAB10719
                                            SHA-512:3FA8B4CAF62ED4D3D5DCDE40FF6C42337A9A4D5C768B2636044BC0F78C41374C539F5949318D361905ADEC2745EEAC4368489F8330D5262B60A9E17D82739C60
                                            Malicious:false
                                            Preview:...#..d.y>..W".|.c..".UE...{.ux..Z..l.U...'8.V...h..@..wC./......7tpI.....X.....e.B`..'=..tH...V[..g.@*...q.Y..F+B.%....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.547859522781252
                                            Encrypted:false
                                            SSDEEP:3:4NepcD3HJoxzOG5qWgl6vovW5zrl81IvZs2FdK1K5E3XkTLKvYMYI:4NEcD3GcG5qWglN+5zl7zK/60YK
                                            MD5:24AAA8662746CFC964B25B28554C6CC9
                                            SHA1:150C5133A1B257E81C34F205436A7A55529BD71C
                                            SHA-256:01CB32960DEE04C66EAE5C4C20CA7A3B86A3459C73AF4AB99FA95E4BD53D0A9C
                                            SHA-512:122901B5172A6747604C95CAAAF46C22C398355351190EDB112E27D27D21CB63B8691EA90B68B403899325A7B678C57073EFA539ECA66ADBDD2C8D288B122C74
                                            Malicious:false
                                            Preview:N<..i.......e....1.A.,..=..c8z.gs...@......#........T..:\........e.p..+.....W.....b`G-...../.....R.&......$.16....X...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):129
                                            Entropy (8bit):6.602274639127405
                                            Encrypted:false
                                            SSDEEP:3:KSRVEtV3wqZ7PwswWdd0oR7iYoSEhBJyBg9vWv+lJn:KSRVA3w47BwWf0DYC8Bg9dT
                                            MD5:B4E4419044DE187EF64D349672042604
                                            SHA1:60BC4276A7FC8205E2EFCDF400DC04A57CDC341E
                                            SHA-256:F23635F9B15DA15F15012DDD9FEF4080458E4C200DB55BA51963DEF1898A60C9
                                            SHA-512:A5D3E299E0EF0FBADD618888FD2FDEEBF943D21D9494DF798DF64FD58BFB323C2862342618C2DFE3FD365895F08ED6400FABD0751EDE939786FC77A1E6254ECD
                                            Malicious:false
                                            Preview:...........a......0.v..v..6d..D.X"...}%...R.\.......,..=b.......,>.i..`c.~.S.X.=gN.ED...M...bB.....+A...J.._|{...r^.P...l
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Yara Hits:
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: C:\$WinREAgent\Scratch\bMHeBJMks.README.txt, Author: Joe Security
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):14336
                                            Entropy (8bit):7.4998500975364095
                                            Encrypted:false
                                            SSDEEP:384:5cFP7VtpK4p+31Mzh79W5vM+ZyUgGq4BtMvAxXCRsi:A7Vf9p+qQ02y5HW6kX
                                            MD5:294E9F64CB1642DD89229FFF0592856B
                                            SHA1:97B148C27F3DA29BA7B18D6AEE8A0DB9102F47C9
                                            SHA-256:917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
                                            SHA-512:B87D531890BF1577B9B4AF41DDDB2CDBBFA164CF197BD5987DF3A3075983645A3ACBA443E289B7BFD338422978A104F55298FBFE346872DE0895BDE44ADC89CF
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Avira, Detection: 100%
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 92%
                                            Joe Sandbox View:
                                            • Filename: ggjLV4w8Ya.exe, Detection: malicious, Browse
                                            • Filename: yEB1xvr2rZ.exe, Detection: malicious, Browse
                                            • Filename: 71p2xmx6rP.exe, Detection: malicious, Browse
                                            • Filename: 98ST13Qdiy.exe, Detection: malicious, Browse
                                            • Filename: c8JakemodH.exe, Detection: malicious, Browse
                                            • Filename: Document.doc.scr.exe, Detection: malicious, Browse
                                            • Filename: Rcqcps3y45.exe, Detection: malicious, Browse
                                            • Filename: LBB.exe, Detection: malicious, Browse
                                            • Filename: lockbit_unpacked.exe, Detection: malicious, Browse
                                            • Filename: maXk5kqpyK.exe, Detection: malicious, Browse
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....YPb.................,...........9.......@....@..........................p.......................@......................A..P....`...............................@......................`@.......................@..`............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...`....P.......4..............@....rsrc........`.......6..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 16, image size 2621440, cbSize 2621494, bits offset 54
                                            Category:dropped
                                            Size (bytes):2621494
                                            Entropy (8bit):0.20690478432956283
                                            Encrypted:false
                                            SSDEEP:12:GKm71jTv37T1BNrdVRd3fF3bdJf7vhpnzBxD1fJ/tBfJvTLtFFdF9tlFNtnvDdFH:2
                                            MD5:ACCAFD2C6A5E3AA93A37F850BE194FEF
                                            SHA1:B89571B0201E967DAA2419A3154DF453A01AF6E8
                                            SHA-256:2F103E4BAC1B2EEA59AAF6F10BFC8B56D7EB54D19EB03EA7BB257DACCAB10DCA
                                            SHA-512:1F28E234B7E91C9BDBFC3304996D52976FCCEB9F17EB4DA5492FB912B6233F357B0B8FBE404385AD5DB350070B1425889AAA0A8A983B61CC612EFF41D987DC73
                                            Malicious:true
                                            Preview:BM6.(.....6...(.....................(...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                            Category:dropped
                                            Size (bytes):15086
                                            Entropy (8bit):4.262047636092361
                                            Encrypted:false
                                            SSDEEP:192:jpBaAlHSa2vU9G/8MMBD7O1lXFMB8VMJP7:jpjmkMYD7IFMRx7
                                            MD5:88D9337C4C9CFE2D9AFF8A2C718EC76B
                                            SHA1:CE9F87183A1148816A1F777BA60A08EF5CA0D203
                                            SHA-256:95E059EF72686460884B9AEA5C292C22917F75D56FE737D43BE440F82034F438
                                            SHA-512:ABAFEA8CA4E85F47BEFB5AA3EFEE9EEE699EA87786FAFF39EE712AE498438D19A06BB31289643B620CB8203555EA4E2B546EF2F10D3F0087733BC0CEACCBEAFD
                                            Malicious:false
                                            Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):239
                                            Entropy (8bit):7.102402006571642
                                            Encrypted:false
                                            SSDEEP:6:iFe8M3zNfp71IIahSKlOJpuREHPP3qc+H2Bpf4C:ojM5fpp1gOnuitI2Dfn
                                            MD5:299D9BFEFCD70E539FF520ED1AED023F
                                            SHA1:DEFAB8CE3A3978739E5D892BF6F4A5264B661BB3
                                            SHA-256:CBC323294C3098E7C18C4181235DBEAA264F25AC3AA90056C84CB167BB8C93F6
                                            SHA-512:5F5B47C3907A4CD4139DA923259C8053EA3FEDA943840B877EEDA04773E45A80DA7293B1047E852B44E8E106B271402C97EB800F3C734215149996A08FADD52D
                                            Malicious:false
                                            Preview:-zXe.Di.y.~..jY......pt..Y.)..pW..D>z.?...E.;)....m........wWd..t.9.....$.C...u......z..._SY.0.C..cLx.a.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.848507844479175
                                            Encrypted:false
                                            SSDEEP:24:o83M+n005R1n8kKHuH3vKUpTM+afiDXGkC+L8xNyYeDO4FsHatNL/LDfn:Fc+J5H8kUufKUpTMSD45xcmE55DDfn
                                            MD5:A21FC4DE46D76C35658374E4D87840F9
                                            SHA1:ED7D2F20127FB7424B4E91251069A9395C407044
                                            SHA-256:FE967018B3433970BA6A03CBC7114982D5FF3A715E103A60F5C04A571CA7D876
                                            SHA-512:A2CA1562E5C681FFD23823E210FDA6138280421E030B46E55C041F6527913FBFD90158BA9E23CCDBB9327276ECAB6227E51B31D80C552E817D4A580CE3B50047
                                            Malicious:false
                                            Preview:...T...Z...U.Y+%/ ...|:.>S.W..1..r.f5...m6P..[p zX..;..t....>....W....F+x.aQ.f+E.....S.............1.9J.zw..OI.T.K.3............Io.Yq.#....VO.A.o-?.YI...D.$.dQ\j.r!Q.z.\../..&>$.k.....Q..GZ..P..:..k$..b&.. .x..-..{v.Qq.[.+Q1..<....w....BAa......TM....R...H...G.I%'5?.~.{>.$\.T..1..d.y>...~9W..Ch*wG..'..d....$..\....O(z.k].e;_......I............'d*F.`u..RI.J.R."..........L...W.].U...T...q|7...^.v...f./...!.........9.Z8i.......[....wh_..$....v...-]..)J:U...WW.w_.../..0.p,fQz....a..,...xHF.Y..`.....f.+.X.}.I..7.b..g}..>w*.#>.h.V.v...MB9.......w..)"j.i...L..Mv....R.D..I.*.p4,jW.e.Ig..6. 7._H...V0........c/....E5...]...U.Z.T...J...`c<...K.h...y.+...;.........0.Z3h......W..ulS..&.....i...3\..!W'D...^R.w@...%..,.{!fNb....s.. ..aSL.GBw.Q_u...yn3%Z...!5.,f.....dw...[R:....0.?n...0.....8SK..$.*...G.A..k..,.%.$.^.2VV.hY8.E..;..id....&L..s}....f.P&|..e}.j.:..<...O.....r/3..l.\.......2C;......c....^./..z.. ....=0.[......}.\.&..1....|A....Z.:.-.p~."..,.V%A...N>.
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.836965961145116
                                            Encrypted:false
                                            SSDEEP:24:IWDs0NWkU3OZlCYL8TS9y9wxBEVyQWuAAdTzpnIdHZ7EAk+0ReTRLDfn:Iex93llLGj9wxBpuHdThcZTplDfn
                                            MD5:29E84CAA2B2B814A614D6B7433C30A5B
                                            SHA1:ED05E3D7F6AECB3B0EE328234BCF65CA787BFA64
                                            SHA-256:31FD74D59B5F58C6163CF12591EFB56B5B2EA251EDF14AABF51370078199A59C
                                            SHA-512:4B33C1F422C30452B9C1B07674C675548C5126FE233E21A50FE278FC976D239B180C0188EC20A3A42E8765047265F162411600C4B564657CBC96EBC8A0724A26
                                            Malicious:false
                                            Preview:..........8yc^f&g...\.1....y .....@..h...4'...v.L[..d.2Kq."...q?1x?.....$..4,..O..=w)4-)&.|G.U.&...t.x.....c.. ..{.(.t...I.5..N.........)..k+...(... w>..>...U...H;A@...H...b.g...<...go....{,I..n.44-i..^...+.......?sh..}...$..D...oa.Q.Qw.m...8I...........+lz^y(n...].+....a'.....I..g...?+...a.\\..n.5Kz.:...~.9o#.....0..$5..F..'h9* :>.k[._.&...~.q.....{..2..b.'.j..I.O..N.fn?..jVPv(.~......f..B]...3^t.:;Q..&zUkcop.X.&..\..%.[...4.@...9;>Iz..n.i.La.px.D.-M.N.(../E/~T.?....9}PK/.-=.T..`..t....De...4.x..G.. ......o.S7......*{u5...:.-9...2k..n'.].......a.u...z.z=......|?.[v...{.Y..{......C....,uj....I...'...dC..R.|a?.1kWUb(.|......p..WN...?Gt. .Y..!oHmbyn.Y.7..R..9.P...5.L.e&!)@e..b.e.Dy.ey.G.-N.J.<..4M?yH.7....%bPC+.9$.W..e..d....9...t....Z6|s..Z..h..r..A..<.8.R..4.,......s.u.....fd.....B.J.q.......j.....r64......6xh.b..Z.+.V0..T.Lq.L&.DB...o).6..J..O.2......d.vh..,.@^.5...>..+..fpd..jG..d.G.B...|].E..T..m..OZ4..$..P........X.=..y...p.-.......
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.85141629811728
                                            Encrypted:false
                                            SSDEEP:24:ng5xEoM09L6Ov6rzl17BHfH6tyX9lSr2i/vGFqaa6KLDfn:ng0oLL6Ov6rzl19HityNlti/yqvDfn
                                            MD5:87197942734D0938FC193D16524FCE08
                                            SHA1:28899F22FD3D1A517F950C33656E3EB6FCDDE92A
                                            SHA-256:F82EBF13679C3EE6A05293D6D89A1E82B3537C630C698D576690F14F5D21029E
                                            SHA-512:992DAD83C57502B34E9311C90A6AA2DE36A9E3B2F3AC99379CB6DA9EE24A02CDF38E215F7BB5B841FE874BD70A379A260C7A69BC350F9353D234C8F836F678AC
                                            Malicious:false
                                            Preview:...O.........XjH..;..b.....1..P..........T..3..>>Z................4.../.....A...<............e~...MD...Y..V..+y.E.P.)..).:S.D....So...S.......u....z.....w......}q\.SU.P...........X}..n..y.2....VO.G.v..,p.a.|u..>.>.U,...A.../....JV*,7..S.<..s....F........RsO..=..c.....:..\..........B..*..1%\...............3...6.....M...0.........jv.....OO...^..W..*v.^._."..?.CN...q...8~.n..&G..g...z'D.H$.w.6.f...{.M.E..l}.l.&j..U/Z.V..G....O..O.t......K.}.)Q".<3...w..>.R.p..B.l...#..').i..~|4.....f.9O..[(}Z...7.;.:.S.j.g=h..(..+.......;.K.=.I....U.].M.4..1..X...?!..0.b._..ev.1.....a\J3..s..5Ym.o.....0:...g...f..RD...q...2u.c..=A..t...j X;X#.w.0.d.....Z.P..ku.i.;p..@6L.C..Z....U..C.t......U.w.*_3.6/...}.!*.\.f..C.q... ..=:.s..jb/.....{.EW?m.C.f...alJk`.S..v."bm.?..Q...`..._Miq(.......h6V........,...Gv..,.18.>...5J.bJ6gy.i.8~..~I..I.}'wy!-.`S...N.+(Y&.M.....V.j.....#_.i.j.[..\.q...;[...(.m.Y.....O..Y...z.8Q.O....5.n....y.1..yo..GQ..W!...._.Fz.!R".S?..U>.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.813087907146401
                                            Encrypted:false
                                            SSDEEP:24:6cJobiRaGQtU6Z4ZipIGYfH8EPVJLbs1NEJDaIfLDfn:lQiRBQtU6e4dYEE9JHs1Y7jDfn
                                            MD5:AEEAD42A82C1BFDD39FE28019F887376
                                            SHA1:10ABC1DD77F9A376E6DC347D4E79EB140B1110F1
                                            SHA-256:1D245B99D49811D2080BF1CB6E47086C9270E24EA8AC03D7863C7E8A08BD5894
                                            SHA-512:3626DBB888FC56E8770FDE9778F435022DA93BA88CE1623514F2F2AD490A1B1287E4720BDB26CA96CE822C205449C4E0F0C11BE952DDCF6983E30030A43E9082
                                            Malicious:false
                                            Preview:.~.......K.I.d.,...]+<.y....)R#3uI8g...G..s.;jM.?..;.F.v.$.....r.4..HM..]+.]......q..g...4..)Sn>(E...}.u....F....:...g. .......G..W..C...3...L@...W..^.~~..i....%..[G\HvTs<.....9%.r.2..p).4....N<..4l....;..r...].`.c. DJ.F........3..4.].W......i.,j.......M._.a.;...]$:.k....1Y:9yY={...L..d.?hT.6..=...Q.z.4..x....$..XB..R1.T......k..k...5..#\f'=P...v.~....G...."....l.3..ynVuT.....a`M..%....66........6.;y..H.;Wx..,....^.X.......h|_..."T...h....5s... .[V. !C.Dg5+......W..W.d1;G...u.g=v.t..7.V..H.Q.%(Lo.:.j...]0=...U...]Ar...6......R..W.-..].3..$..Z.sb....r.:4.[._Y..D.+./+.hsMX.5..=zw.L..6..bU...5LQ..ORU.=_.d.hdJ~X......jw@..>....&/....o..6.0...Q.-Sa..9....Z.Z..6......e}B...6N...r....-j...*.XX.>+_._d?8......D.._.g28F...o.r:j.j..0.i(........O>........@|Kq....B.rJ4..W.z>Y..G.._I...]'...E0..s..._0........Y.|..&..aA.:.t...a.}.....:.0..C..=D.Tv..!.g..|.Z@...v......^...Z..(.Mz..&.w..3gc..=.....q0..0*.R.(..H.)...g.....xT.v_...p.Wp...l..$;Cj...Cn..Z...F.X.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.862456573444722
                                            Encrypted:false
                                            SSDEEP:24:10l0iDOihRYUJwUi35YKn6IE5R/dFh8zmS55nWQD55arN8LDfn:10l0iLYsm3p8Fl0tfWXNmDfn
                                            MD5:7DA4FE7EC96F238151377AAE529C00D3
                                            SHA1:79E5DC7267231C22C7C14A959B3290EC3551C783
                                            SHA-256:608996D3134634A19A455554C9AB56F4573F5A1697AD29EDA63382EC4834828A
                                            SHA-512:CD0241C44FD1AE5C76EE8ABEC7A72321C1E13749642BD473188D89E447CB979A60954F75A4F126C03B69DF51539B4EA215349415E77CB6E7A6694DF8C6C10DD3
                                            Malicious:false
                                            Preview:.!..t..`_.Y=z..$.(../.T...x.P...2A;C.$....6+..&_M41....E..a...H....l.....'....M.q.1..=.....s|..B..jqS.#.:.JF.i.*.m..d..$..=t..xC...c....".......J..9.....2u.L0#.j.W..:..Uk..Z[.l.?.j.@....+.n%..Z.3...u...S.@\....fYH.i..S......$.\6..CQ.-.#...w....5..}..nW.E+a..3./..).F...`.I...7]2V.'....2)...)DK,5....U..}...E4...|.f...7....B.g./..8.....ys..W..psX.(..9.KG.l.%.v..g..7...Q\..90.}r.RB&.+....R..cK\v._..U.X.@..'M....Z.h.2.2..l.r.....C.z.f..%.J..HeC.R......C.r.#.....8.....M....O.nV....g...Fwe.....f.sNw.s.c.3.RS.r....8.`.pT..z.(.......4...t..(.z.B....!..K....ZS.Xu%...|.`.^.x........Q.8..a..K.w....{....U.Xqa..S.k'.K.+...[@..9:.ux.EO8.0....A.s[[j.O.$U.S.B..1I....V.o.6.0.et.g.....B.c.g..?.B..HtC.J......@.c.)......7.....J...G.mU....w...Akq......*^..f...........@V..L.r.p...1$%..h<.........h...Ec`..;+S._Z.-..9N..a.4)...F..x3....e.....(..5....f.....@..Zh.".S...A..l..u.(.u..._..4kU.z..`............',G)....LPzx..b...N.uA~....-k..&.$.n.?d..KG.f.XC...6...-.....3e,?..
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.843478385879841
                                            Encrypted:false
                                            SSDEEP:24:7zuj6VFkDLBVGdht0y2/tY/te0yLBLH4Bgehnu1exhUikOLQC5FC/ZuLDfn:W+6LBVGr6tYFlyL93ehnrPkOLQr/ODfn
                                            MD5:60FA8EE6AB3D0396245DCB50422BD72C
                                            SHA1:901308AA28E417CA348EDF4150894249D51A61C0
                                            SHA-256:9FD50D95B27BAE98C7E1B0A1E46C7824F15F8D64FA6F33D8DBD16436F5477F14
                                            SHA-512:0D9292B162127C8B8441AB59AE171C8D0A63DE387F86783EA0EB5E83439CD69CA5722DCC6AACCCE863D556ABB6DD33C433677BE03A5FA646F2607A68FB380C99
                                            Malicious:false
                                            Preview:ZF...NO.......}.T.J..@...D....P.t..m.3?....D.bX..h.t..;..79..|.y...p..+.dg......y....o.<...q..?......z/g.....>...u..7.*.z/.!...}.............}..v..L_p...Z...SF2o.@dQc|).i@......3.q.e'\Hg"C..{....U..j^.t........X.Z. ...W#~j....y...!.p-PF.5*...Y]...[B..s....f.Y.L..N...\....I.a..z.(-....W.mV.t..e..%..49..p.c..}...=.d|......r....u.$...w..;.....z4e.....=...x..(.=.i..Q..?........k.}B...}...jV.W.Xd'L......2.n ...........5.Fg....t.%eq..o...ar..}3..3.$......4.k.+.|oz....|....-._..p.m.?E.oTH.tc.BK(.~.VmvuuY..*.*.....>....3-5.;5q....>..O..R...^.j@.P.p........W5..f.3..s....l..E:........D!...P..'<......G..$........`.zK...s...cR.T._q:]......#.l<........l..$.Xd....x.0eu..d...th..u1..5.<......9.w.:.`.i....z....".Y..c.z.!m!....8#..+-.Z..g.'....bN.:...E..,{!.r.4p.{o...jvK..j,....$.B.K...w(..i.6-~......j..@......@..@....."..A.&...pO.c.#.;.tjkMh....Ed....M.-8.&D...Q...6C..].Z..X...4.'c.^...,.H.wH.3...i..Q..X..r..2.n...:.. 4..wQ..N..[..V+
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.867138207167791
                                            Encrypted:false
                                            SSDEEP:24:wE3VOrbChFbeKwRCeRalRssjnpR/t/eYIyBAmQiLDfn:wElOr2hlcRDI5zpR/t/eYIzbQDfn
                                            MD5:557B4DAFAA6E3846ABA13825152C6931
                                            SHA1:6D949F4875ED4BAF0753073E55992650190B79D9
                                            SHA-256:CB75BB2BC42682E674E7668BE96C75F4D8ED5BF63D8B6B5D2D4B4DA57FF68C8D
                                            SHA-512:CF40B4233BE6ECDD3EC9295EE97D454562D4C969AE30DE8A164395C66187270E37962A8A858BF34D2A188E0ECACA039CE16DD21E07E4CB7E899905F0153E573A
                                            Malicious:false
                                            Preview:XI.@O...2.\Pf....4m.}...v$..>...{;^....JF}Ud,.r..t....T_.}...(..}.I*H.X...j.y;.>...-..'s......p........./VA..'..Q....=k...2....y......Z.J*L..#I{.d8[.:...b>j.7.It...RD&yEL>).HO....B...&....W.6P.W.9..3JZ4.....'.9....g ..L.6!.X..#..i.l2.d.L7.R..*.+.wXB.AW...=.OZa....+`.y...s...;...z(].....P\n]~/.l..x...._D.....)..e.M(Y.\...d.l*.%......%y......q........4GB..)...Q...."u....$k/jAZ.,.).,....V......o......m....5.E(..%&..q..K3..R..v_>.U<....Im....6.....>1..#.....m..o.a{."..1F.KQ=.6...O......./...4..N.....AB,..jx.LN<...Q:..9}..Az.B.{g..b..Ra!gQ...|1z.".&.D...Q. A.&.uu..q\...8.....wR?......f='..CN...%M....X..P..(....-x#i[X.,.).)....H...a......i.... .T5..0?..w..\)..F..iZ<.^/....\x....!......?2..?.....j..s.~~.3..5C.LA.b;...Z.............ja.U.....`Ef.. z>S..C./...~........[.....(.../....Z..r4.........."...!D....C...N.U^d.9.&._).6......4ZL}.f.../B.z..t..8....^.....ZOa.i.z../.!pUx.B......-'[3.S.".!3@=;....FGn.(.....@$...C....o...T..s..........zJ..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.867731310288034
                                            Encrypted:false
                                            SSDEEP:24:6yRSF4W89TyNIAedcRB3fsVuvZG1t/88PEfK21ZATLDfn:6yR/x8gS3fsVcA7/rEfK21aDfn
                                            MD5:4AC84A7B8553EE888DACFE30C539731E
                                            SHA1:A5F2776F49FB0DF302DB5E92D1E771A278B52AFA
                                            SHA-256:A0296A534853C575F43207800B6A4871480AB5A2C68C8FB0E87BB0614785B127
                                            SHA-512:CBE98DEFDD43FB4B460E87FAC23A060469D09645713237299D225979CF59DD5753DF91B91AF64D0EA660DD846460256D18EEF6A45363812B241B24424543B627
                                            Malicious:false
                                            Preview:..!.F.....Z....8.W9k.%H7F|N..~i.f.3!..lQ...k...-...I.k..;.+d..T....H`.R..~_.Z...........Z.d...K.......(.......=+f.........#..92.....;4.x...'U......d7.9.......B..T..-9s..f`n.......W...gM(..M.....iQ..........g..[x.54u..|.&.....>x.}.....H.m.r..!..^.....P..6.Z o..H2LwZ...yh.e.52..vK...h...!...B.j..5.*g..I....Lu.Z..kN.A...........K.j...C.......9.......6 o.........|):O.nI.N.5.../..s......vI.....[u..Y..5#s.E`.bW%.\/^.M...C....<>....5 ...4..C....@wd|.9y.. ...x$...sP.:..>N./!....C"IZC^.'....>.....'.{u..>.....*0-..0;x...9.<...LI9.qi.ptR_"........x...*f.z+#$....@y.*...Wf..~ZTh..a.:...&...V.r.............p* M.nS.K.4...1..}......eKc....Uc..L..#/f.Tn.uB2.N%J.E...R...8"....%(...4..V....Zkjw."a..+...g!...uT.=..-S.8)....F&Jtx..3b.r.....l.......iG.+=..T........h.......'AB......vm.z..t+..$dk.=3%..p..T..O,bR.)bz*?;Mi...KH....*.q..dP...I.F/>.:....@`.....J9M....e....'...s..|.~.j2.y/..(. .d)r....S.[}....#~.c..Su+.V.(...l.a.....8..0>3..(....p.X.}A*.b.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.862082950786348
                                            Encrypted:false
                                            SSDEEP:24:/9iefeokjZuNcJwlcHqNwHUpuwsJpV6URHJR7V3mg/ZeQcjLDfn:/MjOqwyKNhuwonHHh3F/hUDfn
                                            MD5:4E19570743098BA64A97D0B5BF26AAA9
                                            SHA1:8AE352962A05B6FD17B69A4FD74179E24C128720
                                            SHA-256:B841EE80EC75D71A762E05185749CD5879C30CF139F1A33CF6FC360EC65F7644
                                            SHA-512:3EE42BADCA304B3EC7B97E95B02844230C2D60B84BA0B56812BED4030D374C8171AC2C2E44BD377CA41E50918BA3C45967C7B939A25ACD9B62AF47F8624690E0
                                            Malicious:false
                                            Preview:.|2r...DPN...b.aV...Y...F.:..T..7......3......Lw........a.R...T.F2.t.}..1_...Nr.,....Z*.5"p<.A..ST..2.j...9.6Fi........A.,..4..p......|5.RA..}6y..9....v4q.o7X.I...[nA...v1..s...."`.....Y=-.....-..#.R.....PVJV.q,.A;.G^#."..... O.....z&'@hUi>.x4v...RHH...d.`T...A...K.-..I..*...... ......^o........l.T...@.W?.{.`..-Q....Bq.<....Y..)2g6.@..PJ..<.o...9./Zt........Q...J.K.T..o...c@.......8.ls.....s.+...Q.~.....p.5..p....m.M'..(.m.z.....O..x.].........e]..+.((c|....7.}.nY..h{..K.yT.....(.\..r..XMJ.....I.:...4E..yd........c..hX..Q..=~]..g.):..8..,...;^Hg..ze...m.r".Oz.fx....S...}.U......=...mT..y..X.X.Y..w.kH.....8.gc.....l.+..&B.h.....u.2..b....q.V,....}.f.....E..{.Q........{D..8.39at....5.j.zQ..{c..V.eE...0'd]..(kb.1.c..e....Q!I.... va..T=.........J........(4h./~...H.T.{.7....#..Vr....].......R...M0"................ J..j.~.=.>lnQ._UZ.....=E`..0k......C...;Tg.".......a@........_}.."......[........]Yb...=..O.oG.Nk-...V...f
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.845040648946573
                                            Encrypted:false
                                            SSDEEP:24:pMhEHUFtEXkEr3DqlyHQ58aZ7C7NOu7r+DmR/o15hQ/FaQLDfn:pFtf+lD+x7NvnbRk5y/FaqDfn
                                            MD5:D10ED70B0F01624DDFEA4A30911BB399
                                            SHA1:3E69E81175C4B3A912C358C61FBD46AA0C2EA250
                                            SHA-256:A0660A3FE8D99E53C7BB2B5B7FEF860E47F3D043622971AA2CFF2F759B570E6A
                                            SHA-512:3F1298108FF197422929587E12A054EDD828003CB238CE7B022C17894E2F6A9C773507437C8DDA422D948D4F6076295D46EE5F2A6DD38ADE3C4D2400D8AB2101
                                            Malicious:false
                                            Preview:W#U<N..`..X.Q.:>^[..)c4.g.G.8l./.G..2..D.3.....aowl....j.n.....%.r...7b.f..z;..W....p.`."s...d....|..t...i.G....${GN...%j...y...(..gw.4........%w....A..~Lps+...R..J.|*e..V..*.SC...B.s.@...).kZ.X..3..Z...8.....X....o.....mRn........J'S8B..xy.].E.8.G^.."~0.k.P. e.$.Z..8..W.=.....yuj~.....l.k.....9.c....6p.j..j8..X....`.b.4z....j....h..m...q.]....-k^:...A..%\.f...#.....W...c. .......m..."....T...0M.......;.:....~.>..7...0....&.j..1..LF.H..5_......P..I.@...kjR".3...`.......1\.....F.H..a)..(..6m..A?.6..E.2:*f.Y.]......M.F.G.#....h..g.um.....6&.l..}.......0.Q.C......&.a..{.1.....'..R@.pk}.?..R..?F.w...+.....Q...h.).......w...&....N..+E.......".!....`.,..%...(....*.~..-..X[.Q..&J......C..^.T...`yJ#.....j..8.4-^.C.......4!A.....y.".4.}.HFG.....`....|C..).....]..H9K..j..3..]A#..i.J..L.({...._}\.rx.../_....I7.$.h.^.c.....aD...F......na....7.7x...z?......#.9...K.3.d....O5.yp..K..d.b._.l.t.....j^/r.$.@...4.9.B.kX.k4....2eu.?...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:modified
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.8514544126191375
                                            Encrypted:false
                                            SSDEEP:24:5MjCmxnlOuljbzKIvcIatkBbUJJd+7OKpKEk0UVBhLwNxcAlLDfn:u+mxnHWiDCJzK45tucmDfn
                                            MD5:F3CD58533CB415FBCFB6DF1A59045EC7
                                            SHA1:5783C71746836301763CE4A59E0CE4FADB0B48C9
                                            SHA-256:FCD18D47E9C24DCAF4C3F6A8EB138C71B6770652FDFF00107C805B351838C318
                                            SHA-512:DB6C497E345C304E5E10336EED1E44403E1A973B2DB22E3AE4111EDEC288DE33E6F330CA32573C36E9C702850264C78AC12E723FBD88CF9979406C84CB206648
                                            Malicious:false
                                            Preview:&.X/9.U$]=.&.....J8Y...'..Z..Y^..'.;........H...{#..K.....bL...E...Ap.@....%y.].F...l@C1.m.5.Q..:.....Zz...e.-.1S.g.6\M...n....E$.,^.e. .>....y.0ox.i]-_.`.. !.@.?.M.#......:..]Ag..]Hx=....>H..r..t0 .WY.g....C.m&.W.j4..f:..2..3.6...{.5r.......Q<.[!/.P(V(.?.....C7J......Z..OW..(.1........X...q/..G.....qT....F...Ge.L....'i..^.@...~MX&.`..*.C..6.....U{s..e. .;G.e.%a....9.......9.,_....c.N.H.B.=2...G02..~n..Z._=.?.z...<......-.*}...4n.%.f..D..C.-...).>.4.-W.5..]..t...I8}.!&...u2..G&X}(.8.X.WY/....R.....T(?.Fo.A.1p.R`..,d.x..Lx.....[.W.n..K.W.....6.#[\ fk..\vFq}.I.Z.e...i.y..w.\....%..Y.@.9.`....!..E..bybk.....'v.....1.9X....z.I.S.B.;$...A>1..sw..P.V7.7.k...4.......+.7}...7{.<.u..@..V.'.../.8.(.=C.7..[..i...N:x.2/.w.y0..U0Uw8.5=........zA.{FM.i........$..U......'..jixRY..(.+.....\.MbQ,x.>.5J...m.=/.:N.......D.\...Y.#..#.8.n........T..@T.HA...8...Z.....4e...>k.$........1A.....]J.......1W.c..[..^q..:0"v'7.$.M..#kI...4.4...e.....=v.N.<c\.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.839635107322537
                                            Encrypted:false
                                            SSDEEP:24:lz/FEUV96jOiheLM33ryEbJyTtWqjGxiDaU0LjBj5zsdamXecVnF54VLLDfn:R/FEVTD7yEbmWq6x8S5zsVv54VPDfn
                                            MD5:02623C88959CA3FEA1B42C87B1AC0BC2
                                            SHA1:66EAA1C157E8EAE70DA3D2DDDE8123EE81F74D3E
                                            SHA-256:4AB212CE6154E6AD60EAC7277720633C3B7D9349472548E3CFB807A44B41FB65
                                            SHA-512:1D3ED820F5E990B81D5A227882F314DDCB521EFB57EB105DA9962016E05B31960B538B8C16748E99428166252F01339CF9E37919A2F948720B231EDF9D506522
                                            Malicious:false
                                            Preview:XCk#F.~.X.....{xx...0..e.[..NF.J.9,......'....].....)!.?W.M.V...yQR....1.'.......$0.....LK>|..mgT.iT....S.<4.=.B*^.......X.....{`..m@...2$~y..2.j..:.3.pQjO.SD.......f..\c0.....Q3...P..^.!...P....<Z....*..Iu.....:C...K....z...7....w.>.-...9..Y@~&J.a.Z.....|ry..."..y.B..CJ.D.!1......:....@...../8.)M.W.[...hPT.....7.0.......#2j..OE/k...hwU.rH....U.=7.<.B1H...........`..H.S.cf.z$.p..:.oz.........I..%....d.B..B.A.4..n..:xe.l.....ya........+.4..U....M7..,2........9.!R.:.?..J..P.L.f..M..(R2u.K...S(..Rr..S..B.V......RE#.....&..(]...0@.F....!m..}....{..c.{w.q....n../....0A.V"....W.7....<y.j.9.5T....B5.>^k..........n..V.].}~.n .a..0.qu.........K.. ....b.B..@.F.'..p..)qv.q.....gb........1.7..H....J=.. :.......'."Pz:."..X..M.@.h..Q..9_'{...(..aVr...'...k.....z.6.lv.......Z.,.&9....@'.......>Ii........e..SV#...<..|..h.[.q>.1....Lx.....h.!.....H;..>..c!.JD....}.._.%...V....:.V<.ERvW.....O..1..k..%........qN.*..e...0.?_4....:...#.`......'f8p>...I...X`$.Kh
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.827637340817401
                                            Encrypted:false
                                            SSDEEP:24:GWDdFKHMVja8o1t+35ZEd6NcCJrKA/FRwzH0yt4HwwVap3VMLDfn:GWDdAHz8ompSd6NP3LwzHTt4Hh43VWDf
                                            MD5:594DA032A2BCC48C683AD9F470D87DEB
                                            SHA1:1E6A9CA399DF62589214052E54DC0273EF69E068
                                            SHA-256:87D63A89A5A88A8B6B2A1EF4689C402ED901A039DC9AD42A5D91A90E598AE8C6
                                            SHA-512:5169F5E10BC7CD4446959CE38D0454E5CBE2D57F3B2DB179756B661460CD116E96891ECBCD2A4791B537654EA39E62912F976001A3086566704FC4DFB470166D
                                            Malicious:false
                                            Preview:...K.....D.({Ysg.C.@G3L.j....[...O.N.........eO..PQ..j../ZY2..O....K...JzNC..6..O.D.....9:.o.m.Y..2...w:.;...wy.%..@....yWFD......>e}...S..e.D@.!a....k.....0.5........rX...#../......z..z.......M....Q..D..}J...s..5.G.Rj.a...$...~..f...&X..O..d.@.....B.>`\gp.Z.@H5].k...C...C.K........sK..YX..l..%MO>..S....Q...ZuWJ..&..F.K.......2).n.g.Q...?...s1.<...~|.*.\....jA^3....9..,02......Q.#.A.-..d..ZE.6GY.....1.~.Y..8.d.r...h..Hnk.Q....1.s.x-..vF.........e.w....|...YyP."N........3.l.7'.&./D.Vh..[i1A.2O^.....}..YQ.~k..z1Y.).]q....#..wu..@.......3i...%V......2a`vcyL..%..u<{.7...H.C.....+ne...u..;!..9.}..zV.C..."....9..$:9......X.0.X.=..q..PE.=AP.....&.k.[..<.f.h...q...Eov.P....9.i.i-..oB..........|.t...t...^jQ.?F........4.k.#9.'....$....".>....4..w.I.Y..&....9..GFrc^...U...(.3h..|.=...W...g....aI,P....9.......K....8.~.x>@..b..Q....Gs..d.V."..M.\.....X#{... *..4%.Pf<.....I...'.J......9B.D..M.o[.&~&...pi.`..|%.Z.sQa.e......R=.)....F..B..CB.3u...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.852282465189993
                                            Encrypted:false
                                            SSDEEP:24:cPAzv4OcdUG6Wn9RBXtUV4TWEw46vOamdI2tAaLDfn:cPCCp9nZXmV4TWEL62HdzAoDfn
                                            MD5:1566ED820D0CCEA21FD80CC9D2F3479F
                                            SHA1:7E11649C627AAA1C0775D98603DC1CDC7C28996E
                                            SHA-256:4A14EC33327F5ADC786AA7346783B47120C1093E5509AE0567085090FD41A708
                                            SHA-512:AECAF842B37E94DA2200A7C81E8F156306EB6A6E2DD660FC0D1130A7D46552244A3490DA9C84F4DB1767B4A03F9A47C839E1532C449ABE147EFADBFC2E9A9EF1
                                            Malicious:false
                                            Preview:pq$...m...\..z..|z......+...O......J3-="....M.cL.'..g>v..L.....y..b1:.]T.s......s.....+.......86....w.Y.wU..FUa..7......_^..&..}g.X.$...-.'.....H...._SO..iG..O....+.b...#.\.....].........*.lX$...{...4.....k8.>..o5.B./..i.Hz.S...:.~ysj2...r...P..a..qp......1...W......&B$)89....A.m@.0..v/h..V.....~..d+,..F^.v........t.....+........8-}...q.Z.gS..WJ|..$].!...l.h.&.\..O...&.1.N.@.{...L.u..\>.... Uai.*..@..=..h..w.....\vW.r..0.....k....*..w......B..R"Q....f.Sp.S}....hc.......F..3......PZ....w..{!LWu..W4-..i....v5..w...Z.4.=..vI6..........8D."....;T......p...$(..1.J....W.h...nx-.9..M......Q..T.7...j.k.:.R..H...6.:.L.D.x...].{.I1....<T`a.>..H..;..l..t.....HcW.w..0.....k....3..g......P..C%M....a.]b.@r....mp........./..!.j.w.Jk...(.Xl.....%N......*@|?..{......H...ow..p.`.*#...}.&".n......P..<..:....M/.4u=.0&..j...._s1D6K...0u..}.0..4....c.s.yP.[..*q0)...L.....zci.)W...A.B.N.X...6jz.....E...?...{4!...*.z....HfB.j.{.....0.....z....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.8292175958426204
                                            Encrypted:false
                                            SSDEEP:24:UEz5CbcZ5Jn3ZeN8rh8TWYXQMlcNYS4uiMESy/RLDfn:UeJ5mKrh0XQMe+S4Gjy/hDfn
                                            MD5:DE3990CD9B79EBF0CE9CB5AC44E2BA3E
                                            SHA1:CA36D9361585BA1F0EF74CCF6EE85A05C5FE2E53
                                            SHA-256:6BB3F849762CC0DA2D2A579E401E51F9D30B1C18AE6DE03D45CD38E346832367
                                            SHA-512:D1B03716050208241D6B6BF828191FED4399E4F6EE044CBAFB6311982D9A5CB94768D0D0C9DCD26FD2F2A770A4206F25B5E70734290E3CBD73F08AE1472ED7B9
                                            Malicious:false
                                            Preview:f\....mXq.....Je.(..'.(..5....b.,#|zu..|..d..&S.........c.F..Y.........2`..d.F..l..h{.D(t:Z........^8........u.x1<g..:F........m.R.2Y.b.Y..I...pm....$9J!p...Oq#.B%..,...#:f.J["..i..#.......z....fb.8+Mlp5H...h.....I....f.].s..R...v.Z....[...#mu.{X....{@w.....Kg.1.. .5..9......1>btz..ul.j..9F.......n.@..[.........9u.}.T..o..kd.K+p%F.......K4......l.e6$y..0P.....+..l.......4.aO.f.cV~w2B...._....z...T..{ti2..S"I.....V+'_.4q.G..4.%.g..U]},\..X..Z.......3.......e....V~...O...yy.%.=l..$L..~S....:.qd..B...K$i.~....w..~X..#.Y.........h.Y..`.>-2..e...........b.}...<.?.g.....X..>..R.....5.[.M.:M+.'{..9..l........<.aW.`.cHug>K....@....r...B..xol)..M.[.....O9<T.1w.W..1.4.u..N^z C..J..^......(.......m....Hp...N.....sn.3...../....9..l.'#..h.I{^....P...pB..2.=..5\c.F..#`.v<....{.......0......oZ.......f.....~=...8.Oo.......~TI..w^.0.....J....4.....v.|$..uA..J..C..]f]..=......m...).<.#...L..M.;.}i4d...C6.9m.4..a.\W.Vs..........O_.iy..:..Js
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.804365458227505
                                            Encrypted:false
                                            SSDEEP:24:53eNQ8RA9bs9hG0pCNOHG5EMGnxQBkjaBJJWUlNpBuLLDfn:VeN0Wk4HnnxEkePYUePDfn
                                            MD5:D95072115E3970F87107C41A514CFEA6
                                            SHA1:974B5F57D031921780D46C28A38A61202EED957B
                                            SHA-256:2CC32F524DBEF855CB8782B862350C2BD5F5DFE1FAFC928AF24F9A3F9B9E62A9
                                            SHA-512:3B29F2F34679A76384EB03FF778099583A143780C900EDE7AFF88749DAA500C620AAECB54C17E9C93C2E2FB7BB74C6A933A78EDCB167FC119F3B28D7E093C3D0
                                            Malicious:false
                                            Preview:...v.#......K...R.>n....~.$.yAV(Yk..i=rdC..z...*.)Q*..{...U.Af.m..^G....O)l..;....c.x7...MD.:OS...........v-h......)....{n.......*|...7.....4... .4..[...c..6........M...w.E....yT.\.).n.1`..~U`........u...e+....a.]./g.8,..`|..}{bzL&....x.GQD...s.).....I...S.:x....g.0.uNX2Av..s)in^.u...&. W3..a...X.\d.l..WT....M5v..1....d.m/...NJ.-HB......d...a+z....2....rj.........._ri.A.QG/.~8.|.x.MYp.pu#..[..@)%....'.`..!.,......J.9d.._......9o..H..Gd..CO..U5B.....m...!...]t|..k.u..'.lY..[d6..2v..d.!.tr.D...._.K....%..xV...y ....a&d=....u..<0....7u..{ .......^.m.WM..\d.H/..z..+ms..&P1dQ.....adU.'.a.A.4.].5.........Qvw.T.UB>.z2.b.w.UTt.qj3..P..]7#7...%.g..#.2......T.'g..K......(l..U..Yi..I[..]?].....m....,...Ofx.g.{..;.kN..UI.usht..%o\V.Z<.....G...N......9<m..K^*PE.h@i2.7a.}..pb.....{..\Jb..-............0.........Pe......._.K....w..l=C.9.../...`.)....B...a....9.,....5..^......@...1.v.-n.rd..Q..\..[....V..._....X...................VZv..H..b
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.866915796138977
                                            Encrypted:false
                                            SSDEEP:24:TEvusXaigKO6YBDbQHL/xp30BF25Nu3ZcZIeILDfn:YvxlPXYGHLP3CFqcZcu5Dfn
                                            MD5:74AF969C3158E96E007F9BF2CE758229
                                            SHA1:0976A79A4CA0FA951A6583B5912802C16ECAB3C5
                                            SHA-256:7385BAE13BFACA635D407012188CDC39D45067577E008E91D36A8DD51020875F
                                            SHA-512:3C600579AD0102E2D047F6937C6DF9FE79EDE545D5763D34C1786A71E961C61B7A4595DFE106205D02C52086C7C25EAA3ED1BB8A713CA633B118CACD8BE72997
                                            Malicious:false
                                            Preview:.'...r&.M..#IY....-.....U.~.}.>...a.1c{.7n;......E....u..7..v8'..........=...>.............-.".5.*......U..t&7.....wIM..,..K"~.h.I.C......`3....&...Jn\.......7.z..YI.t....c.n...5..Xp>....yB.Ku4..t...JW..=[>b..%Oe....o_....Z.%..]@..z.B.h.......3...x&.A..#BX....-.....Q.r.r.....x.%}s.>o-......A....d..-..v'9..-......;...&..............:.?.=.....?N"..w<2......|NB..(:.6.S...s|..[...x9JS..o.......'>.(.Z[D..h+$....\.=P....i..Mk.:b..V...\$...wC...v....E]<u..|69..t)...5.ISE.........<......../...._.Qr..2.......}.\..E|}VO.N..6J..=...K.DIt.E.=.?Q.2i.....e..[/+.B...=.?.....R..@9......W..."p./......1a:thns.M..4...-.0.B...xy..Y...m$YR..~.......7#.*.X[Z.w*$....L.8O....s..Xj.'w..D...T?...iF...t1...WA1{..o-/..b5...!.WBN.........=........>....:....P....sJ.x.2f.'Z~....F...t.d..C.|.,7.h......U....F.d.R.`....FD..j.. .Y.x.b.<....i.9u.....+.N...>....D>...f@Bw...BZ;"..."..8=....v......[j...]p...$.J..*...%`,...)...JW..0..?8y......K.v.I...#.%...Y..~N..;...qm..G..5
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.849317909252231
                                            Encrypted:false
                                            SSDEEP:24:k/6GtJW5IJHH2rXkpKH3BCJ0PBDGQ4uW4GQLhoWao1BCfWqmLDfn:k/Gmn2EJmRd+AdrfqEDfn
                                            MD5:947DA3D6A6FDEE3148EEF3B8CBCCA3D9
                                            SHA1:26BCC5980BFA9BD4612AE0AE218662CD9E3A3750
                                            SHA-256:DBB3D33A42BAF938529BF09D2A7C2F501D55440E85A031595C9AB2A636637410
                                            SHA-512:633F26E24EE6AD95B92E13F90EC8100430641ED64D788588006403C97E2025775D29F21E987984BB9646BD68AD160F26D8C778A1C016C68348CFD9659D943D2C
                                            Malicious:false
                                            Preview:-..D3j...-/..{...6..R...j..t$..Ll...Z.m..m.t..N..b..cg'{.Z..t'......<..ME?7P.,L....u.h.........._].....q~.6..{.-r?..Zf[y..g..........i.......ir.\Gp..'../oe.. .w.~.5.nL".m..&..*L.I.......g............D.I...).R.e.ii.....ot.d.T.9y..$.O9.|...L.G+"o2..P;z.../ ..q...0..E..i..t3..Jq...S.n..s.c..^...i.)kx7{.M..a4......$..BI68K.6Q....z.s..........HC.....cv.'..u.4g<..ZvZe..N..a...v...xR.....u.z.xP..{n$.-*5.7....|..B....r.rl.0t.WS..S./N....cW.2....i..Xp..4e.....6.<.!..&... .uN..=l|x.+.I>c....DD\........e^..8~cV.N.....p....NSO..>.....`.k..m=..C.<..mC...Z..,....#o....c.rQ..=.:....}....../ ..Xl..i...__}...0.F.l......8.A..j.;.p...gU.......v.j.mJ.ty6.*17.)....r..K....d.gx.=|.C[{.\.*@....cE.9...x..Es..<b....i0.*.>..&..;.z@..2jsl.1.A-l....P[5&..[W..7.[.E..x.f..'.....S=."N..y.pH.6..../h........P..K..C}_G.Ze.L.W......6.~j.....X.E....A.....].3..%jf+qcC...m.....x..1..T.[3.NH...]...Z.......t.....s.Tu...wL.*.....t.`C..............3L...v.W.X;<t2?`..Q.|.......7.M..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.823683194745517
                                            Encrypted:false
                                            SSDEEP:24:H7+c75tb5ZAwexyNxVlNmvzDongoWMg/S4ThLxcrgp4LDfn:HZ7Lb5ayiDonrFg/Jh2MyDfn
                                            MD5:F420E9EC911844D30E9A69867BCF73FF
                                            SHA1:970E97891CA4137B4D5F501E4113C63C69BB605D
                                            SHA-256:9E9BD9D6809B3CFD4BCB027480FA44D4AA9D3785C5A1C810EDA768D9BE37D72E
                                            SHA-512:246589EB6773AA7DF073FC0E86B3DF262A7FFAAE315ED18610377B17C26EBE15D93383178E57BFE138348BAAF68DF39B3E5EA9B071938B38FB67273A1511FD70
                                            Malicious:false
                                            Preview:1.hRb..3d.# (...a~.....o..[...G.........ZpbZr....".J..<9_Rb...)./.......LE.;...q.W^$../..)..e...A.....+.R...C]G....<.d.1m....._....l.\....@`?/...b.<~$..9.aK.V..IqL.O........[....zQM.....2....p...y.=h..N..e.#hg.A....^....a.B.p.....E......[.;..._.,.cXs..5h.0 #...h~.....k..U...B....a....Lt.Dp....$.H..<5_M|...<.*.......L\.)....k.SE:..*..(..o...@.....0.B...F@X...t;.c.>i....$.8'x....=.(.s..[..+..g.....98...H`....w`.tw....X.0..O..JH.92.J...H....rz$xN=..G..f.p..+.....r...<...~...]s....bA.'..PR.*.-..G...@\.V.4..8.._.]...:.,..q.....y...K...-.qEr.i..v.{.@5...2y.c.C"eM....a`..~..D.~........Bv.4.7....<...s....F.<.6..X.........2..0p....$.2.f..Z..:..z.....$;...H~....xk.xg....L.).._..\U.!..@...S....w`!iL"..R..k.o..0.....f..."...d...[r....e\.,..QT.!\:.]..U.{x-.+.%.............;U(v.I.,...>@.$..[1.k.t}(D6...&..H.m..v).........^....e..M\...D9..."....`...pg..x2wo.#zJv..s~.....)....^W5...(,.pa..8j.9.......).v<m..@.sL.v.[.MO8..e.-.._.`]/.L.Y.2..h\TV.H.c.....3.....]...R
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.855278891207595
                                            Encrypted:false
                                            SSDEEP:24:8lHVjpMAa/sGGf4+Fy5TrFEz6yeCFCfOV9tLDfn:OdoE4+FfeCFCfOVjDfn
                                            MD5:227B37284CF285180ADF371910B5A468
                                            SHA1:272F3D1EFB41090D654DE82F35C85925491367C7
                                            SHA-256:855404BFE93D8D6E5E62C51BCA3E5609F5349EF5B487F083366E1D366B213B9F
                                            SHA-512:81B98BB3D86DED1338402DCCB0924E8476363D1DB5D7226528CD5BFEC31B7B79C696DDEFF1B37C77E7980608CCBEDED69D8854BF5CCFEF03EB10FA334AB7E761
                                            Malicious:false
                                            Preview:...}...X<w..._....Y=...z...'....L.#C?.N....:]..@....s..2....%g.+X4Vb....K|...m...u....A....I...Y..h..\..W:W...l.e.....4u.....5V .u.V..7....j.~s(....u..;*..T....^...US+&,...,....b......$......"...p....+..w...!5....4.......o.Q.l...E.@.....E.......w...^0~...^....^%...~....(....U.7]7..O....8G..U....q..2....1b.>\1Lc....M}...d...o....L.../Q...N..}..M..G>T..3s.c.....1z....*fT./.K...I...K..NN.8..V.......u...t...b.V.T_...D...k.2.q.P.u.a|..y.Q........)...^...[..Y..,.<! .........9..&...B.|cI....H.g.....G..oY.';.fa.&...M..i...[#.......L..;...d..,..y.f.....*.QN..vI../....)..z.w.._.~.e... .`&.0Qn..^K:.n.........<wB.'.N...E...V..J_.%..[.......w...z...e.].XO...O...n.'.g.E.i.k{..b.Y........ ...S...@....Ek.8."0+.........*../...C.m.r.v..6G.$......D89;.\.1.3.5K.V....B.Ech......B.D$....w..r.<b.29g..>./x.4...."..SL.....7....j.$J....!......+..yf'.0.....u5.9..=x..j...g..`+...bss)7.j.....G....*..../p.:.lL.y....%......|S..+..)R....M.(..f(.{ylA'..a..A.v[
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.833288916211991
                                            Encrypted:false
                                            SSDEEP:24:gENkY5Oa4vfb/28TI6eSziuS/qOVVsHaWinLDfn:gkrKXTIEZaLvLDfn
                                            MD5:9E7D8859FE1592414A23ED10B36DD5CC
                                            SHA1:18DD4834AFF8788EF4EF9276052D128AE4D2BD1E
                                            SHA-256:F40885E690B84270370B6859553AC4A1D2057D645A21404A50DB41C61B55CDD2
                                            SHA-512:35AD98CD24CF899EFB9866F2AFDEED18378A9235EECCEA06B46ADC8F5830827157E95B3823DD34EB4D9C987776E737C781D49B374833203DFCBDE337994B1094
                                            Malicious:false
                                            Preview:x..0Qb.B....s4.......@...j...r..6D.^.....X.t..._.D..)...E......^..X....`...KX..`.X.....r.,.w*.P..1@.n.z.l........@'......E..,3O.G..R.g?.ce.R..a. ..H{.F.v/......wq..Y>&.>R.FG.o....=./...NN...fwl"@.d.>3 _..%.@......f.u..P.H.[.+...wA.c&.If..m..6Ii.R..<cc:.....D...q...r.. D.U...._.l...@.N....4..._......L..[....h...]\..r.E.....|.".j3.V.."L.t.b.l........I6.......`.Q1..f........q.q..d.."u.....f...._f.A.J.*%.B:Pn:Gp1... tQ....j.cuk.t.....;.u....O.R..........Ed. .h.y......?.m..|).$18.....6p..'...X..w_......pM.....]Tb..h.rx.j.B[..-e.....Pa.b.BDW..3.......I.Dl)6.....*ZM...R.W...J...I.../.q...T/.TC.JI`...*f.q....b.V;..a........z.x..e..2y.....}...._m.J.S.",.B1Qh#Wo....,`I..f.iw`.b.....3.t....R.Y......1...Nn.,.}.t......?.`..`1.=*2......2....A..X./..h....s.%....K<..W5...'b.G0.6.x....(..;..&.QI...c..JB.$.....M.s.*c...d1..a...dw.......c..;:.|.T|.OUX._........../..%.@..^.wc.OB1I...<....2..y.....K.N.z.1.z..(......bE......{.....,.d..~..._7.r.......h!....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.8493595601737445
                                            Encrypted:false
                                            SSDEEP:24:d6rrWewVjAmkmNRLOC/BjiVCKNDEjWncyfr943So+pclLDfn:urWfA6PiCpGVCK2yDp439+2Dfn
                                            MD5:78746B3F0642D35028BA2F47523E3249
                                            SHA1:CE84D5762EC52F46C9AA1A4083333FA82F03EFF1
                                            SHA-256:4EAC429842FE5F281B242781ACF2B39C8543FE3E8FD139013C295C323242C888
                                            SHA-512:D26EE769BB6381DAF0B97883D51DADC8856CF18792BB69E5DDEF31BF22F1F381B0BE685BD48342552FA7F97901915FCF7982743C06B4CD3D982F5B316EC7CD5D
                                            Malicious:false
                                            Preview:'....z..K.....I.^V.Z!cwS7..._u...#..Q..P......6.E..ID-.....@.yY...>.,fo...u."..O...v...Q:b.=..Ja!.b...{n!iF.T..~...I...%x...o..*.....S.I....g>rX.... c\3.j.....zG.w.z..z.Nn).B../...`@.%..6;NS.}*.C..&A...s........Mfl...X/..g...g.a...D=.C.....^./%....d..F......@.^P.X;edD'._h...4..Z.M......;.U..SN:.....^.hQ..%.&j{...l.8..S..h...J-~.7..Cx&.b...dp9xD.A..y...S...8.`...f..D..l..d..((b"c(z.M*.......2.k...._..0.........E.\..e..4.....!...D.......}n.J.y..B..........h.4~."jDI....4.U..v.. .K.@.<.G.M(... #[...Ye...A<y.m.{.j..|m.D.R.,...@.ma5jW....s!bB.9...Dk..NG.....".;.q...<U......'..E.j..z..!....x.:......x...|..I...i..i..&+k6c>z.X9.......6.~....J..1...~....1K.P..b..#.......!...K........}m.N.s..A..>.......~.+~.&wPP....1.F..g.....0.%.].....'..E....O..h.@a.1.xC.......X...{...K.KF...ba....;5..;...<I..4.7~~...8rP......3...i.+L..Q.>A.x..{..|,..N.P;..#.e... .R.O"=.....N..S...*..o.......uL>.4...mv....(....-....i.......4.g...............e.V...@.o...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.836987651082244
                                            Encrypted:false
                                            SSDEEP:24:YUnQkcajhxV9p6cIBeSm9GbJoKLGIN6d+AcADwuLDfn:xQeXV9vIcSPbJoKPN6d+7AHDfn
                                            MD5:29F9C0621AE7392902BD356067C35E91
                                            SHA1:8CFDBCF386ABB5E9BBF3F32C6D6898943B2182B4
                                            SHA-256:79786A70FD984B30C827A46F394E9D9034E2CFCABC7A416A24E36DD831894A3E
                                            SHA-512:1C8095B496EF793EB8002C816451FDB62B8E69549DB00B4D863A59F7D7603859DFABDE3B41288281921CC37B60678DAF426395E2642A56BF595B60BD5A052897
                                            Malicious:false
                                            Preview:..,..(qG....s...<..zG...?.WRh....G..3+.Q.C@{ )....B...QH.K..;...y....z.......7.<`.=...d..~........*m........l_..|.C}..*..*o...O..^.....z\Krd.p..G.@*.L.......6YX...40...7CYGT..:L.q.B...~.`..f..B.p....E[.-....Z.]....N[......h....VFu.=8..f.|0|Ep[...#..)eI....v...;..|V...9.TJc....B..&-.Z.HWm$+....Y..[_.G..;...t....j.......;.;o.+...h...........'w..{.....mV..s.Xa..!..2ou..v.c\^.W.6G...?*:.n...8w..J...._...k......~L.....3.m(.s...cV......#.......,.d....].w0+...T*.}..1.'.$a.J.9.ZX............m.*.E.]+.........vq...m....\<t....,.;.<.~....$.....a, ...1.;.T.-..i.>...:a..!..2[..)..u;.....4...$wM.$..|i..B50.~.P..~...v.{TT%@.(D...6&).w...$b..@....V...}......yD...+.x1.}...zB......#......1.j....D.t:8...Z>.z..3./.'b.K.*.@_............dV...].......f.JW.!.2@..0.#. ..3....!..s..^...~:?9:.|9c3j.._..E.Z[.NX....P.w.Q(..X..Sw]i#.}....._....9..Y...mIMU......rY...{.m..B.../..-......8.7X...#x>.h-.;...\..E#.]w.p..(~W.........K`.Qw.0... .....qPQ....}Ik..8.....Q
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.8573154242647725
                                            Encrypted:false
                                            SSDEEP:24:NCYa4pvcF/tCSA0gpbqEhW/VXj6+a0ORh8+oNTrXzXtLDfn:NRas0/k0uFhmz6+a0ORy+2rDXtDfn
                                            MD5:788D547FEBD629AAF6AB50CA3F692561
                                            SHA1:74332F0245DE208CFB668239CBC2E8E3996131D7
                                            SHA-256:E63569C5107167AD63522A1B5D1E3384C22DFA1837C028B81E7D07567136D8CC
                                            SHA-512:FF6744F5CC62D921DECF6DFA8598DDBC7D1908F45CEC5689075A0706FF6583CDE7F3B19B0FD241DB7DBFABC87E8346B510A9A777461CB92A02253F2EF6BD43F0
                                            Malicious:false
                                            Preview:.|..Q..h.TBG....qq.....O..r:...gg.a(...X.........MY.......?zt.'.1....O.Z.YF.~k...F...u;..sK.."t%.5.L..x.~K..+N....v.X.HDF.Hf"..y....X.sLFb...D.-..M....L1.....b..-l_P?.........5..9..p...~f..U|JU....a..........u=..y..FY..]......h.O_...y.w..P..w.[BT....`......D..y....`f......I..........WF.......1~u.2.,....Z.R.LW.el...O...}5..}J..*i .<.W..~.pI..+Y....i.R...`.@...e.d..x..-....=.'.JQ..._.f.C....5<.7C...6)q......-.,.....r.........pp.3U..Q...vS..n.....t.4....In`#...}...J..........(..@..M..~kzOY.._.&....|... Ut.o"...%.....3`.o.q.ng4...e...8..*Fo.J.$1;.).Qf...j...3.q....wQO....!~...C.f{.]0Z...E(Z=..}.\..s.C...e.d..}..=....".9.MF...L.z.P.... 1.&^...''w......9.$....a.........ts.5I..T...vI.e.......(...2Xwf'...m...].........N...._..QRg.!N2...f..d.o.2..w......3...!sK...GK*.QO...M ..I.0......a..G&,.K...b...,...M.Yj.n.n....<4...0...G2^.Z.R.la..B...;Ir.!/..r...4...BO.y2.yx.......d`3..L....xO..D.......!.~&..k&...7.......R..mQ..p.....I.E7~.m\@....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.837101119041575
                                            Encrypted:false
                                            SSDEEP:24:ty3rvZnd3w/iqzK33KK0jNIdBd5E4UaeYrh2zRsE2Rba0mWPFw3Chm4gGDixLDfn:MLZT93avji4oNMc3mUDMDfn
                                            MD5:0302752222295534467EC940A3494BEB
                                            SHA1:7D69061ED3711BDF6F995CBF31E3098B692FC60F
                                            SHA-256:3B46B730F4DACD8F5E5814CED09C7CB4E0230F5CB398666012A41DCDBC1BC8D3
                                            SHA-512:334ABE53E6BBBF5B51B1406456AF83FD2950778DDA3556C76F950E6F908FF6861D37B1518E5AF21026A83204D68305D5FC99098B9341718EB6BC5AF5E399AE22
                                            Malicious:false
                                            Preview:CN.T.5...o,k.Z.....N..6.>.n.5B-m..s...F...#.C&.!u.agI....G..\.7....p..[..xT.X.HR...k.E."..gh.....>X.....(.&.3....=.........w...hpfo}..vhT.C.%.o.9.u....z9K.hjBV^.X`]!.......6.......!l.Y....N.d..^oP..mlYY...g..0.t....."X...6G.....O.../sQ-6.O.b[a...^Z.^.?...f?k.[...I.4.:.b.:M=h..j...K...'.]$.%q.lrO....G..C.#....u..Z..|R.X.P@...j.Q.9..qm.....4O.....3.=.#....!.........sn.r.]$...D...0...:"%.....GF-...L.=6....-\..._....YC...$.9..*(...C....j[.?!A......T.F.[.......N..._...p!S...9..&E..x.."%.!...*..{4..n.b.E.e.R.c.0b.K.\1.T.".}..@......8n.q.. ..8........3...r.S.N.....G...@8.."...Gt.'.V.X5.e......S..s=..m..-(..y.~.K5..O...2.../?6.....Z[#.....O.&4....2]...T....FH.....4.8..24...]....t^.:0C......Y.Y.H.......^...A...j(\...:..!X..u..$4.k`.O...%.[!^`.@U-.Ae............8g. .lj.t.,..J........N...Z.gR..|.U.SOc.21.....V.,q .G...O&.04....|......'..g}...:..g....b0...N..O.r..dx...F.~.....+.1.~...3..f.1...%r~l......y......+.~I..n..5...R..`.....u.'. ....;..h.N)
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.842417920574938
                                            Encrypted:false
                                            SSDEEP:24:XUsrwE54nmQyTsuZ83tDFWHOt0fzoW3B/mwTheaJeZHeGcQ3LDfn:3rwZnmQCsuIhW00fzoWswTheH9eI7Dfn
                                            MD5:BFC807C9C062D35E69808B3AEEB9F958
                                            SHA1:71633C99ABCE1F3D59F2C16B1392ACC9CF67F9E6
                                            SHA-256:C95B604848C97288E49DD435204E9DDD7E3B1182197A3635116F4A3C6CB94494
                                            SHA-512:989DC956ED35A19062344B5DD2E2A950CD474AAF8AA4DEC331FE12FC8C546EE40C0D6BF178D10298CF5FDC9B09528D7AD52F874FA90CB5E6C3942EFD0339CB3A
                                            Malicious:false
                                            Preview:|...9.^.=."..._.G....l%..5y......V.....2..B.V.?k.....?'....a.l.nv.2Y`r....W.0..60.d....b.e.kp..+Y1c.G....r.z...z..R..$...n......UFaQY..&.........5h.a..a.......p.M...\.%.P.#sfsSx........O!v'J/.R....p.....:..{..Y......._....V6....'KR...Q...I.Z....e...9.^.-. ...P.J....k&..6}......M...../...._.K.,f.....=4......h.v.. Dv`....@.0...0*.t....g.n.k|..5[<f.S..i.u...u.?@..&.8.y.....}..{....|\..ik.Do"Z.0.g.....'`.*Q<.t.F......w.+u..\..W1....".Z...M.d_e.........v..F8....D...3!..}..s..+...t.\"%...ip...Jly.\.......y...eD.V.I.zk..m....{.../.....,.....P..s>....../U+...Y..B.a$...D@R.h..$=...[Z.P...K.2.E...E..f.h....\.{......o..{....|@..u|.F. W.".u.....4{.<P%.|.Z......s./h..]..B-.... .\...\.}Hv....in....q..Q;....M...2 ..g...k...$...z._;&...e...W...E:.Ne$....F?...<{...".....c....S]..(...t.....F..|.*u.v...c.v..Y.e4.9.(c.BkV.....d....1.....j.Q...?....YTw.R.E.6F.&..k.p6Nf....>.p\....h.....`..>~u.3s'...B..I....b0.!S.....0.E.-(...(.v....,8.....98^...x..p.!...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.842604171620237
                                            Encrypted:false
                                            SSDEEP:24:IrHL12lqMz2XdRBSjBbwF2Z8Pn51gvCzhIQ0eUw0m241zfv2LDfn:In12lqMzoRBYZ8PnjgvCzhILeUJmR6Df
                                            MD5:FB1F7C2664BADEB797E9ED71D63ABF20
                                            SHA1:171AA830F0AF72D14849118859D9D0D16CE67E7B
                                            SHA-256:85C3E2B7A7358473618CED41EACB045D470B5C9861EB6272B46BFBA36937B964
                                            SHA-512:176D763741FF03761797A337F44FA70D6CF2C87011FCC35A1B65A38E932F174440B36140291B92114D62F57F0EC1A694F2F87BC9004279DBCF1C5E4AA03611C9
                                            Malicious:false
                                            Preview:.>..r`.d..|#..ow.".p..g....$3...|...d...S.#{=D8Y.....B.I../.?..j...$r.......S.R...I..M_....}.g...b....]B`..|......?.+.U[....F..+_.D',..w./oSJ.=e?x...O..)....0.......sV.........>^....Xv.x_...EWrj..L....6Dp..`.!..".!.0<.......yz0!..$U&w.S.ov....=.S.1..bb.d..c$..op.<.x..h....:%...g...g...D.:k3\7R....B.^..>.,..t...4j.......I.C...F..WV....u.j...d....XPh..r......9...*.SZ..^...DcH-D../%?.="z..ev..X.1./+e...Gl...O.A..CG.........M...wh=...C.J......<s..?)./.eV...t$.o.G..MA......S....P.n$.....CO.\.\.A.....#.....O..U912..v.Af~w.u ..E..l..............O......DW........ZA.XL.B...H...^.......@..>L..E#.......u.E"....b'H6..Y...QpN.V..()>.?;f..fg..M.'. <w...Ej...T.O..JQ.........@....l%...M.F.......q..36.,.p^...}?.i.Q..[N......]..._.|>.....RW.H....N..=BcN.o..z.B.......Sl^.s.3*#K]..@ /....F...U%..a..t.?20...*../.UH..;.....YV.f.>.nXD..z...x...U..)..a.x.._{)..*...<.....eX.Z.KQ...KFP.....#......j...J;...$.r...c.S.....M{.......... U..-.@..h....>..!"8..%......w..L.:Z
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.84945803640057
                                            Encrypted:false
                                            SSDEEP:24:bRPJxI7KPlmEdblp+PuxwitpBCfoh7c98VDZcYaFSBwhvP01fp+lfJoVLDfn:bRPJfPlXxdGitnCUdmM+M2fmVDfn
                                            MD5:815ADFA748CAB1553D57C2C64782F5D9
                                            SHA1:68CE85D473A485CE97B13DC4F7ED000D85184B76
                                            SHA-256:B927DF627361402E22B3E832EDB967241B7475847005626037CB6DF411C0CB26
                                            SHA-512:864F0A3CD633434916AA62B3BD5D402373BB9244464AD3D3DB5BCA52427F9D47444A2E2A90C9B7E78CF1E414BDEF1A2C28BD77288FFD2E639A6C8941BE0802FE
                                            Malicious:false
                                            Preview:E..5..Ysyg..8..-..t......{...'".B.$.B)E......h..]....|......Q/....$....L>..z0*.r.......L..Z....*sO......\O..B.............@..h...%..@.z.@..i..[...Q..hv..%W...n...................9;..-.<.S...(.;.jo....yZ.D..,A.1.Z.n...vO.%.G^..D.q7....;c..)f...Z..!..[gbg..'..4..r......t...'5.T.4.^ Y......q..E....t1.....R>....:....T/..v9%.k.......R..S...."dB......[K..J.............A..t=..D..?.6..#...|....:f3!.....u.....04....J..W..%.<.g..o..[..;.U._e..T....tg....PRd....L.39u..^..`...D.....>9..a0...F..(..T.$^...C.`........Iy.R..I.._./..+...NF..?.2d..Ei..d....l.u...i7.D..$..M. .f.DO...+Eqq.H...+..QG0..z...' ........%p.~..w.9.5.7.s2..W..9.$../...e....+v$4.....g.)....?....L..A..4.*.r..b.O..#.S.Qy.W....eu....OOg....J.(/s..W..o..._.....1?..s*...I..0..K.wr.....o.!...E..6..M.M.p46.s....P...n...8$...J.p......./.....q.H..^w6H...X(c..`xV....5...0..|.....+.i.;PH..s3<.+....*.........T.......k..9P..3H-....<...".PWu.{.....'..........N...~....8|....q-.....i.u5.2.... ....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.810062517447478
                                            Encrypted:false
                                            SSDEEP:24:Km19G6ywQGk22JUT2W0W/fAkC1rWtRpKQUrV4ZMTWctLRaPzRMLLDfn:9U1UkzUaWRPxtSfrzMz4Dfn
                                            MD5:E3C8A9F116F89B5862D3C311040CEC26
                                            SHA1:E0CB1CDE161F08FE9A48646F41667DF48794691F
                                            SHA-256:7BA6E4124D23F48F4EDB9B321ACE62A9023716E5E3E94B6F92443340432B58C2
                                            SHA-512:1F866973838304BE6ADD7B1351FA1FCC77444825CADC41D073257CEF8A5813550894B892724B87AC1AFDC410BB4729046428EF8BA5499F0EBCA00737A5D2A3CF
                                            Malicious:false
                                            Preview:..[.......d.."..J..+6..qv3...?......@...P..j.pj+./..qU$...........4/WWE.B.%k.._W..PU.$..W7..X..._....!......`..!h..x....WO..]....>..#..1.....t....s^.bX?.=...U..,$.....e..ix.dd:..O.]....S..-....;.j..%....+...O..`.;......7^...4...X.Gd_.-..O...}...P.......a..(..J..:$..w}0...5......F...[..n.ic".4..u_3......x....$(WGJ.K.?{..XX..JK.(...V6..W.....E....3......e..9s..{...i........j...tp...QW.pP=......Y...m..Eu/..[k....Q.cZ).;t..M.I....!3..`.4........~R..0.s..!t...$.2E..&..".J.......d.q...<....;Y..Z.]...I..Y...w..,.'&-..._L.q7..b...b..T.3....,v.`...H......w../.Y9`....[....k.... .~..$v.. .^.W.x......L..8....h.....e.x.......w`...js...X[.`I-......S...k..\t9..Lo....Y.fX4.#~..[.\....52..z.<.......`N..3.b..=m.|.+.:K..!.. .B.......~.d..."......A..0fd....p.Y!.1=.c...V..g.V.V.X=do.......*V\...52...._.}mm..|v#.}v..P..3$..]...*.L....vy.....|oN.....+,tZpq..!Z...IC..v..,.e_..X....!~Z1$.^..(.1`|......F...../...a..VL.n...N=.P..........,n.C..9c3.;..w.&..aq...{.t!.?"L..0..Z.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.842053748668776
                                            Encrypted:false
                                            SSDEEP:24:Pw4rbWPpq9VvcfJIbqX86mSmKML8rwswfRqZfCGCXTejlXpUXStLDfn:IUbh96IQm8E80swYYe56itDfn
                                            MD5:5584A37C5D7C267650FC7EA545F1B272
                                            SHA1:153EEBFD4939F2CB99978729ED32B54BC95CA6A7
                                            SHA-256:D5854142DFAE3F252720909D580755098ECF5A2DACEB6B2290C0668402769E12
                                            SHA-512:4734B47617AF664418CF5E79CDD750267D1E11C26D011188B64C381208EBD09BFFAD0493081C86950AFAF50640AF18027EB89AEE651128D8A72376704C131C45
                                            Malicious:false
                                            Preview:.G. .X........s...I..i1C...:.......?1.n..8......&.m ....Q%.w.L....&.C...\.4../(...k%7......L/D...Okr......Q...#..iP.9'.,.&|...c64....."....D../.9.5......4...l.r....K...?.Y..R.[c....".s..,r..._..-....r....vEk..~j..E.......#.)m$.5.=Q....L.,.@......n...D...b1F...".......0 .t.."........4.w+...._!.t.T....".]...M./..<+...c+!......Q*D...Tzq......F...<..cQ..L..@e.[.g.D_...m.V..............s7BM.ZL...:..7.......w#o..>.}I|.5t8............2............B.~.PQ..SO. .....oN...nJr....9L...........K..0.@...Gm.h%...)..P.n...z....l....E...."L.z^.c...H.....C.K......Dbc......,...J;.......a..."94..`8......_..Zg.[.g.AZ...}.C...........t7L[.O].../..9.......<j../.nTx.4a-o..........3............\.a.L@..WJ.'.....gG...vUw.....a..>..>.L.!o...f...+6.A..-I-..6ij..:...W....]..J...?.......a..*#..$|@.h?]..nR..D&..a.V.h)I.2....nm.ur.y.x......z.& &..@..B V.q.y..d.U........H.'."I..T.;.3.D~.?[#y..GI.B.88....8,."V........d.hEqi..gLL.1"..l..."....iu..&Z..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:PDP-11 UNIX/RT ldp
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.83108811833729
                                            Encrypted:false
                                            SSDEEP:24:JHfVqd5a0DeP30UstzhtiaJhmwxaTI0tXfNHJknA9Cq/LDfn:JH9qdo0DeMUs9htiaDmp0QXfMnA9CqDj
                                            MD5:F72973640F8FFCCADE7DD56C5D1F40D3
                                            SHA1:E0D3674F602D5D01364DE7DE334098D3C6B32A10
                                            SHA-256:BF5D7319944C73DE0BAB282ACA2226D687EF28D259F94A0BB5A0765242E6BE7B
                                            SHA-512:5BB7A50B51FA7DC3FAA78BFEE414410F78952AE4E25D5E05E749905BC01CEB18E54051F9B8830384D966F53F58C42D34260678EFBEE79611EED361D2669BF817
                                            Malicious:false
                                            Preview:...._6^.q.....F...wi...K..e...G..mt"..T.....z.r1{'.!..~6\V...w...S:.cA..+.&..pDb..r..(..o:V*.O........w........W...V9...l......4g.G....a48....~.`.2`\:D....w.9......].]..]..Z..,..{....Qij......-..%..U.........u.&u.......tA....E.}-.B.DM.~..[^<....D1H.w....R...nl...V..i..._..fi?..[.....t.u.n5.<..p3V[...}...G#?n].. .:..qVo..l..7..l>I6.X.........n...:....J...._3...|...=..=BW)`j]m..IW.6.*.>.u..U.]z..=....])]..P..a.......o..Wfs.ZK.Y.5....gH.~...q.zl....OW..S.Db..n.5C.....$Zu..\.....X.2....u.^........W%......l......+p@nj.@I...E.si...6.p"&.4.5.j.~f4..}#H...~E..{......n,..|....@.c.W....Kr.....x.U.?)....@C.{%.*D....-..0XM1qt\e..FW.-.*.5.y..@.^e..8....Y?K....K..i.......u..E}x._M.I.).....B.e...n.p~....[J..F.Ww..l.5B.....0Rk..O.....D.8...h.@PB...d.N..Y.3....:@....A....b8{_04...C.a.y..K...v.s.>....C.:HU.^,#..j..1Aqy...........~z`....[......y...E^J.G...MV.......3..$.OqUO...E!].....s.p.2.|....)..hj.....ou.......7i.=..4.3.$....N7O......2.^..|......W..S....!
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.849554018654934
                                            Encrypted:false
                                            SSDEEP:24:xp23ZJSByEN0l5vJboBYsfUxtxL6rbQU+ceVD5BTxaClES9Ddy5yLDfn:e3ZJ+xilRJMuLxtxGyVDLxaip9DdfDfn
                                            MD5:891210B3C70DCB3AD8DB352A2C9C90D9
                                            SHA1:1844BADBAF56F1778506A15EFECB78CC00E6129E
                                            SHA-256:067CE9470E7C9833400DE53C740ACE6DDB1AF692B2D2AFF032EB5DDABA3D3296
                                            SHA-512:6CFBD944ED1DC54CA340306041C0F1B06AEF0843064F48BADABC38EA2192AC25E5C7D511F665CB423AA9FA43E3F0100F25A7652A9EE27CCDB0FF7CB6BFB9E788
                                            Malicious:false
                                            Preview:.(..."$.I....L.......P.g./....O.B..Y....6..(.K....82.o.m.E....y:.......W.$..|%.gL..^V{?.|&......r4<.#,....e..DE.wM.^K.....E....H.f....^%.#."..u......j..s~k..N..\."....=v8.I3..t..Z........]q..$>....8.?..,.......zDR."hf.5....Y.?...i.,....#).n{:/.u.5... !.B...Y.......O.g.&....Y.T..J.z..<..,.E....2>..c.e.\....n*......[b*..l"..fS..@]}).q=......q&/./,....l..HI.wZ.EA....w*.; ..[/Z|].X2'.v.S.E.P>.;.^.........0.D..u.K..Z.c..Z~.^.o...{...mG....n..h.O....+...*...Y...j...[..s..".[.....m..a.I.+...5....H........_.....IP..\....3...5..O-.... +......AlG...........#..L..lg.D(.,..4..+b..-.?2..nxq/L9...,T...G..hP.&..-.# .Fs..^.k".#>..Q!A~C.\' .j.M.^.P%.;.J........<.]....B..R.|..[v.^.}...s...mW...~..{.N....,...,...E...k...]..n..#.Y....e..c.].=...7..!B.G.YZ8...B..a...p.....R&..r...q.dg.k.P.f4WM....Ic.e.V...JD]..4....8.).czb....\....}.....]MT.n..]..T.e.94.hOd@;M4{...)`.q.k7.-........o.........P.t..~jH.........6Af9....f.?*.+.Tu...(.-(jz.....6&]..M..6..)....(&E"...6H6..@"
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.855948196511989
                                            Encrypted:false
                                            SSDEEP:24:ygGgo/e7esi66H0qqJTnbhUZ74zPCGvNj3RAz7k9kUYFEuz0cfvkN+WBNBLDfn:y7GP6HQtG8z1vNdAa5W47pBNxDfn
                                            MD5:0CB3D8F484A05F19B052671A2D38FC61
                                            SHA1:D12039EF3DE0FCDBBD0F41D6CF3C367533F71576
                                            SHA-256:54C3852110FC723EDC570F78FE60B0DF4ECDE8C60A161B9EEBC4CABA1BC96B15
                                            SHA-512:F22AA06683C7EA63D8A0D0CDA3C3C261A392CF9ECF54CE8B0051AAC2697DFCC93924AD1127E76FBB3DD78928B895D744E6A227225C891E5610C9E5D81F0BC9D4
                                            Malicious:false
                                            Preview:g....bZ..oJXU...X.($..v...B(..H.u[...V]..X..AC..Q^...^E....V(......R."............~O!.q.....%c..2..|8;.tp..\._.~!...O{{.....+.....Kb&<.......)Z`./tQ..f....-u.1.J....6..o.q.O..B9@..t.^..t=X.G.E.j[..eTrG.L1..e.o..<l.........S!.Eu.e&.+.....G.x....rX..mEGR..._..:..l...Q(..^.hK...J^..F..GZ..IQ...AU....G=......T.:......f......`T;.t......1t..0..x=).aa..R.F.}'...Ng}..cL.....QV..Cx..;..<.....1.Js.m...\t.E.qm7Zfwl..q"..,.kZ...|.~.T.cM{./....,w../....Lnl.H......\..x...3@.....,!.`.F....3f..W..\...C0.W..7}.N...v..uNe.;.......A...../&...ed....f...D..{.C...;V.>C.w|~X..O~.q..6[Fk....].......3s.......!.....%....lK....WU..\...9..).....+.@|.....B..^.ud!Pjfp..d6..7.c^...y.b.X.c_k.5.... h..:....Euz.V......F..s...'O.....*).o.W....(..P.\....Y ...B..mz.^{.`.#.../..=.....?..b.W.3..E.,.f....Nf.P.8......DT....O.8n...p..f.+..rNe.....C.....cjWf...zS..v........dU.%..)..A....y?..R...+.X2x.q%.w....>I#.M...rF.....\...r!`>.....g,(ddt..~B.nP5.k..@.1.H.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.8364045396111575
                                            Encrypted:false
                                            SSDEEP:24:YeMpv/R0Ld0ypivafYDY5EfBRYDVWN5869yKmmbPRiZK489w6iYkumLDfn:YfY69aQbb8WN5LnwZKLiYkuEDfn
                                            MD5:D78FFD1D3594A3CE9319C94D314509CC
                                            SHA1:CC32B6F09DE48A5281B9799206ABC847EB0DFEE0
                                            SHA-256:CDE8B3C7008411944694B9F57736561323B668C5D346B16F47C6A364BA294A1D
                                            SHA-512:D3F8C03C2D265A5059A3722FB513D6AF6D7EBCFC4DE2ACD3196A36121AC43BBFB53AA3215E458AF8A0B409B6605C42DAF0768EB1DA8CAB694E35C0DF8C2F5B3A
                                            Malicious:false
                                            Preview:._N.dTu>.....M.E..<|~.h.HIk^.Ib....#$; }A...^...s..%D...r...>..7.....R.p...4.W....E.r...pM..k..v.....@.Q[3.&b..d}U$$H...j:D..a....q...x&A..d....@._........ MT..V&3...K`..g.ovPh?..uw..c\...:{.\/?.)..hZ....+q.b2.R..........C"..u.....R*..+.$...GW.dRy".....H.N.."k~.r.HZrR.Sb....8+"*lB..3]......"K...~...<..$.....L.t...<.T....L.f...nM...o..o.....O.MM;.(b..gyN:?B....Q/.. .x.....&. ..~0~..]...|IrHz..:..%.....Q..H(-.*...e.L..[BQK..A0.....\.@../..`....-G......g...vx...b..n{#..uv.....p....\.x.tIL..j7.&..(.q.F<...p..(.a.F..<?B.VO!X.."..50.L..8.~}]..H...=..|..].S..:.:2..#...o..........U...X.D>U.(.&..,g...G.m:...H9..0.q...../.2..{1b..U...pIcNj..#v.5.....A..D<'.<...p.B.`[VGC..C3.....V.R.1<..o....&\......f...si...x..ya>..p{.....c....I.%#.(.oI......a._.....$ ...Q...4}.o=_..'>..^.T.>..'....v|...F<......'TN.{...:...>Qy..y...V.C....n.8..ey.....T*P..RWR....a.0-...X..v....V..WA...<e.OK..uU...Ot..g$$..r}4V..H.P.....;.@.pv.......$c.d.b.......0*F.D..[..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.846018585245101
                                            Encrypted:false
                                            SSDEEP:24:/d5llJnkBfxwR8gqcsquvqetP4/hQEwvc2eDLVqIzZb60BcU5YhLLDfn:FnfkB5wSzpqetg5JwvGWThPDfn
                                            MD5:896CEF23F95DEA06D63E7A5004130A60
                                            SHA1:E5A34575CB10C2464B59BD2ADF7862E4A0532473
                                            SHA-256:B1C47AE821DFE16B3A6BE94E0F0ED34069C8E0F1908E1EB26309802FA8E6C5EC
                                            SHA-512:5DF29FB88E60275999DA5843E0E1B0A5BBE5FE4A6B75418F47EFA8CD86DA1A2BFD4DE66B2EEFA607250742BAAA8F83A59C9B3CE8590182B12705FA405AAAF2A2
                                            Malicious:false
                                            Preview:.@j..u........T..5..1.3m...}Z.Z.7.q..Vu..:.i.H...G;..X.y...*s..2.I.....[.I.^..........Js..9..G7T.......&QJ....t8B.....xf.....Mw#i.p.......}.]...jY.N..O....9.g.zl..dM-..b.r$.......h.5qe.w...P....W..d....]...?..t.s..E.p.......T6.>7m.....Bq....Fx..u........B..2..2.7z...{X.J.8.g..S}..!.z.E...D=..K.f...0w..*.T.....Q.V.R..........Xx..5..Y5Y........0^A....e*A.....o)".L...{8.P;.}...^b.{.GX...d.*v..J\.....c....S~.R.S..1.t...>..S./...Q...+_.`t.n6%.0.T.@..d.E......Z..l..?.^..bY'.U..$......%.x.......M.T......)...@N.5 .#Q...8.O.a.y.O.....08....T..#."........w...:..)\.!.9...Z...(0.......a,.iTgaT.FqQ.b.y..A15.H...y8.L;.i...E~hx.WZ...v. s.=QG.....d....R|.V.N..0.a...$..Q.)...@...8R..f..;$.1.S.J..r.\.8....O..z..'.C..mQ..[..=.....B....lO..-..O..:*.0n....]...J.!....)DJ.%w#.KA.D..9Gny......,!.=[....XO.,.7l....I[o:}...AQ.g..."..._.~=....W..h...."..AZ9TMz"...D..m...y<>......b)....q.../..;.\.,;8.5x........H*..<..X.I...l....*.n7.[.-.fY..:[.yL$k..o.X..
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.8586576545843485
                                            Encrypted:false
                                            SSDEEP:24:Qih66MDvsNse7BOchb6ZZM7198C4VvUOEwQ5L6dMeE9wHjLDfn:QuTssNf7/YZZ9C4JdEh5WHDfn
                                            MD5:FACA528830BA887C7C50A1954A67F045
                                            SHA1:57B7980652BB5F5F6ECD740F479F135F56E16ABE
                                            SHA-256:B7B500E07011C5F30607F76084B04EC1647C051326B5121372F7933B7211D336
                                            SHA-512:6FF56C2EB4A876539D09E6609FC3B39627FD0744EE4F58144CFAEAE8033615DF1BF578382FFE3CC3BD8D96DF812A92D918213F75162A279B5BAEC6BF7E3763F2
                                            Malicious:false
                                            Preview:I.'.R..A...G.a.....p+(yZrn....m..R..:..c.$[...!Kzv..n.#.?6%..{:...Alm.\....p..1U ....yV....h.....X.n.8.f.^...9..=L..m..|a..|.....m...s,Z,....`9d`...7..u.)........iAD...x.+).IU..\.g..[*.....o.}..s.u.!.....Qo.._.[.#....^...UEoaU.....q+...l..E.>.R..]...I.d.....p81u]nt....v..X..6..`.?X...9E}y..g.:.944..h0...@rw.X....x..8J.....pD....u.....S.n.&.z..E...-..9W..f._.{...,.P..T$.c....M|jo..v.gU.OMh...S._P.=..V.-.f...is..S+q......q./3@.$...o!B.......d...l....p>7mql.$5nVy.[.L...Gd.E..9o....o.:.).S.6..(JS...=.H...F'Rs1...f..1......l..A-......J.e.Og4...d!.(...6.%1g...dC..=.<.i.$.{H....+.......C.S.-_..[c..Y.b.....%.E..K-.q....M|ba..z.vS.I]q...@.CP.-..Z.'.p...|b..L+e.......{.) J.<...`!S........r...`....v'!whu.>(dE|.Q.@...Ao.P.!..N.b...q.-..@.Z56..V"..R.K.].A@.Y).RA...&.)C..z..D..1d.HI.n......9..C.....0d.%d..U~aXQ....NE.v-..A..7.v}..........y5..#'x...rm../......I..GF.D.=.Ll...I./...<$.D.._%.=..P.%.9.."!.y....l..2....~...8..Q..a....u......
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\ProgramData\1EB6.tmp
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):160256
                                            Entropy (8bit):7.996999411243583
                                            Encrypted:true
                                            SSDEEP:3072:RHvApgOkCblD1C3f9UbNxaHvApgOkCblD1C3f9UbNxaHvApJ:RHvWZnDof9UZxaHvWZnDof9UZxaHvWJ
                                            MD5:1E0C40FA27612DA8E93B4EDA6833BA30
                                            SHA1:F95B4A13B75C6896B75E52F66977DF735E136AD4
                                            SHA-256:AE2E171FB045078765139A89FE8C538F1867304C8F7BC9FDC6D874E5AD65FB76
                                            SHA-512:24D33781FFBF885479AFA16547566169C1C3DCC1B1763FB26729D6C8DECB117471697237E91D91BA3AD0D0BEF5C8B8FD863BB1BF74DEA5AC24DA53C1853C374F
                                            Malicious:true
                                            Preview:;.....e5...../x.W..C~.....&P.(S.vc'h....'..U......../k..2@.7oy.)....MU......j.]C.....`.]...%...J|....mx.a......\.}>....E2....3..K;....d..\..3,}.N....W ..pk3..uLu..O.E.>.Qr....[(...m.g.....4.|<e.Iu4..Y..P8.D.IR..|..J\.........Y.5.x..3..@..r.j...I.z..c.iwo.S.v.2>7,x...G..P.........._..+...d.......u{.&LAN.Q...\]....^t....2..0..St.^.PS.>.m.k..Es...3d...)....l1c.K.L.q$.33..,.).w.hm2uJ..@.g!.p.^%.L.rV.@.wzZ6......<./.......*....I9.y..&.BK[.w...$iW.4.x...{4...e....p<..7.@Q$.........._(?5<..b_`+I.S.#,B..{..mqXAg..(". .LrhL.\....W....5q.... ...)......L.V......../D..<U....].\..8..Q]....%_.m.6..0.N(..wW...........P...........&....U^......{..=..!..81..N....z"._.[..o...35.]V.^a.(....4.....+.Cf.l....$k....!.E..Pa.p2.Z.......?.&.[.k-.....M...@.dP.)Z~.:1$p.AZ..... :..%l.W....L..g.....x..%.....{.J....S.2..P*....xW^]M...I.z.sE.(.S..K...].....l.2.p.......|\y_..C...k..?....*S..\.r...37;#...o.vl.......A.....un..=..&.q.\.B.....<.M;..4..oQ..0....%..M..5...7...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.833705042426588
                                            Encrypted:false
                                            SSDEEP:24:yCWxqXkxh5llDflokUvxM9btke+GvUOOv+MsHaU88LDfn:b/UxF9feB2Fvkv/rmDfn
                                            MD5:A4C97F13D323DA4E3C6C41E6F34336F7
                                            SHA1:3FB828FEBF6D3DA1B28D64EBA1F0100295EA7B50
                                            SHA-256:41D30D8B1225E1E24F236828C4DDFB46E8C15F495D5B99F1AE9F9010AFEB99FC
                                            SHA-512:F1C7582C603C74DC8E2227C2720B4415094988DD210773670A3ECE25808BD5A7E6606C4D2FF96DFBF0C03A3D8302C76F7346CFCF34712489BE3C7ACD6A4DC4B8
                                            Malicious:false
                                            Preview:.... ...5+..'...X.X.gJ......q...._...d.}...gKS.....Wr...q..j.x%.r.....55...L*6.:`w.4.....;.B.;.......I."..S.9T....E...v.C....Q[.\j...u7..b.9#.../[.aH..d..... ..F.H%..i...3.."[..6...[..W..jT<.....0t!Y..f..o.....B)...\PY4..../..%..:...........8...84.7.,.G.Y.cV........r.....]...c.t...xCY....._|.....z..e.q&.w.....#1...L7,.9bj.<.....4.T.(.........W.;..R.4].....k....6..@:~.s./Ca.-....!.N.SK..'.K.-....o.X.m6..X.......x]lP9I...83.z.T.C.hB..l.N.W.c.$s.k.r........H .....g...q.....8.....K...V....E...........v ..|....h=e.%.l)...\.a..........5..$.k.F....*\.L.Vn.....l...L......1...]...........;..V/.....1.p.j....;..A:y.m.-Ta.2.n.. .H._L..#.\.=....b.Z.l6..^.......tItO6K...:8.l.M._.`\..{.S.F.l.-v.k.a........C-.....o...h.....2...N.~N......;...98..c.u.......1..Ym.(.P...Ye..9....b.O..N$..Q..E8...c.K2.1.uF.Y.@z.......h%..o-W.@I9/..L0.....g..RX"ne..j..M.8Ymx..]..I7..8........b...)..en.|..p..#...{b#...m.......S....pX7;...o..I.l.X...J.f...j..p.-.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.864751809530509
                                            Encrypted:false
                                            SSDEEP:24:WqXNHaTykTM1gpR6NaNrSPIzxlwrtIy5bREKHMYgsE1rEflx0xLDfn:1XNclAOuCrlxSrt3MY41gflSDfn
                                            MD5:8535BDC53F7AD97B1EC4F65B0203E1EB
                                            SHA1:7C1A68F6D79722CE8106CE758D7DD94E6D394C18
                                            SHA-256:7957B1678C16206D74A2E8E577EADB8A92A003F4189E5C7DEC43CAEB262557F7
                                            SHA-512:1338B4778FFBEBEBC0946B25F7CAD05CA76D53AD2FD7119B013180EF9FBDF8FB2A8DA11491A446DF25AFDBBE44E8F94813DA759FE79300E4FF8B60569BDD0AE1
                                            Malicious:false
                                            Preview:..?..d..e..!.. ^;:..........%..?.tC.N...[....FD....P.F.o..~@....2.2A*O..?i*.Z1.z.......<9^....v.4..Z.0c....[....+zh....-.L.MP...'*.l\p`....|o.-....w.F..:.~2...l.._...i<.....>..M.....zyz<.z.@.9L.....p.2.%`A#.'.&..1O.j..#=..I.5!|..7n..8 ..2.a.....<..z...v..!..)@;<..........8..6.~L.B....E....VC....G.F.a..`D......&B C..+y3.@8.f........)3W....|.=..P..{...S....5`y..#.....-..6H....$..A.7.R.{.j4$.. e..+..C."..Um.a.AC.P{...SP..n..........p.-......NX.O......)...U.g.53.%0E.!<..yd8w.|...V.U..K..A.9....B8."P.y.X...25k.-l...x.."P.......P.l.. ..]..F.....C...x....F.d.|t...hF.C)n...0...D.(.O...`s/...nF....h..|../....."..7I....0..H.7.G.x.v&(..$... ..V.$..Ko.a.PA.^j...XW..o..........p.!......[Y.I......=...E.{.=;.;=S.><..dp!o.m...W..]M.N)..;.)..8.Rt...<.%..+.?y.5....8..k7a0...O.x....Gqf."n_.x.]`...M..K.....Ok..T..4_..[.j.....}.iz...>.[h..4,.!(mk.....Q...A.......I....x?s`.&..^Y.............r]...sS.U..Z.....a$.R...@}..ck..%....1..........;N..r..F./.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:OpenPGP Secret Key
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.833571364972196
                                            Encrypted:false
                                            SSDEEP:24:jrOvyq4lTpA8DghK9eCTPVhr1B3YbhmVxYxi/4au6f/LDfn:jAL+pz8helnPobclfDDfn
                                            MD5:032912F9DC1FF9AF08DC883EA622A671
                                            SHA1:0CA65D4898E277E195736A256A87F5D93CCC4F7D
                                            SHA-256:9060579B2624C3068D0C0FF024A54AFA519B431919410EAEEF87793C479D575E
                                            SHA-512:2580675D784468D783AD6B3B3E99525A4CD17FB0D6CEE8FB466D94978C09D247A7C8769E57895FC45D2CFADC3BB230ECF52039314E59B062BC460781E5E2AFB5
                                            Malicious:false
                                            Preview:.I...L$..LM&O..A..Q.(.I...q!FndD.$.fp.I............:.(.........U.=k.....I..,@&.od=%......+F.R...y...Iq:.!3...c7....B.....$...8.{.3...p$....5.^.....B&..A.W{...W.i+b....L..I.rJn1.....*.......[._.....A......~}g.....K.._&@!....01.D.......}ua..F...X*..ZV#[..X).^.9.O...z8LbtA.-.`s.J............-.$.........U.2r.....@.. V<.zh8.......#_.G...r...Nr0.(6...x+....T.....H..6._....8.-<x.\.}.!z.....&...........V.RY.d..D'.2...v...!..*e.O.!Jb.Q..;.cV...L.N.....p\....[.{Y.l..y&c.....o............L.N:.:3O..rQ,L..'_\.)..m.......cW...]....1w.. I.......|.>..cG.nS..\..$d.S..\L..d...d...ro.zG......H..w.*0.,;.\.".....D..<.W....;.+1q.O.d.1}.j...<..........T.Z].f..\-.+...{...5..>..G.;Js.I..%.iK...R.R.....dT....H.yD.i..z'y.....s.......)SX.u..)=.$..6..pn....L@/.:.s..."<...e.......b....6?w.W....Ue...-.*Zr......?u..O..j.*...kB.^......(.9:..fm..O.u......fP.:X...x.#..7.R..q.j;8.:&I.W..R.Z'..k@....a......1l....".=....l5P.w.;...V...,B'.....h....R8\...Z.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.832635382330272
                                            Encrypted:false
                                            SSDEEP:24:kmoZk6HVjiKpsSfor8y76k1pdJMFiowRCOufWsu/wj6uyHIqTaxDdxh5LDfn:kf/jX2z76k1pd6iBAGsu/wGu5HDdlDfn
                                            MD5:6A8BD8C527CB3822930F7FFBAF8ADF9B
                                            SHA1:FC2100A8C06E0AE5D2F7A5B8F3073DBAB2B9213B
                                            SHA-256:DECC42FC9AC049EFD60B90B77AE6814DDF3A066DF2A16D1309D07E289A5C339F
                                            SHA-512:62E5194829BDF5A37DE6A0BFD20F5A7842C7BABEA56AF0F3DF98BCA594B499B1CE5CC8D4E4C24A833ADD35A243FABEAD25A43B03461F3E7776805522CDB58298
                                            Malicious:false
                                            Preview:y0;..;..\...i...9.F.z.I.M.......X}3./..F.T;..l.g.~. (.T(...T$..%....}...Q.......F9S...v.-.E..a..M......<gD......m...M...*..M..t..!....u.k/..T9...U...,M -.f...;......!..."..l....E.......v.Z.....K .U`.....^.....V.S:?......m3s;..h.>`P>1.B..M3=H.{$4..:..T...l... .F.|.[.O......Tm6.&..E.W0..h.~.w.;..P"...D4.."......m...K.......\'F...w.6.J..t..W....=fM......b...^....R..l.#..u. S..........>j:P}U7x..Z.\n..C.....~...uH. V.DL...K/.e.H.M7.....k..m...I..:.=}..9.&..h.7....@...J.....}GG4....(3"(\..Ol/!=$.....{...]..E..ov..x.X...t...`m..Vk..he.L....h5.b.g....0yb.R.....)...U..(...8$.;6..n..%.Q....M....759..-....L.GO.=....N...l.;..~.-M...........m&EmR=x..\.^w..G.....|...pJ.:N.QU...F..|.I.Y-...e.z..u...U...4.#w..".,..|.9....A...O.....g@R3..../2..x..e..V..D...u>.m.D..k-.......6...8=4..+....."..Kd.....H94.hBM270.N:....;C.h...6.@.....N.C.../.d.~y9:>...!.`........U....9E/...9..<.}..V.7..%....U+*zMS.~J#.ll_.|.m.._U.v$.J!..^...]..#..."V..K.rqNQe..[.Z..f.....5.Z.9.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.849508820980511
                                            Encrypted:false
                                            SSDEEP:24:wHZlJaCPMHIzlRQGrZqIUNKVne5rpKq5KC2VSmqHLrLDfn:ESIbq4e59KeKCec7Dfn
                                            MD5:988D08E15F6B17A900623C2884090FBE
                                            SHA1:791F0839A43494D981610D2C3E15CD2A9EA9D3EF
                                            SHA-256:BC9F3307ED3299D875364D5A40B274E83DEAD50B26E9231B6FE8E6F425D84715
                                            SHA-512:643BDB8F90BD52DD087B6691D965F20743FAE0160ECECB6F26E154AC7842B2B7335CF706B914EF69D00FC72175FA6CA8276BEA8BB251ACD5A89BC0C6F83CA6C3
                                            Malicious:false
                                            Preview:..N`...S.+.........."/.0.R~....;....q..Z....-..Y.U.:...5.p1o.e[..I.U.."...W...uy.y....l........uX6Q.:..aR....!K.N;.d....<....riW...0...C...|y...T.m.ei.H<.j5.......O...`tS.F.8...Mh.dm~(./ ..?.C.q.{.y....W&L.".Y.]...(..{.n...b.q..m.c......hV.C....Ak...].-..........3=~2.Y}....+....w..Q....4..V.S.>...%.l6`.hA..I.Z.v-...[...yo.g.............wS2Z.=..`S....:W.M0.w...&...!`.....n.~JL..2..f..!q..k..m.......8.I}"*}.8J...W...(..Ds..K..,h.5..D`.N.e.q....R..Q..{....u..vl...9..G.#....O..D=..th...>Z#A....RZt....Y..+......z.....r.=~.-6..w.vn....MC]...p.t.M,s.Z.O.a.=....E..ne.k.E..V...6..)..W.T.q?..._.F...x.........fP.,...?`.....y.`IW..;..v..1v....a...d.......<.E.%"y.:W...B...=..]g.._..$d.5..\x.J.o.r....N..R..t....c..wn...:..].34...S.._<...B3..~..j..bj../H...D.......2.y.9."Y..JF%a..=V.%.)...x.J..............~......k9....V.~L.z+.2.k.>...q.;w..n...^.......(.O1Y...:...?b.w<..1....}.@.;../...l..q..Q.'.%.b.....EJ!.x}...Y...J2...#.S..1...3).?...F..P...v.x......-.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.824019511374501
                                            Encrypted:false
                                            SSDEEP:24:FnNjzFwvaRU+fP3aUTS8+u42WNeCL99swnhLHDlrFdM5ZlMc6Gb6LcVsncLDfn:Xte+fP3aUTS7HrtLf51lrzM5t6GbkNGj
                                            MD5:EABFEA3635CC133A33EE4A624E86AFEA
                                            SHA1:42429D2695A4591A91735A7968EA8F6C9BD6B3D4
                                            SHA-256:C0E2EE98F312A6F10D653F79052E8856CAE0A86E1D7D53EF062757A28E43D95D
                                            SHA-512:09406E2D8FFAA7239C6059F9FF40DE55C130840025272643172615F459F227954BB56FEADA60BA82BBC96CD768E58AA72BD6FC8CE6E169FF42B3A8FDBD64655D
                                            Malicious:false
                                            Preview:.......Q..V.....d.^..:.k.2...vt..V....'.o.sy.[.zn6s.....=.9.i..Q..g.U.....!..-.{..I."..l..Y..[c..a..r....Z...e.P..`.p.+.. .q.T...2...=M8......u@....2^OB...........Q..#....ul.&E3..F.Zw3w...G}w..J.....*'x.XE.2)....c?.e....izU..Yc.Y._...5..."I1.9.]......N..@...o.T..$.o.(...ns..C....0.j.at.V.ib9}.....,.'.a..Q..{.V.....7..6.w..B.)..v.._..Cg..g..x....P...d.L..c.`.&..?.f.G.......]8...b....W..].t..9q...._..g.d...w.R....}.....(){v....8../Cw.......2H4....~...L.?\....9.L...jw..=v./....a..s5..@..B.{8..c.g..K..I.w.(#...a..f...."..^%....k.b>...,.,..Vb'...g..T..r!e8...uV..r.......xU...d#>..77P.....n..0=...o(..&\.l............N;...lb...^..M.....0u....J..z.j...x.N....|..... :zp....;..3[{.......2\-....~...A.9E....7.M...vf..!f.3....o..`:..S..\..2..yRLC....2.....y.\.Ds..D..:.`.]#...8v.9...~A...X...Y.M......#.I*..|.)..F.cm.R.f./.y.u..+:.&L.,..H...c3l..O..o.v.3.f..I.Rh.>.0.(.O..5.6...a.G...9.v....u.....-'].^<.G^.."..\t.lw.z...q.R..b[B....7..X`p.......6....Fr....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.8376043964764355
                                            Encrypted:false
                                            SSDEEP:24:ALOpsQ+ZD9mBd1ZqOckdNFGJW2ZqC6MWDmxgdIJ1SNjLDfn:NKXZDMBd1kOcOAlZq+WKgdITSNHDfn
                                            MD5:081B5402CC2E64C879755974D48E9418
                                            SHA1:D991E6217D60C1C2F488E61C4C17871A53948869
                                            SHA-256:2A95CB1059D656D3444DF0E9446BB89302889BBD06ACA2C38FCF4AD4D00D8055
                                            SHA-512:5DDCE15B466D84A6B8B57F72AA82BD1E58275864C9E4D7C9E9C8016FCD99FF96004639C8F7171E18CF206DDD5E2EB88E7891B43A70FD372BCD362DE85AB5863D
                                            Malicious:false
                                            Preview:...,...e...(.~...e.........iDZ.IV2(...e.o.e}.[i.`./...a....7b......V.......{...<...t.O[B...M..kH!.Y_.k.........{G.ZP.[.?dC.....6)h5........$.M..F.....A.. ......3Q.......)...Q8......R3..im...@...#..AF.hr.....~`{......yr.V@./.....)vJ.pr.....]........ ...z...;.y...k.........bP_.NW!+...f.~..n.Aj.~.2...s....6`......R......n...'.!.w.RYH...\..jT(..\_.h.......vG.Q[.H.!tI.HA..>$.....).`........{E...=..?q..*+k..w..h..1.+...L..S2R.p............T.._BKl..Y...s.2GM..%..[;...V.....F.5.^,G..........`.........;7.h........",...c.).P.......Ms.....^._..z.`......d.m.=..Eh..\.Z...OO.J....v..R...8....gZ....$...u.......SH..=>.....%.e........dF...*..2b...8l..a..}..'.>...[..I X.d............U..OJOo.._...v.3DM..+..@#...H.....W.1.Y+W..........d.E...T..:.....8qU.UN..EY\..F..!..M.0T.r....J.$..-.ml.|.~_.g.`>...5.U.)Q.p...:.f-.Sd.:..q..o.....K.N"..iM...=[._.RB.i.X.v...O0.@Z....._dC.;.c".9..sp?.......q.`...Z.....O..#.;...TxO..^..?..x..7.).... ^...\.l...?...8V.8..[.!./..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.831809123608353
                                            Encrypted:false
                                            SSDEEP:24:4ASO2sdmMhm7TXHXm1Art0UQn2izx4msXNCz/h8Ul9EqHUXrtLDfn:4LsIz761WU2esCzGoOqitDfn
                                            MD5:0669D54641DD7B80FF451D710FFEC2F4
                                            SHA1:C79E23EEC1511C325B26F70DBAB97F1D33D2097A
                                            SHA-256:524272EB8C2FAD6F671301063F1139F6DE76B8CE868B168B190F7F8F74FA6D3F
                                            SHA-512:3F4C51633E2C4CF2C3FCDBD7B82D1F4C751CE04FD69AE5F6C0303D4C3F2EE01DDE14AE7D78EC131080639F523FB628E9ACF5FCB1AAC6CCBD4AEBBA5349479359
                                            Malicious:false
                                            Preview:,...$.cT.MP...}..-.......v.).]Q...].~.>...,..E.Gt.d.H.;..F..!...........&..#.p........I.A.d.X../.v......4\.M....../@L.QQ.......Q.i3y3.Ei...h .[ !u..i,..e.c....<.....4ZA...^G7..X..E.)u8.g......x...4_.#m5RqR"......8.[......_(...Vy.c....:....N...,...%.iK.BP...`..#....5..|.=.EF...^.x.=...6.._.]j.y.R.)..M..#..........."..+.e......@.C.l.N.w!.~..../M.K......8KG.BN...g.....9c..".,.A.......b......).F.[.....Q......X...VjZ.......cMQf.C....L....NN..9c.f..X...}.(....].a.#F.i..6..bwE......o..3u..26..1.:0.@...n9&..vF.....XX.3|...Nse..T.'....In.L......:..%......ua.......W...9..7.ZOc...1.X.UYvU3S.d.K#+.......|.....;c..".).@.......a......:.Z.H.....@......^...D`N.......h^Lb.I..D....SK..9y.h%.C....c.:....D.e.$A.z..!..weT.........xa.........../d^..)...V.7...@V.<....M..9.. .~.q..u......cd.@.H.FF..N...6}.....V..i....`.#.WM.p....C....$8...n...7f.....w...E.P.]..A5....!#[..{*.B.5(/..!i..5...@.?.<I.e....*/1....zQ.9...<......7.=.MSi0./P.~U..(u#.z
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.806385946095185
                                            Encrypted:false
                                            SSDEEP:24:whlK7mrf0HGIOz8xGk/33h7lUwXGKs+qcEmvkWkZ4JWN6VLDfn:wl6mrf0mKxGkPs4w+qc6eWN6VDfn
                                            MD5:50EAA4F2D85290865E44F7C987C92FB7
                                            SHA1:294C7F99490D3E21F33F233906C758979E872582
                                            SHA-256:C7296AB24C22367B288A6F04F98086C37FCA931DE755CE47C551F5E312C65D45
                                            SHA-512:DD4FE1472D7333A0A8C8043A39EEEC61E80A35DF2B81088A11A9AD0A552E421C1660F173476EE118C3E63478B128CDC37E1759F81557F403A31EA080EE71860F
                                            Malicious:false
                                            Preview:C..95...vE...r.5.....*1EY.....?:x......{XM.*I......._..C.j<....'8RZv0.i5...N...s...(.8..a..y..+6...i..Mb .8`5.Z..Xh...g..Z.Oj...RK.:..^......;F...+.O.F=:..:.0.)......p.^.3'..T.s.Q;....?..bD@E.e....9...|.>~h..Q...z\.KG...XiyP|...H..*37Gh..q....A"..^..=9...nC...h.!.....26ND.....6"q.......xQ^.$Y.......M..F.g1.y..%+FCg=.f$....@.......+.1..e..i..)7...w..C{%.-t5.C.._p..m..S.V.F*.......>.zb.V.....;H>.......#...F.....3..|..... 4...`E..5~.......v..#.........U...ZDK..P$i.....1....p...R.....g...o.D...8....m|...Cfx$.6.m........u...=S.f...v.r3..56*..V}..PQ....',...a.u...y..T....VCQ...!q..~......c..{.f<'....%..L..{.....V9.......?..tm.N.....+D7.......&...U.....0..g.....1,...r^..0x.....d..).........N...NYU..H7|.....6....x...A......v...y$G7..p..........S...U/E.K..V5g...5....z`...L.[.hh..i......<......g...K.9l...WNK....l.....6..q.....S......s^F.SM!...h....Sv...aKs.l=S.FoM.kg..=.w....&W....W....9Z.g~.....Y,.K0..F.......SE...@...C.......(kW.9..UbPy..TyK...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.836636151328735
                                            Encrypted:false
                                            SSDEEP:24:aQDf0pOuYlqAN49MW7OOT0YB8rLTX9gzM7lRDIBvaPPh9WYLDfn:ymBN49GC0YB8bXizM7lR8JaR9bDfn
                                            MD5:0E9E5A0AD8210E684795747660714B1F
                                            SHA1:4E7972006833E963915181B7CF19E355AFCEE43F
                                            SHA-256:97B79CB7D4362DAF153C40EC37AD908F0D95FE81A4632C6676F69CEB83CD3A7E
                                            SHA-512:A0556BDC882298DBA8901987DAE18BFD899A304DBD65F17007C383CD6443CB2A89958A4E6EE3EA2D22B9C63D1F7892A88F9B8708A3FD8F62E319B42FEA7B012F
                                            Malicious:false
                                            Preview:..Q.@=.nu......L.f.cf..{F-|h#......m......._U.#.@..y"..e.$...Kj..\.E.4....>3.B..b=.k5`?n........i.....m..@t.............kh.!b.8@..#|.U...V.}.us.....'.B.K..`.....6.e..Ti.t..........e.~4.H<&.$..*.@..wi.....y.8Vsy%.G.El.]]......q..hD.K._._.............W.L&.xm......M.v.f~..fB p{4......p.......][.$.U..c?..k.....M`..O.\.9....5&.L..p0.h+p<q........k.i...x..Yq.............a~.1{....W.6.......B...h..`G..=....."..K.M#.......+.D3....kBZ.O..|.5K....:9.ID....)GiS.$4.'.a.n..?.D..Xh<..V.2iF.].. .E..;A1._.m....~2....rP..K|.D..8..:!...b@..s!....=/s..F.'.q!...>E.r.B........W.|..=.;.B8.V#.V.Gz....,.-ah.........]....N.I.[a....W.,.........B...p..kW..(.....'..C.I5........#.Z?....q^C.T..y.+[....(+.CT....6ScA.8>.3...{...$.F..Y{;..A.&aX.V...'.F..1V,....S..&..)8.n.^..Y.............h...v..@..^..,.q...D..].M.....{.2...3.d..i......bVj.+=.l..Z>.k=.$....[..a.....Q.+.r-..%v.R...+.8..=\0.u.....5._...A....d..`M........3G...Z....W..@..R..5_C.U.rX&p.l.jj.`ej.3u..xt{E/)@..7a,.@
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.855884832416977
                                            Encrypted:false
                                            SSDEEP:24:fu4Ofto04mkmEESo57vjXxdUoBEn1knozmld/MP3f5v7QLDfn:G4S3kmEEb5BdUoBZFd/MP3f52Dfn
                                            MD5:704A6E43A8EDF2CF25403CD3C65D7AE1
                                            SHA1:1EAABDD517C7F207A145DABBE7A0D886C2A8769B
                                            SHA-256:094D370FD28A6A62D655F61777ABC240C177E869441A073AC1ACC677A309C6D4
                                            SHA-512:54A1F33BCDBB6BDB6041949E68E737A848E9C3746CCC816C86D375382133301B1111A310517EF3D482B1319E7AA93CEC40F643C7CEF22956D1111E17A8F67161
                                            Malicious:false
                                            Preview:...~....~.6...t=m.9.X..u....V..^.Q'r.E.e.B.yv..y]...<t...I./.H:....YX.....y&..<...wV.G.|...F.S?HY8A."^p...{.p@.+.U$..M.G.j...G..C.=.eM..s...T3MQ4 64.bW@.B...d......c#C.......9B.G.x..`+..8<.....Y....."..]...K.........o...1......}}.-O/=...R4D....p....k./...e/d.6.G..|....@..W.B(w.W.d.F.wj..sD...*r...T.:.P2....BI.....w"..,...hP.Y.z...D.C2WZ*R..^z...r.qL.!.B)..Y.E.y.....Ly..JZ.P7.~6=..dCm.8K.N.O...%j........ld.3....=...f....W"*..>]m.......M.H...X...Q}.....e.a.Yz2.R.#.0..6...2..".........q.J.v.......71.x../T..L........)O..<.g...\..K...O.b... &..&..fN.....^F.c..,...~.Y...|..&...Cf...f.!...|.a....^..iR.......Rp..DA.N?.y6!..}Xj.#X.O.I...#d........lm.8....4...o....]0".#]}........L._...R...Wt.....q.c.N|<.O.-.2..%...5..'............Y5K^..S.j...8.....}........f....(..En.....t..(....u2.....fzV.c.c:."......L....k..}...i"IsM...u..0.......+..._..(. ."..f..XV..C/i./.08.,...ko.,....=.Q..v.qOA..Fk.s.0.3.t..;.....{q.A....X....R6.x...e........,_..$..V.z$h.K{.N
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.859876422313132
                                            Encrypted:false
                                            SSDEEP:24:6Gke5WXOseWHxsnlJcOvOpFMcJtWnpsXwTdcoPuv4/8s8zvQ3FHQBUBLLDfn:6GkHRclJP00npIGdchDvQVRBPDfn
                                            MD5:4280BCC8D5D8917E953E15F06C19922E
                                            SHA1:E974311C8414D13C51FD5EBEC428BD4E4A49B3AD
                                            SHA-256:17F38013AC5C9B00BE3BBC775316CFD2B7524679855D8A926D4F0EA501B30E31
                                            SHA-512:FAF0A8226FAF78F4F22B74756849C078FDAEF55247608C3D89A46FEA9F42D63D94FE05DD68189440684BF86BD471551268DA5CA1FDBF7A1956F3B8CA9BC4F52F
                                            Malicious:false
                                            Preview:.D..].q..!Dj.c.3...Y..}........(&....&..}.4.V....i..N..E-.7YE..1.......i...s........h..~z.!.i...Y....M(.@*..t..o....F.)k...s2m.4...*'..j.+#d.)..{..j}.c._":.....Ma..=.."R&...'..Q.....8.4..?.....oir..<Y,...o..QD..e...Y..Ebse.c6.....;......?Z...G..Q.n..&O`.d.2...K..a........2>....2..`.7.M....e..W.._*.)TO.. .......o...o........j..tm.".x...J....V4.Z ..f..~....P.:b...q..:...s...s...t.fg.Z...).Q.@_._.O.}H....7.fM.T....d.].....C85Ko.V.......3b...U....AH.+Q#.T.G.o&.`..............{J.v..S\.w....v]T.CNa.r.h^Q.8....3)...r.....0..Ah^..<K....?..y....r....19..;......'......D.8..r.......l8.!..Eq}.N.m...k.h..'.!......0...m...m...p.wg.P...&.I.X^.O.@.x@.....7.xO.S....z.R.....I15Ud.U......1x...S....L^.!E=.^.G..m=.~...z..........uG.j..DM.b.s.S.c.{...|..\Jfy.!.:.y..[.%......'u1.H.w8.5...Y...L.....Et..C.I.z.....[K.E.a..RE$..lcr.S...........|.{.......h.J..+{.A.y...S.q.3_v.T....T..........G(.-..#.......$?.p...~.3....@.AH!.6.t.Z..T....F..h"s.0...'B.9.?..L.k..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.83180345219236
                                            Encrypted:false
                                            SSDEEP:24:Ft7F5sXXZh9LPJiKjsxZrOccGIJQWJvjAD1eknlyGnar+ZadLDfn:FaXnJJ7s9YJQCjAD1BqbDfn
                                            MD5:7AADBB0471C6A0D21BC480A24B8AD610
                                            SHA1:AFFC5CD62FAE0DD7CAD80F219A292DA54807B34C
                                            SHA-256:E1ED3D00B8AC008830615121190E4C5619D5614B40E7DF279A38331839FDCBFC
                                            SHA-512:BFCA490146E3764546EC2FC06876F030A12DC5FECBC23D1B15CF4A43C05067CE99BA10049D5E07C46D6233A962C7F085E5BB24F4F9FBAFEF67E2DB488C6EEB27
                                            Malicious:false
                                            Preview:z...'E..\.g.C.i..BO.....=,%j.<a.O..*..O).Ha..o.kFTJ_...*..... .s.qF.q.M.....Ts5@..f"...}.GF..G."l...B].....b.....k.,.j.'X.ul..D.c..e>V9...y.._K.MP.?.@.....n\....@.@....Ys.R.<pI:a..<b...=..O.9.^|..H.+.N.{..|;...OHL...K..\.#`U..-v....:..;z.p4.x....D..T.q.F.c..MI.....%'<`.,d.F..)...X?.Jx..`.sB^]I...*.....:.t.aI.x.W..s..[.#Z.j'...|.MI..R./v}..IO.....k..!..w./.m.1@.*.W....t..R....n......*h...y.}\5C{)G.=. _. .|.*.d..~...(...P."^F0..Z..'......R.\7.(.n83_..,#CO..x....*...$l..*.*.u...YM1'....C..P.go%x@.c...z.....P.K...<J.`..O.?e..@.......j-..$kc.}U..*j..4AVc...'/W..a....A..|%......X..MM.l.f..jZ.T......~=D..... .\....l..E....h......6}...c.{U7Zz?C.*.5S.'.x.(.~..k...%...D.=J\,...Z..?......Q.M).4.u;9L..$-WY..y....)...>...-.-.a...^L..<o+..!!......-.Bx.....%M,...yTx6}.g.U...h..g...6..D....78...>Q.b"c..z!.....5..E8....+.....R.>.?iISZD+].......4..M...Y...o.....>...V6.uU...%Ow.l..t.....g._<.$A.8I;.&-Om.G.......\|..!..~..j^.)~.....^../.......G.u..i..(PF>`
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.829296200591186
                                            Encrypted:false
                                            SSDEEP:24:ajdtbABESdaIgYExukcVy+tDXws5hZvcOdpoLDfn:azbABEkbVwukcpRlCDfn
                                            MD5:99D20DD92C4FA49E9AF2862FB995FEF6
                                            SHA1:2A21B7838BDD3CBE1D9434774179F84F1038131E
                                            SHA-256:E075314ABD1A5E815D741E898FB4C43C4FE11D33873D17B7D6FD00B41DDF5D0F
                                            SHA-512:32450D77124FA758029D96970504F9A5FEE555A3BDAA74A3FD21D54A05522C77A2AF101F19AFF3017097B5828718511DFF34262B931E745249CF689FFD5D7219
                                            Malicious:false
                                            Preview:....a...~...]."..pS.2...=...M.yX............b#.i..}\y..e....4...`.e.ve..0@..&..e..r.&70.y..*II.mC..S`E...!..R.e..%.....:R.n..V.5...c.W..,E..}..r9...&.Dc..K.Q._F|...~._..=...AW.ka...N..M......I..~...;5...`6;.Qn)2,...lN;.....V..y......R..Bg.R....t...h...F.)..vJ.<...%..J.vM............q/.g..aMh..x.... ...b.c.`z..<E..%......t.;/4.y..1MC.jV..S{G...'..H.c..:......[....SU.....8A@.y3..\..0.6.......0j.y9|m... ..f......j..I.".>S.}iQ........p.w*...D2g.A.y.~....N.....V.pO..S..mvNF`Yyw..P-..ls..8.:.2.y.~..]...q..C.9.=..Qt...\Y=m6...%D..y%.I.R...`Q................L7.....c[...J....N ..J..A..>...?...UdE.Y....M....UF.....3JG.k!..R..2.2.......-~.a,sj..."..g......k..X.,.=H.aq]........d.~?eg.L0k.E.`........R.....J.wI..J..apNUeJg`..3.!.>$g..@..'......Lh.N....<./,..)......I._?iuE.t...U...s...w.m...0U....."... ..v...D..A;B?.O..pMx.J;...DOQ..\...s...I.a.1.LO......N.&.h;.g...-zb.7.....p..|.P..].j...T...n...J..4{...O..U.:a....L.:...."...?...z..|.8...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.863859898197547
                                            Encrypted:false
                                            SSDEEP:24:T1RopwKlaJkoTxVtAotzStv6dbA52zQuSxjAQuV5vLYdkZQWEafJuALDfn:TwwKl0kibdE6dtEuSxV6d5QvafJ7Dfn
                                            MD5:6A4DE26F124A12F4D02C4DD4904EA690
                                            SHA1:F8C62F9255A76FD2F3463F25F5C378CC4E961145
                                            SHA-256:9EDF093509F3099CF234BECD5D0B575CA827B54E3B5DE22565608E3AC4D28BDA
                                            SHA-512:E56381A85CAC173E98FAB22473BE94155379D3A9AA73ECC36AF85FD23520FBC6A69DC1419FA74AD763ED298A1C479835670D441E959FB568A5C259A485E66E16
                                            Malicious:false
                                            Preview:=hZ)5..0/`w(..n..$..?..1....1.r;.Evq4. s..S.[....{,...t...Uh..e.......&x..,.)..nn......6..+...'8.?....`.Zb....#J...!S.~..>.u+c.......s..G......y...v_n..'Q ...7...<`..*.U.........@]l..m...]..R%..Z.R.S*.......<....o...-..%...6....F.R7....V.@ l\-9..&7fw;..h..&..'..<....).o0.Xh.;.#z..].\....a1...q...In..g=......7e..0.0..cb......2..;...&..<....~.Nb....;T...7X.n.1...#(....u..A....mL-9.S...b.{X.....r...$...C..a+gvz.&....~.b.zme.D....X.....SM..}`'...g...:,H...U..l.p<.m.....E.+?1.......4KM......^...mkB)..LL@...;D..r..P..$..|.Z.*4r..V..\......Q.N....C...X._%..,R.U..OY*....X.e.{NDz]N&....n...C....I...p7.@4...0(....d..I....uW+!.M...k.nW.....x...2...X..i,yzh.7....l..c.|su.X....@....._R..o{;...z..."?]...]....r4.u.....].,"2......{.t.C.......Y..B..%;...h.(L.+..-z..F......}...g..]...l....,q.E..]|Hd.....Y.$......Qw.AP.2.+..2..a..n.d.....E....)v%.ES.MNG_......7.. ;ic.*..M.^..^..}.....X'.`..}.gQ4=x.a.J.Q..Jh..$b.=.]..o>L.J..z.<A3....Xw..(.....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.8275923674579175
                                            Encrypted:false
                                            SSDEEP:24:fN7JxUyJoUZuUN41x/xsyPRljCXcwonC8aIIcWgJjn5R3cqw7LLDfn:hJPoIuFpsuCcBuIIcpj55w7PDfn
                                            MD5:17BD8450C6E2D2D956189F1C26771764
                                            SHA1:F2A15751DFD36FC5F758CC6E30A2B3C66E784439
                                            SHA-256:F0437D43A55A43CDC15A9CB8BC8C7D0B6324AD06C15ABB55942143D06A8C1A82
                                            SHA-512:B1F233C1EDD165BB7571706AB87909C64B02DBAF1B6E51F1AEF96F66467A04DAA9DA5D2572A13972EB0E2C182369A00531D0D6D86B2A87AEA6B85878253E0737
                                            Malicious:false
                                            Preview:.....=..*..<....7.G..T.......\.^;.Y...k..5.2....pg...0HV.a.i...V...mb..o.@{@.994....s....h.k...8Q..._Y.4."B..."..rH.5.r...L....&.wl..5..m.. .F.,.l......z.O...e .EO.....R...ARL...j..Hg]p.+D;.h.....qj.........,. "T........ 5....=0..`........mSk.!"......%..!..?....3.U..K.......F.C=.C...v..:./'.ya...*OL...|.x..._...k`..s.GvJ.:*'....y..y.l...=A...CL.>.$P...#..i^.8.{...#B......&..$.k....P/z....G3..K..zfG^........<[....?..0.@.-..[.:..Gv.....7^.nn....GH..X..a.Z`.#.2.."Q^...I.U.[.t....[....VR...............m.;i..p^X.]..q... .9E..p..Yg...c?G.pvL........e.u0..1./f.;`..........Z...e1.:..U.q..>.s..@...f=...l.+N......(..<......T%l...._>..J..xiL[........+\...!..#.].$..P.9..Su....&].hs....QO..F..k.Zo.!.0..!S[...\.G.F.x....G....C\K.u)....8.f.K..m{..Mf&p*Hz.qC...Q..u2.!....vb.M..CnD..;g.......YmF..i.O[...zV..bo....1......<...9...sb..fTG..!P....@.;.2...1.@!;...~..z.K4=S0....#@....(.....a..<......)...h>......a..?(....s..f...4.p.\..k. ..s72.c.i.B...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.873992458796319
                                            Encrypted:false
                                            SSDEEP:24:oW4+kn+0uUVNoev3i+8A9tVPZlofFMsOWfeUlcBGw7MlLDfn:8B+0uUHDVPZi9fvCGw78Dfn
                                            MD5:BDB92ECAADD44C087DD38279C4301818
                                            SHA1:149C9C496998C42D99BC08441C8A7D221607111F
                                            SHA-256:079BB318B759E385A4681C10C65B77B463355FF0C8BF62A824BEF15566E54EC0
                                            SHA-512:99E7EA8048E9151DCA6DC5232A2FD34ED3D23390B5E3E3779504A06876D1979427652765B3F58A2980D32BB0FCBE1EFE2F56228D6FC90E68AE5C566B5F5D47F6
                                            Malicious:false
                                            Preview:..{E.T...[.....j."....:.9....Z.:.Q..;V..Pv.....X....(=d^..K.7...2[qLh.......8.Q......@p....2"\.g..C.,.x...Ha".#.h...........8U.R.. .a0..........*........[|'O.&.......zi.6.}.p.....^...S..e8..".e|..."+wH.).j...!..%d.2j$.O.me\......M.~...pO.^...R.....g."..}.>.5....J.#.E..6_..Mh.....M(...2=h^.._.4...(ZpDu.......1.P......Ms....%5C.r..X.7.|.....N{#.$.o...~4U.G....09w..[.%..Ht...}O.'..&*...z..9..+7..o.0+.Ed>..A!.\........<6.....u...0.....u._`.XF.}].|..j.......wj.".8o.B...-..M..).>.......Y.a.~...6.>...G].u.*.<me#.>n....%|=...".x^.w..m.....87..PC.S4.\..+....[.I....<K.<...:9_g..'..0y..z)...l.J.kb;.Y...i/Y.Q....1>u..A.0..Ih..`R.*..67...z..7..+0..o. <.Zo*..[$.I......;(.....p...2.....i.Q..K].kV.`..`.......~e.$.;|.Q...&..L...&...Z..>/Ef.L.....iq.d..d.....sT.xJ.-..G.t.....n...-.`DgN..../.c..#.#...GS...Kzb..*z.Uq.tW.........$p1......j..X.Q.5:G.".O..Q.3.*...t.^.j.....D$.AE...[..R../...g.Q..U..N..[,M.;.H.&?$.6.q.G9.....3.L.....4:z.#...|lgE.#..t
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.8358927802551985
                                            Encrypted:false
                                            SSDEEP:24:t6R8ZLfsiWKbTPe4tYBNtZk4k7xpzOGy7RLnfK/zLDfn:tW8Jfs9sepPkHOGyoDfn
                                            MD5:B405BAD43B51CC17779BDA006E658090
                                            SHA1:F5B6CF41ED344BFB1A00B26F3101700EB4C13C56
                                            SHA-256:0F5DAB9CD754D22C710E91073314D5C96544A35D3FF4790FE278B16653062101
                                            SHA-512:F0D922446795ED4B6CCE3EBDCCCD72ADF72B22D09A11DC7A50BA3C00633FDD02D54A6257EBA1B0D4E07F62D7F831A872A88212391E6EFC6AA0BAACE800BEACC8
                                            Malicious:false
                                            Preview:)..3_...dF...x!...O...dbr......._..,...h...[...r...".a....i.1.($?3Y....=>....D.p].y.c..j;3Po.x....3..9.<.|.<.._.....*XJ..-.*..V>.0......dm...Ug.....YyP.&*z.1(!c.ic. .$. ........6j...x...>..w.\w.............+-\#a.x.n/.U....s.V..T.....?......K.s...K6..'W....F....+...I...lah.......I..<..t...X...b...).f.....~.2.=791G....%/....K.iG.h.c..t )Yj.h....$..;.;.y.4..Q.....)^_..,.,.@.b...Fhu.Q.\5.w.....Pe..xr........0.._<._HU.....&v.?g.&..zn_.......H...)..V..X..o~.UK..g... .9j.H..W4$..Q3.g...F....4PE.....T.....q.5.m=1..U..].|.9.......y..N..j.~.....8o5M.q.x.MF.u.......$}..*..nG..c.4.((..O..jO.%...y?.k.fI.h.!....t.........,..G.e...S{s.C.C2.v.....Ef..og......+..A7.DG[.....7j.3r.<..azW.......Z...;..L..I..pc.M^..t....&./c.^..C.$.^=.s...R...'_M.....O.Tz.+F......6s.H}o.k.@...o....4....D..#.}.y......zQ.:.O.o]..p.3%.2n..i.%..=...'.{{aL.b.......K.4........J..jwS.Wdv]....i.......[2=.../V+.0Ca.bSe!.0.F^.>K.D.$....)B......5...~........B.1>b.56.S...C...C..H...T...j.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.847780774368665
                                            Encrypted:false
                                            SSDEEP:24:YRrtPRB5rw3SKSkfaUr9de/J0vS9uak0cwFguHzLDfn:mtRB5E2QOJ09/ALDfn
                                            MD5:7C7DFE1794A4A4590DF042C56AFA4C1B
                                            SHA1:436924E465D137D33A3EC16C471F34A3089256DB
                                            SHA-256:17FA661CAE389C8993DE0724163AE62D1F630B9A960B9D3FC1069EDEBECBBFF4
                                            SHA-512:0423A700B4CB8DFB5F38D0D87C3F74372B60AEE6FB60E8BF3990FE4122F5E535BF18CBBDC64315CE52B9571461BDA159C0B4C9DB47FF356518BC823325E9F7EB
                                            Malicious:false
                                            Preview:...m.....ZMUk...S..l...$?.].?...2.A.p..'[..6A.....^.v."?....*.'H#q.V....A4.Wc..c:.\.X.Q{=.m.....[..[mP..|..6b..a.8..e...R.N.":uM.*..z...<2.....c..br.NI..Y.n.jm=.#.8.m.....E.UR..{0...._....X.. Hi.....x:.M.O.i..1b8j...p7...+.....Y}G...A.d....g.....S^U`...Z..c...(1.R.:..9._w}..1_..4[.......\.l..?....)j#M9p.^....A-..^{..w>.B.N.\x<.i.....N..@|K..x..3....{.3..b....#.L.....L.d$..$;<FT.....{.;.....-%..`v.1*Px..`..8:`.H~.....9.|....&.*..IJ7....M5..=\Z........0..9$?.q.dZ.$...\..Z....9.....Ss..`h.=.eA]..`n.OW.*........3bj.<..0......#9......&.8..B...#)..S)B...[.d1.tr...v;T.T.N]..)...u...&.X.5S>...*B;..<..c".Yg$..y.8.J.....G.e#..(!2SI....i.&.....0&..bv.,$Oy..k../?..\i...8.a....,.4..[B:...\7..!IH........&..%0/.e.zK.<...L..Y....0.....B.&D.EjIPQ.eSso:....w.L./. .B4<i.&1l...&.....I-.tw`<.7p..\2.i...h...i.R.M..]..J.......8....?o..2H._=d~X8.V..0[.u..5...n+Ln.FP..:..E.k=..[..LkT..tM6..\...-$2o{..c/...9....k.i..5s...{.S./t....Z:.CN.K......WS.[....L.r...ML....)8d
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.861507917293022
                                            Encrypted:false
                                            SSDEEP:24:nRQ/D0kLNrlLUHSQYsBUJeGvyC2EARnfhR3v9qit6LDfn:nC57L7sBUJeG92lRfhR3v7tIDfn
                                            MD5:2B3D6AD16710F1308CAF2428070BA384
                                            SHA1:9AC9421F8CB6C7F43C34A3553944672F57D5674B
                                            SHA-256:0F948A482A786E1839B56DB82CA845E159A8DB029AFEF487F463842C90AC21C2
                                            SHA-512:3C4108207F294CED796387E2F31BC477C67216270F752437D89D388A4D622EAB3442BC13C12FF2CEF3D7011141B2CB38BBDD5CD782CDCA31034CB6D02860946B
                                            Malicious:false
                                            Preview:..}..b..N2.4...)<.O=..QG.Gpz.k..D!d...t...vwVh..C.2jC.....$'\.rn...K..'..N.....f.wr9...g......v..DQ88..$.....7.F?.\/Hu.1......7....../?........90.~G.y....+W"...g.z%.s.......v%.F.......m....9..O........)n.A1..];.../....!......3.S....UY.p.Yx.`%.6..v..h..B;.4...<1.O:.SB.B|t.d..T8}...|...`sKv..G.'gV.....('C.fk...N../..H.....~.vh-...q......|..[P-<..5..o..-.[ .Z5I~.>..............Y.....4.i..hbD.:...&.C. ..u..A......t.tVkW1.\.N..../.v].s~%o......,..HS.w^....LI...[..o.....h_.P.~.X.S1Q..a.....5.....v?T.{.c.Xx..].D.......N(..y..-..;...-2../.l\...3.F...k..S>...''E.+.qn].'{..uc..k.....T....Vr.[.A...ck?DM.%)..h1.}wAV.............\.......|...tfU.'...-.S.#..u..O......t.dAnH:.K.T....9.cE.at"q......)..WZ.bL..ZZ...P..{.u...yT.J.q.^.P"P..|.....3.P..ok......HOEV..)Z.Pl.....fH..1..M.%<Xu<..#.d........L..[.k...U....8..w... 7c....U4y.......C..\.b..qm..|WB...u..k-X._VE.9.7....g...K.@.r.I2.PH......i.9..vNl.7.~...,!m....B7.fsj...p.l..Zc...^...P.3]...~.J.W...C....w.....A.F
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.83419842114512
                                            Encrypted:false
                                            SSDEEP:24:i0l8xJpotk7MsFCSTpAfLh75SI7N+fp2NHIh1qkWdTg0q+OtPsHa0CLDfn:i0MJocMsjtAzh7B7NuwNHQSdxgtPtDfn
                                            MD5:EEDAD6CBB8306369F6DD146145274C02
                                            SHA1:C237E90134989C237860AED36B26AACDF0DB7851
                                            SHA-256:2898A7D931B12B0E6A6157697C359FE7D34C5474F549F48043E08FF2FF38003E
                                            SHA-512:4B91821908489597D79BC4B74D48115C1AD7BF2035CCAF8EA50E2AF9F383C5C0EDE621BAEEF8CFAF01A439E55F512C712A46B4CED27732B995BC6E3A1344BF29
                                            Malicious:false
                                            Preview:..E....1~..c....O..y....1m..4s0m...[.Qw...X.s..\H9..}u...cuN..,.do:..i...3.SD.p..h......%...u.XbO...Cq...~u...g.?..m}.tS..d.c;%z)%....e$..Dn..b..Y...B.+A.].h.L.@...U..1..!|G.ok/ok...=.&g,4*..9.7y.......m,{.....!...^?t..[ .......#...@eJ$T..|..'..F....#n........M..~....2h..7e0r...\.^p...@.~..@U;..}}..rzA..#.ml8..l...).WI.b..r......+...l.^tT...Ys...~e...w.>..dl.eA.jQ..s..'.kN".y6)......\Z!.pV...`E.../jR?c.O.....F%|*..s.ax..At.(.0...Q....R.%..30.]/l...cR.'.......dT.WR......3..T.y>..]k..q.....6...j. ...:..@..ZA1;.sFD...G.O.N.J..1e..5t.G...0T....;rC."..+.....n.P..bw.eh...Jv+.=....ce?N.O?domz.%+4.u..L..(..\.k@..f.. .jN%.g0+......]O .vF...xA...5z[?h.D.......M$z3..l.ft..^{.,.*....G....B.$..;-.L$c...cM.*2......oY.HJ......?..O.b4...2c...G........6I T..2"..N.8.\^..D<zb......s......$.T.#.'_.N.D..}.j....MmYK.....Y.!d..Q..MKE..2.:...X......M#......EQ...../.e...J.x..k>.........f}B.........F=.X......S..K....Wau........9H...O.>A....U@[....L!........;....;.g.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.8285319943637806
                                            Encrypted:false
                                            SSDEEP:24:7J446Xl37YrekakEvAkzDULGUBPSmltCb/CF7WimQC+bGzKZKmRKTMbss6QAaLDf:yBXlsrekavvBDmPfQCFSin7GWIm5FPHj
                                            MD5:3FAFC000101A1095F54F557FD6A9DAAA
                                            SHA1:43AD7F8C488A46F163E81D062337409FA76BF221
                                            SHA-256:3AFA43FE52943C3F672AE5AED5F8027994A36A46B7CC02103F11513930E577FD
                                            SHA-512:3D76C2701708C9B1D9D99C35A071F20397E0B721A3DF552DB97BB150381D78652DFD385346BFBD464E13427FEED2FE2AD8DBE95D52C6DCCFF2A90030295F4097
                                            Malicious:false
                                            Preview:.....L)P..z...,.6.1...H........$..;.....Gc}CG....?E..b.68`...@...a...!...\..Uy...H.w)..........o......_$...1/.....E..gB....}..Z....S0..D....._.A.&A...ay.2.'?x..{uB.i-..&....l..2M.b/....H.D..V../..#U9.R...!.MOw6F.U.T7.F{.KoS.i...S..-..u=.%......W6N..w...,.(.7...[.........-..4.....K}{EP......%O..b.8 s...Q...f...+...H.Wc...R.g7..........f........@:..,#:.....[..gB..X.$.......m.1.1Z .Z.......K9=p~...uf.....H..MU.......0.Bw<..G.\'*.o..\...r...\..w._.A_j.{.5i...6.jl7...^]\.{..MV".C...}6....*..%.*........b.@...q2..i...B.9zC..2l._.0[..!.....*V...;.!Q.=...>H'.....!R......V.I...N..7....E.).9..P...Z{.B|A..[. .......y.<.?Y).Z........G =td...`a.....V..M\.......;.Ce=..P.F80.f..[...}...I..t._.Z[z.o.6r...*.bd*...BB\....TN!.O...m7.f.8...s5O.{.S"1u...a5..`.95.6..&.5..#o.....!G..{....e........[iK...wGR.......=.S..%Aa.%....=n.h.t....4..Z... ...'.^..wC.U..M....F.."......3..d.q..A.xc.8T...d...*..w7.&...w Q........9..c.b.........../S...:.=.c.@a\M+.2...'g
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.849559850460525
                                            Encrypted:false
                                            SSDEEP:24:I8uvG3Wn+rMwO0ngsYX0D/Y1jbfT2uWPZtc7hDtTsGWGQo8vLDfn:I8umKSuegOs1LJWhaFpzWGoTDfn
                                            MD5:6C4A52A80E78248BC94AC9D7D75BB98E
                                            SHA1:6801E65AE90CB0F5FD6DBA1D726F2AD4CB3C6651
                                            SHA-256:C7525BECB57C156E3C80BA0566A3E22CD3E2FE182FD92E5FDE9CB7E16D2CAC72
                                            SHA-512:084029B1A69B50201F13AF978A49596012805FF619099B910F2BBC84B43ED6DD77CE1033C79898AED892FBA7A323501094D8246D9A3875B717CA2359B9EBA594
                                            Malicious:false
                                            Preview:..%a<..........Ei.Z.....x^....V.n/.P.....-.C..W.w.O..i...z.L..2.........K.Ko........6.?Y...s..M[.=........S...R4.....'....n..6..%R?#vHxi.z..y...........+...U..Y.HL~..]X.9..T....T....]s.8.i"]AB]>iAA.A2e..P....F.Vx.8.9....c..R.6....;me<..H...B..*j5..........Op.Z.....~U....Z.k3..V.....;.A..^.l.W....>.z.K...(........B.Bh........=.>X...j..@A.6........R...N;.....-3$G7bN]...{.bQ.......0...$..9...4...[`..-.i....g.z.QC9j....J<.V..{R....-..H6...dFz[_i..X#...........!.-/......G.......gT.ii.rd........!~..j._...c..k.Cl......T.tA...t..r;.j...Q6<..r..2.S*.........r..N.......Y..u......8.A....2.z....-o.Mw..a*.1<98L;|NW...p.oO....... ...#..3...2...Zv..:.|....b.g.II,s....K!.B..oH....-..P/...n[yUNw....[)....:......)+.,./....@.....`U..g..G>......s)...H..z..o.1..&.........4..q.<y1.8.......&...<.z;..a.'.,...s.....*..S..W.'.7...=.<...5...=....8(..I......E"...CTc........%n...A.U/T...l}.{]..$9..%q...D....92J..i$u........m.UH.>......c>....4..4.c..<..o..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:iAPX 286 executable large model (COFF)
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.865804473625403
                                            Encrypted:false
                                            SSDEEP:24:jlxLMA4gKMW7pfgwx9cJJhlCjT9g/FmqFe4ZQMlVEgaOdFLDfn:xxoA1guwYJh0j5+mqEEQM7EkDfn
                                            MD5:E2550DF1E44B1E33CBB94B5C299EA451
                                            SHA1:499D8635D4914A7C05D73B99D2BDB516FF694676
                                            SHA-256:8B763698914EF73B2F1640330F55975041D8C83D42DF180F849E19F3C6555E69
                                            SHA-512:ABB28C59BEFF6936B0CC8D92574B07ED358EFE298EB9025D4DC9F257A6AB5F46989CA76874190612BE579108AE8E4D0549F838ECC14F70415FB76B685BF5C068
                                            Malicious:true
                                            Preview:R.....V:2FZJ|.........]..+..4..~..Kw...6.$..qg.<.....m.9njfv(%.`..4..L..T%.{d...0.|m....g...(8cP8I.....+L..oc<.......F..q..}...2..q.b...a].g..2U.wK.V..%....#..zk&2]....6/+#;.E..J..23.*S*kV.6..E..W...)Nm..5...Z..Y.V.w.Kc/............U_..=X.....R.....\%-IZYv........F..!..1..y/.Uq....,47..r}. .....w."ohyx,$.u..0..A..J-.nq....?..d....i...&9.Y0T.....:O..aa8.......Y..{...J........)..'.R.45e.x....k.2t.L$...3V..~...u..S..>...h:Y5.......@.......0e.*'6Z:OP.U...P..HUyri.c..E...-..?.......}..y...pn.."Y....18..sj.Q..Ka.L........w...wc...r..,...-Cw.gF_..a...n...Je.gr.;..NW..^.W^Y...R..."xvg.5X....>...6XF...A...J.h..C...Y........,..<.B.!?k.{....a.!v._#...>C..h...d..D..$..|2F0.......\...>...'e.62+_-NS.O...W..@Rrlu.|..T...(../.......o..f...b....P ...S.X..c.e...b.*.....v....../v....6'.....&........p.....4.......~4C|Z..4.........f......j....._Hf..~.Rf."z...:.P..b....dlVWf...o ...}....I!.V@.~...}j.vj..v.2o....+...'.....7..7...`.I1.~.o......o...;.p ......5.>.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.85892698909094
                                            Encrypted:false
                                            SSDEEP:24:eKiMLde8CmeRUhp8XIwBHxnTFiag2wdA/TgCgTWtLDfn:sMLuRVICRZifxA/KoDfn
                                            MD5:61DA768442E32CF701F34D54C9544CAE
                                            SHA1:57E2D437B5ADD18360B21E4118C688DD25116DEC
                                            SHA-256:2C8DB1602839657696B3ABA4B62DD833831601D810DD57487B8B97190FF64958
                                            SHA-512:10852A2692DB5CA4802816D938D8A0EB29B0CAFE336401D90AFC1E09B6AE9163FDF109393567CF1B183A268711E237379A178E46CBA1805476E5D14FB699D472
                                            Malicious:false
                                            Preview:...c.-..~.DG.C.....,.a..u.w...C..#S.0Y6.H..1...]...,.$..X..../..^u...z...f.d.R.A.r.....+w...f_.yq?+K^H..WY.ui/E.?]v.`,.?...c'/.6..t..}I..{...W....ym...@\sTZ..I.....*....]AV...#.nA4.*R.Kd..JA.)1..7...p9.6fid.......G:.X..6....mc....'....{....9.....i.'..r.WG.B.....4.c..p.y...F..:X..Q;'I..,...Y....=.$..T....*..Zp...g...f.|.[.@.h......z...qH.xd;8POS..SZ.pt0Y.%\}.o+.0.]W.7.].x..\.......!..i.y..4....=.a#..;.`..;..i...~o..{.F...Z..-..N..n....1... ..P8f...n5.......N....... f.N7.J..^.>....5..a6..b2......C~!.......L.p.|.^U.q.:...Y..._..T.8..7.D.NL^.....Y..a...2.h.y....}?-...v`J,C.X..z.>.Ky.CV..#6R.S.3.P.S..Y.JL.1.L.o..Y.......4..h.}..)...(.| ..;.}..:..f...nx..to.\...L..5.D..f..../...1..Y$s...`*......R.....+~.G8.K.._.9....4..4.Q..B...x.h....f..%'......?..X|4[.a..JI4Q..Q..1...:.s..E......Rf......q.I..O...P,\r]"...z^...<.>.c..bk.%.X.:.e\af.^..D....3..w..R....'..:...0.G.{...(...-.Y.....8.Lz.'..<...\d..t.}.JK.=........]..o2.c....@.f....A~.D...B..}
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.857859135485988
                                            Encrypted:false
                                            SSDEEP:24:qzNy4W0WCM0Qv+c1rK+1LzkXgoozUWMDr/uw97/eRcrbI/LDfn:qpy4W9CMptZLGgooz1M/S2IDDfn
                                            MD5:E6C7BE834201FF032478D727C58ACA89
                                            SHA1:8E1DB02D30DE513AD6006C81F7E79F7AD37B068C
                                            SHA-256:99A398C3B496D7514A1737AC76474057C28540B29E894E7BFED662DE19F7FAE8
                                            SHA-512:A784A6C75B6A911C960DFFF4774D0945484C8024BA1E413FEE5196C14664A243654CEFE65F0C95D02F3CDD7A1664F4B44DD801D6916FF90B8C3CA2F457600BDD
                                            Malicious:false
                                            Preview:...0..~.1..~.....e.d...(.#...#.........>e...j........y$$../...g.{|.li....2.vE/.L._...T.......S.<.+..C.l@...cu...=..*.....i.#h.r..,..>...{H.i....d.,.>...;f:..".H@n........=G........D.i.r.S..). }.C...<.[ >F..Q.z..xN..:ky.YM.5..Q..M".#w.....r..|....,..~.!..g......r..c...+.4...%.........6g...h.........j/;..1.{...cn.z{....%.v\#.J.H...J.......].".&..W.xK.....pz...>..7./..K.....G..k.s.~.oj...2.[.6C.ao}.....Y.Fb.d...(A.J....I..^,)....&.V....A.;...,..U.._..;.i.].gu.B.s.lE.EN.._.A....yot..2JA...)x....\..&. ...d..,...~[.C,%..10+w...(l...-Y1.....`..b....vLZ(|zNnSI..jzL.EJ+.I.C...)....qn..w}.{......^).`..m..LI'. x=.\.....E..w.p.~.cq...0..V.$^.sex.....@.Ne.k...*Y.S....H.cK0"....$.P....X.(...>..X...T..1.j.K.~|.R.r.w_.@H...Z.H....`lb..>3...L..D..8W.g&....d.cS....t.K.W8.<g..6.8G`\._Z.|..R..'\...hU.G69}..{.....e....B.z.,.&...h.Y.$...@>'...CO...Q...B.J....L(yn......'9..Cy.4T.=.......7..e.>...~.#s=..T.1.......%...7..m.R|.Sp..)..U..5...`ZjsD~...."o."..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.833384785241795
                                            Encrypted:false
                                            SSDEEP:24:lcjewdnm4GQzcACafM8ZgrZn0Xcn9Xu378b2BTofv2osInJLDfn:q1eljafM0grB0Xr378k+Dfn
                                            MD5:87BD8A038AB7C5D454D6FD8FDF8FF493
                                            SHA1:30CB80A799D14AB8FDD22BFD3155077DCFAD5B72
                                            SHA-256:4FFBA9F8DB5B4FA514DA566B5DE3109D4569ACA042C18E21F92849E9B8D44237
                                            SHA-512:2264B4C327821AA06CC2DB9846CBF114E648849580CB7313A711C3692A900FBA387FA46D0CA3662307356DD7CDADBCD0FA0DD14C90533D87A5C0EA13703F219D
                                            Malicious:false
                                            Preview:.D.e....<1.x*..).pe.h...[<b...c6.0-.z......Z.3.Ch.......L....E.P.l|d..c.a1......YC.~......X<...w|..~...E...T<.."..;/.}>........%......7.x<.b..sF.M@u..r(...S..BUX.......Y..J.....*...dBo6/e.4.}..Q...y.]{d.....8d..../..ST3..2..k.J.G.V..N...B..^..b.K.q....'1.w5..).vc.....T?h...u0. 6.s......M.*.Mp.........Y....C.N.hzt..r.m8......[C.q.....H3...ck..|...W...Z3..;..=:.m?....MP.{,E{....F}.R.en....N?..........iE.....W|.CS.`..DJg..a%..`F.K....w.H.........H|p+6!...C`..{yA.^.3.I;5..|..q.7.j...w....k..'......Rzd#.`..<.TZ3'q.....}\.........7...>..VIW..A.a..&.f@\.I?..E..._.....n^b#...u9.X...). .s1.`6...P.t.......m.....%.BW.p?Ph..m.Yz.S.gw...._/..........o[.....Su.I_.|..Q^}..z1..xI.N....t.Z.........Pix,%'...E~i.doN.J.3.B4;..s..e.-yb...f....l_J......4.P.!.J.-..w.K..@..3-.J..R3^....g.a....1UM...0..y.."..g}8.J.M!...S......9.P{p..c.C|.%.".(..^D.<.o4)iQO....d1. m..C..|P..&*....f&.&...t.#....>.......j7R......G.........$Z....T..Qk.*....m.\seG.`.|.E..6$.Y..B|...g..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.851355010998718
                                            Encrypted:false
                                            SSDEEP:24:Wq8sVe2Ie5FOGqe11y/XWD+LsQlal6uNECt5J5n3K9auoHfALDfn:WqJVeheHO7eS/XO8sQlnuuCtv5n3K9aa
                                            MD5:669AA9F745261B3B78717FC32989E077
                                            SHA1:202D891FE955FAE9D48C06F8D5638FAE405C99ED
                                            SHA-256:D13DD0D5827847E850A94CF4A427B78B302CD92B974BEC89639C82F228ACC315
                                            SHA-512:41E0568EBD2531497F92D299EFBEABF3E9167458271CADE791F81B8EB2EF9189A9E283647D944CF01069BB56076293819522E24532CB7F279A0106172FC78272
                                            Malicious:false
                                            Preview:.n...0'........_e.-.....c.z.,.7. 6."..o.../.Y...q+.9....DN5.?.+.R..'I...H:...b..........H.P9....l...%.F.W..H....?H...g........X.^..\_.HC.Z3....t...W,..$O...i......{S...K<.Q.h..m..%).|c.ttA.....5^.....+^D..W5w...}'.....m.-6m...b...-..C.....z.....a... %......._b.+.....`.i.;.!.=&.>..l...,._..i$.&....DC".<.>.T..'M...Y+...y..........A.A)...x..'.A.R..]....!Q...r.....vSW...N....p3..tk..8.>&..uU.....$....}c.....(c..WKZ...2..D|...+.VO....o...I7...g$...I..$.._t...-...5...o.f........'.F..r..x.E..&...2......$h.\|..!.S$\.g....O.=...U.:&..r..2._ .....dw...... ....Iz..5...;-}.......D|.?I.w.?Lq.....=?....G..<&..v...K...q\P..l[....t,..uv..$.+%..b@.....#...va.....!u..FWL...(.._h...$.SA....o...S&...k;...\.."..Ir...2...!...d.h......./.I..j..g..tQ......*/.!F.Xo2w....?PL.a.l............(.^9.'].d....V!...a ..u..p....S....P......iR.J........+Cs.d....s...+........p./...|.....7}A.Vu......zp=..8..gk.)..iPK.=[....p.b..}j...6=./o*.zKL..6G.bM...U....3...(..yuhB..X...^...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.836754138147419
                                            Encrypted:false
                                            SSDEEP:24:mIDnljd/JLq54Pryxm5LZ69rYT6k5UjYCoUqvQ9qazRaT4CLDfn:mIDljbLBrywkYRUEzvQ9U4wDfn
                                            MD5:BBDB2CF97446A7D2D68A06CED656AF51
                                            SHA1:E2B8A6A7832E4B18ED3285BA5D608349559264A6
                                            SHA-256:1D807DB87D5AB2292331ADAB3B81088364BD052B1332A117F7902FCC53219628
                                            SHA-512:EB4673F3C978641DFB8B5E435CA521A5E461D29C213408FACAC0620970ACBF503389C15847294B37531AE4A1039FAF194FA76712D63B0920F1AE1FA6532CEE06
                                            Malicious:false
                                            Preview:..j.......).6...u/..f....(=.3..I..M.(.L...j<:..~s:..w.7V.#..x!H.>..{.wD..x.=,.....m..;...I.vN..+."$.....;..P..@.Yp=.,.........Ki...}.1.jJ..)80..K..K].!Re..D...Us.d.....6...7.....azQ..V........M.a.tl....->!.a......... ..q^..*..@....5..r(....]W..#..e......5.-....6..i.....6.+..C..H.!.J.%.a+,..gz3..q.3\.5..h!T.1..a.pD..a.26.....b..!....Z.wU..#.71.....)..Z..I.X.%.0.......;.6.O....N.m.N..w.......$v.........F.CeL..W.....7].C.[...../.*.y.$K&_/LP.u...?W<f..-.3 ...T.4.T..ZF....(...9....-..C...nV..w.....Me...*3...+j......."...H..?~E.r.G..........B#.V.........{VQ..0[.X..~..7j.Q.......[.B...h....H....K..Q.n.;.s.;.M.a,.;.1.:.O....E.`.M..z........8c........._.UaU..B.....2_.Y.Q.....".7.m.;_<C'@J.d...&S"z....">...^.;.\..LA.... ....#....8..W...iW.....gto.%..........qs}sV.....N.........dN....&.....]<C.v.<.N...S.<s.[_c.~)kh..|6\07cGo/}.?i.WB[xnkC..)....._Z.....k?.....I.\rD\8K.X.?..g....=..'j..?..G%E.(.z.=pn..7..l.J7.S.y_/u..-9..-..WO..|~./wqV$.S-.;.E..p...n../.;..7...O
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.837420832454955
                                            Encrypted:false
                                            SSDEEP:24:cof0pQEKX332gdDntSd8LAoGHOoXmwoSFYmCoZXQ8T/AzHRLDfn:coGBa32gdRp6Oa3FMoNPTuhDfn
                                            MD5:8C8F0D232FB6FAC602CBE0827B2779F0
                                            SHA1:8C9DEF00110616437B4869CCEECD057C0626F826
                                            SHA-256:796BB07EED6466CEA23D6554A4616808A6F5FBDA94EB3D25013663CD1E74697B
                                            SHA-512:707C21694110B68AAB9410CC519A99B3EA2DAAF9E10F8F39338849F6040E5D5AAF97A3A0B7A884FC75352CB1D8A86889D644C55497A08AD5BE983DB734E0A794
                                            Malicious:false
                                            Preview:.B.TG!../.u].rW4.?....}..*..h..1...k>....NxC.......r..$.)...}.skW.h.S/w.{.H^.*.....w...%U.T ..h.<g....".sm.8...f.Jm..:.5...\@...<d..pv]t..."....N.....7.$5....O..7.iZ=U...=.....thU.K...E@.a.."5..(Dx.7.....Q.....H}..e....<.E..I._.E,.#8.....'..Ml.I.XF9..0.uN.uJ:.1....f../..|..0...m-....TkK.......`../.(...y.p~O.l.B"s.e.]K.<.....~...-[.E(..t.!b....9..ul.:...q.C~..*.4M....(v........../..Q...o. &C...6nI_..u.zl..jD..Q.za3...G.....e...o...S..l7xt.0...9xM...S.`...4..[.....# ....E..."|..&.'r....0..]2T...D[.&fOK,..L6Q.b..z/....".r..3Y{..|.KN...2.q5u..-.....l"....<Kj.b.Y...."...vm:.^..(..5.>Dlxv3.........d....0`.V....2t.........?..[...q.'1U...4rML..`.o}..fQ.._.mt$...S.....t...k...F..d3{c.6...<oL...O.k...<..E.....:&....U.br5t..4.?m...kd...ccT...7.DOeCq.).}.....H......Q.....R..g.^..=.~.....)8rIVH..(.:.m.Z.$).'=Wi|.....@.t...........D...bv}.r...S.J..C.!I..j.U^..R:n.`-..%.n..Z...!....j:%.........H}.......2._.f.....t...n.JBS.E...rZ.gf...R.?..........4O
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.857557081755901
                                            Encrypted:false
                                            SSDEEP:24:c5g0vA+jc1eckPxryKe2NqW6mt5z35sfjPBx5znJIkRPwKnWVt27FoRILDfn:c+0Ipetx2KeCqWZkPbdnSKnicFosDfn
                                            MD5:96DCDFBCBFA95A7D2338B20CF86D89D5
                                            SHA1:ED9D95BC130096A67BBE7BC8E80ECF196473D372
                                            SHA-256:AAE86D035E280C87766A51D631658CDBEA10A6F26F3A49221A75B07859FA8253
                                            SHA-512:1AAA003665A01D92493885D4998B4BD3C64CAAA7A793ED66404BCD5C5F9E4CFA8FE4D76DC4921F6C19349DF9C4BDC01435340C7F16C7855C320D758C9B2F6F5A
                                            Malicious:false
                                            Preview:..C...O............y.......`q...K..a>...6n..N..0......~E.....$.Z.,UU..E....{..DO....".n%C......n(.J.~U1W.pd/..S|...._].NF...$....,.G......h.~..n#..'..j.,.-.....7.,..^"...*..X...|.PK)......g....=e@.17;REc.7@\.o..\..=..:..9..^.....}p..,{H.L?..N...E...H............|.......wx...@...0...?}..I.."......sH.....7.C.!IZ..N....i..GQ....-.j:_..$...g+._.pL4I.dd?..Td....IV.^_.y.....N.4.h...Szd...A=..P42fs..F...!.{.9.n@a.R....V.....X..$F-=.sq...@..L.....2qM8rO......`-.....c.........i. .Zmg...1.w..c....F...ni.....t...a...z.].-.....o.k....Y.G....L...@q..&..........p....L@.3Cp...+n"$..k.`.$j...\...t..GOq.b..%..]..8..u..g.....T.,.v...]ud...Y=..Y!'ip..F...).../.iZb.W..Z....D..?M,8.ma...R..^.....>nY2`T......u5.....k......h..a...Iuf...-.}..u>oz.w"$..N<C<..0.YV.....zIX..p.O..0./.i..QZ.h...!cn.r..qQ..;=eH...`.@.s..Sj..]....G.'...D......2..<'G.....H..Y........_B..4q.......U'.....r|TO..<6.H.G-.@wUo.5.}."..I..y.=7#q..C...;.k. K$..cY#..O6..0GS.....o.9.'...UH=.p....E..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.830624102706302
                                            Encrypted:false
                                            SSDEEP:24:1iA2CbAErT+v56beO+hRw1dLy3XWWhwOvr6p4s1O4TACVo2/urXLDfn:1ivET+IaOqq2hjr6p5nTo1Dfn
                                            MD5:B309836ED04192839AF8CB210E951485
                                            SHA1:27BEF3FCDDDBE95B877A0D1B2BD50B9C88228985
                                            SHA-256:6B6C1711D04ED80C8866376B6DAB5A43F0CBA814A603C0267744107DDBE19C2A
                                            SHA-512:7AA9EE72145F7B39AC928EE9C17633C0A0A97650808BB3FC531815A80C84794C85CE593A643D289F20DD09EF734F026E184E665700DBB34A88AD66CBFCAA8BA8
                                            Malicious:false
                                            Preview:......5./....7...&.V.U+W...;..8u....a.....ix..|d:.t..Cui[].%Jw...5........i.._L.I.)z}f...5.....)/.....9}.....G....A..E8..}..#.B...{!............P.n..........|.N.!T.Pq.f......%.&.E.#........*E#!.E...........Ls=..2.....,J..~l@8W.K.)qd..\F..i.<]nJ.q/......0.$.....-.../.E.T+H...;..?c..!d.....mb..pt0.h..Use]U.<_d...%........t..FN.].(e{d...'.....9"...l.5}.....H....A.^2..o../5>....n.3'.} C..YT6...h...0..;.....U...|.......<\A......c..h.d....a..."..%.;.....Otk.G.........(.L.,k...P.....*$r.\9...{..T.....Yc.U.J.=.-.Z...,.8a.&.Q.T...G...b.....*...><.KMip.......D.....2.L..q.t..t.-.e.W!...9...E..*..~D.v"..o.....7. ....3=;g...d.(%.u$V..EA(...h...1..-...q.E...|.......#UU......|..`.|...!....;..#.?.....Yjl.N.........?.B.1n...U...-(p.H+...v.D1p.y....J....J.N..5.s.<..l...?z...Y.H.....U...gk)v..z...j......B..Y.PW.1].."..%...u...."O.rF.....~...G..F..R...E.-..-.....W..'.|...=...L..Z'..M.T..e ....g..4....r.W............O...0........1.....?n..d..+.!.inK..y.I3...t9n
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.850520223145692
                                            Encrypted:false
                                            SSDEEP:24:7HG+K4zTCI9EGpxsHxiVUtfq4rMNCxEmS8auuSpzcP5cdfv0Oc8/LDfn:rBCIlmxiihZrME6vZCzcBcSOc8DDfn
                                            MD5:819F798D965EB11C8557993417FBF9C4
                                            SHA1:23210935F3A632D38B9E6D9D211689D68D01E6BE
                                            SHA-256:3407B41D9DC715A827EC223B0058009A450243F03B41E2E109EB72812430D9D9
                                            SHA-512:61BAAC5E76E3EC5779FE820067CED57D59A9A094AB01207E783133B0B211F4D93DDCFBC642E5085D080A84801DE8AEE0C5A1FBCB41E1A4A10B41E1EFEC5F7FFE
                                            Malicious:false
                                            Preview:aQr..-.A.n,.F.en...K.e6......+...q...-....sO..p...C....-.......M..U/.....X...RI'.....OT./=>5.0...I.ul....p.u......`.P..S.,.....Q...-.....B.M.u..{.Y.03B....(...?.N.~......G?I....%P..........C.>q..bwHW..e.tg....<.[~.~.\g..-.dG......R...=.._f..<&uy..%~^i..=.U.n..Y.ow...M.r>......<....a...1.....uV..h..D.... ..?...O..Q).....T...KS:.....TN.*,.:.'...W.wc....x..{......f.P..O.-U...F...O..xFF....]i...$..lM....q}...f5.*.Z#,`.~&...X).J..If1...#.....=b6.m.,....M..."z.eT..(.[?e_.......|..F?c...'...z.5..!8.p.....>.}....?.(.....b.v..{.....$.......5.:...|.........#.d......Z.v......0...1H8w.G..J.iO<..E..\.d.m8....^./?P6A'.[..R...M....L..gAJ....Ab...4...zG...vf..m7..$.^*:j.o:...L3.B..M~>...?.....-i,...=...N...%i.lO..6.R sP.......{..@0w.../...k.&.....<..L...!w.............xU.O..s..Q.....QC.x[.p........C.z......<..K?...g.a.j).N..g$M.....-..._...5....+.......%.uKO.+.M.)q....*@.@d...~...&.{%T....m....b.......+..0}...............d.u~...|..A.S2U...=...T....!5.:...A...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.8318347597708815
                                            Encrypted:false
                                            SSDEEP:24:vp6BFgwKKXU7LFH/RKMuVWdSVpuOFcssEj4Tw+TV0HDi79wVKgBLDfn:B6BFgwKX5RKFPyAj4Tw0V0uIxDfn
                                            MD5:6375BD30C0E2A2250A83284B9ADD757B
                                            SHA1:202D3C463B2705FF39DE7A5EAA5880F6498EE2F1
                                            SHA-256:78A661F569D6676551998B493A8D5DA3DFF12B06EB1A38F422A1ABBD270D0E67
                                            SHA-512:FF31B737A09B1AC44485F674D93F952E670D13E414924E740FA88DB2F59FCCA6BEA5B6279888D26CD9D7AA6BC34DD4C3685A929D00042C4EE072CA71C9A63944
                                            Malicious:false
                                            Preview:...g..._../w..|...C..tj......}.X.*."Tv..%..7.lRQR.....T...E..a.. In.H....ex..Px.........Tx..U...L.@1..y.Y....`.Hc.qw^.....Z......Y....}.">......f.V..!.B....b.2.;M..Sx..@..1.A...T.U.....@/Sk...yh*8..ZQ8.q..fv..9.&......wU.M......\g`;.}.k.D.j.....g...K..!}..~..C..kj......~.G.1.;^g..!..2.oZI^.....B."fA..p..3Cu.B....ap..Xl.........Te..Q...G.@9a..e.Q..{.I`.jiE...AB.b.g..o.....`.W...a...[..5......e..{C....IhL..>.L]....@.SB..g..:..o.WQ<).....A..|.Y..#.X{ ....}.v...2..H1.$5......]{...s}.[..P.t..Q....#.)..D*H..=b.q...Y.....<O.~.FS..}$...)..h...[.......8. ,r.d.X.h...L. {.4_.tz.'..........ZZ,....6-.=.~..t........OD.{.w..o.....y.@...}...U..9......|..kP....YeD..!.V@....W.SV..e..0..|.UC$6.....P..w.Z..8.Xh!....l.o...+..U;.!8......]`...f)....1.]o.X%.....}.[~F...M.....+.......W.g8..n....f...>.-Ij..^...a.`.*.......[6.%...L.2........3...U.b.P.s......`.A0..Z..k=...........q!.<...Rk.T......h...rZ|LU."..._l.....I..n.:...d....)..kG._#.sA1vb......t...V=.?b..'._W.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.880931722846065
                                            Encrypted:false
                                            SSDEEP:24:FQxFJxr4w21RSTsjr5bhyoYTdQs53/17HAjQURcon7LizLDfn:CxFJxswWJ1WTd553/176Qe7LeDfn
                                            MD5:30394DFC76E26CDDFFE9D5F7F3CC1FC3
                                            SHA1:7047BA20EB8CD03058623AB246D9092374EBD9B7
                                            SHA-256:6C972BF832C8C9D84DCAA2F0AF20AFC9D0B1A7AEBA7B3CBB7DB02B976794F235
                                            SHA-512:FC3E706994527F0F02FA974D4CC13EFE405EE4A0738ABED9A31BED0F0CD1E77DDA3D6E77ECDF1FFED95AF5F290F03D423C01968C11FA42AB35D085CD019E0279
                                            Malicious:false
                                            Preview:....}...]...b.....M&%*?Ef....(.i=..].L-.?....8..{....<.G[w.9...j.....E8|....Wq~.G.B.:...]..ZY...........8../..!..P.{9..._.m...<U.n.yE4...A.j.4...w..X....^.M........ .=Yn.g.._z.....|..7.8@..<Nw9G$...O...e...$7...>....:..m.lbn.]A..:=X...V..,........w..A...d.....I!&%<Fb......r-..B.[>.=.....5..v..../.XG~.#...c.....X)b....N}i.].R.....O..ZU............. ..2..S.y$....IkQu..W.........O.+.s.c8..].":Bd2....jJ.6...,.....OT5.`.0...=.K..T.....bpn..=..h.w..H.@..y>.........%n@(...3K...6....i+.@[K.y?.>.O..~.K./........=..o...<)..-d....w.....o..+i.7..2va1.).....>.l*dU...M..G.......eM..S..k...*.z..aV4.tv...|0../.o8.^aUv..J.........C.7.p.s:..@.00Gf"....sR..*...-.....RI*.q.%...'.G..R.....{g}.."..y.v..C.G..z6...........?xE..g.6D..8..... .L....l`^Z+.p..O.. "..aA..2....V.G.n.....).mtDg.(.+...d......A..@..\RT.......g...Ch...wr%...c..W.}.&.......:.xfb.....(.....g.{.]>.'.0..P......Xo{.....v.T.$._.Y .!..[..|..B.....%..\.x.2..V......_D.8......V."o.3bh.M.x.n.)4
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.855711883380377
                                            Encrypted:false
                                            SSDEEP:24:7udnh02WcgYqNtH+lhOPzYXYvXebfOyhCD98522dDQB4Rsqa6bXV9wGdg/LDfn:6i2WcgPUXOPktbrhU2dhcDDfn
                                            MD5:FD426247B01B40B5A754A623B0456D49
                                            SHA1:22170C31E2ED7AF76F88559260D9BA1F6A7DF390
                                            SHA-256:F7AB8B81804D2721A6C545927D891C0A878063B0DCADD7121E6B3EDBAC74DB44
                                            SHA-512:750555FFA96E61F00FEAAFB43BA73E1CFF9318B31A1C9C4B24F967D40608B68835C3AEC2AB0138A4957EC82C29E6F571EF3D83468AC1CF1DB10D420AC86DDBA9
                                            Malicious:false
                                            Preview:...%.A..!k...V,7......W....T..|$>.:..64.l.l.,......v+.06.E/.?.......j.C..^.\.TS*$..U....j......&...K.="..X.hu..W.q.z.s...4.n.U.Q,,...w.0../....l....m.-5......D^....i....NK...;.9..].O.w_R.z.[.`..D..t.u....^.Ze.8.4..n#......j.7..ad.......L.;.....-.G..<....\)8......Z....X..f$=.%..9-$}.`.1......z3.79.S&.&.......`.]..Z.@.\G)-...\....m......6....K.#-..N.s{..L.p.~.m....>..m......u[1.....r1.*J....g..80.a.$...`.Ro..&:..$....6.).@....sp.2.H.H....67hH..R.+.=[}..z.H.Ys..~./f.d..i. ...M${2>j.Hyrr..`.....xnf....E<.`._}PG..!iDeci..E.l...]]i_4MN.......Q...aH.5K.wzl.A..".kd7.....+/.....%.;..96.....7?.8...._..l..K:._..0..t.....`]2.....w0.*J....k..(6.x.;..|.R...*...2....'.>.@....qs.8.N.B....% lG...L.0.$@k..{.U.\b..h.6q.n..d.:...^$`45p...0....v......2:A.....$..t.<...c..[..U...QV......\.. .b#tq..O.)-..}........(...,L@ME.9.(...Q.j.D.%...2._'..&!.....t62OFr.Y.....V.....DCs.K.nK.4.{..u.....H|.}.....g............#..].V?...{..]'.1is6....:<....iF.Z.l.r>
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.857478554052595
                                            Encrypted:false
                                            SSDEEP:24:itzk4uCeY+jBV2Bt8rElZFdcqfErvosHa59IXtLDfn:OQNCyqBirElZPfErvoMDfn
                                            MD5:BB705277EEB1398A707911C40B1A0FBD
                                            SHA1:D13A2C16F46AFAE0DA2CB35611DA0E18BC84B601
                                            SHA-256:877A70F8A25AF97B0C008A26B700363D8E9278DB3D1406FB5E15D22F1F5E51A1
                                            SHA-512:EAABB504C35AE25935DAAB6BDC41E38061BDA17EEAAA2894C60F55F52ED28BFFADC2BE5A65CCC3111F08237E8441C6CE8347E4B02DE49AB278A3E5A9A61FDEB5
                                            Malicious:false
                                            Preview:M]`F7..C......X.I....^.u.......m........r..C.W...h../.d.w].p{...]........N,_.......k............8Z.NW.....k`|.`...?..9.Q...<bJ.!D0..j.....X.".V.2....Y..,.Ga........v.;...~n...../~....T.v..*.}.6x.+,f.{......aC...[.,i2...y..xH..P5....B ./.XYc@/..Q......V.S....Y.i.......n........{..[.Z...t..?.d.yG.at...O........K$\.....k............!U.XL.....s~a.p.../..4.@...s=2.v......%.tUeX8......t...].p.p...?..{.8.F...K.z.2&....?'f.u[v.H...pi.j..3.....j/.~...~...+....e<3Yl....\H...&._"..y...&l.......w^....$Y...Y<.....D....u......*..|*...7[xM...`!#...f!..G...w=A..2.B=.V>.}.....1Sl..k.yH....%v..b.D(.N.7A^(mf.OcY....b3%.t......9.rWrX)......r...B.t.k...6..{.5.D...K.{.+6....8+r..zYr.R...fb.u..;.....w2.u...{...8...r0/Lg....\F...?.C:..s.a. Dl....L...W+._H.@@.....e.<h.dzh.(.....?..a.<.....YJ.......ho.L..:6Q.F.-...V<....ET.B..B.N..j~.a...L....%..Z.[U=)P:|i.}.`B.*.ruN....;.?.*%.Bf..QK.9".r.4...f..f.*...>.k..zD....*n.].D".l.}+;..R....kb\.U...Wg./...........
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.866137692081508
                                            Encrypted:false
                                            SSDEEP:24:Dai8likkbLGiFUcswQctb+vhTStb2jH3VNPFBPs99gV1XHxBLDfn:v8liXGIUcswZtb+vhoaJ989gVtHHDfn
                                            MD5:CAB74555E188FBB40633AA6F1EA54C36
                                            SHA1:318B7331F3C7F665A6D734CEDE3D05141D438365
                                            SHA-256:EB4157D4D71A4D38C21F1B2F7F6D5634A89B98CC90D58D100AC7553D5612713E
                                            SHA-512:416C9A6D4472BA3ACC119F1188EA1344EF6F2EE3898E1F05043B079EC603DE151D574ABDD9343FFA35CB6FE5D904F8EDACB0B7735CD46CB3805D015C1C71E43B
                                            Malicious:false
                                            Preview:.....S...vOKC.#..YR....4..j@..#..8...J=..e{....X.3(f.Q.ot.I..H..}..\..tL.....;].y$d.Y...Y...tr...i^f.....u.,.....%...*....e.L\....P....c.W.....Woc..RM...NC.........!q@U..uO{J.Qo...{_5..Y........iX.U...!....Q..d.zw.........6...z.u..KH.ro.j.&L......H...gBXV.#..PL....2..zX..#..1...E6..nw....C.('|.F.o..Z..G..j..G..~@.....9G.e8~.I...A...ax...pYl.....d.9.....;...*.....|.v;5..3L+Dhr<.M.{O.m>.........Lc.<.5...0q...I.......]....W.S:&....Lr.4......^...~. "#.....2s@..L=.a.b.:(..L....L..S......~-.D..m...B.K...7f.].$T..].p..yj.B%...Q.......c.....K.r...l..[.s.F._[..._..=...8..FG..)...p...$..D.nt{.!.E..y..^R.wo.<....x.v6*..6X+Ijf2.D.{Y.d+........Yk.). ...&o...X...?...V....@.D7<....Sr.8.....K...x.#9'.....:cG..D5...t.%(..Q...I..C..x....r...xNW@.B.......A.......>>...O.#.mK'.F.`wb]aI...5.+.NS#../_.........@.......P..R.o~.. ....e..;.....b...M.....&=.......k...=Y~V.3.q.[....-.....?fl9..Y.(s.....n......2Y.M.....J.+.?...2w..._..P...J[..OA.D..En[$.q..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.838451370630613
                                            Encrypted:false
                                            SSDEEP:24:G7b23RD/tX8XgtfU7LjnR41UqKMNfhdRCpIaPcsLDfn:G7b235/tsQt87Ljn+/KOTOxDfn
                                            MD5:2EB745DF57BCA165C2E67313CB51194B
                                            SHA1:4E9553653508F2F211B17BD4D89FE699086A5208
                                            SHA-256:E05247ED3CC56E1415523E266F59F06317EB2F63E3BCDC1AF99DAC0DC802083C
                                            SHA-512:BD8FB69C1A4595807C9F621D3F1B2F73838510780F4372A4A66CF40063B2FDE241523EBF39B86E46EB5935432F0DF5F2C1416525570600242F521455B6B7A311
                                            Malicious:false
                                            Preview:.....e.G.....Ef{e.P.*CXi?;.%.{.c....0...OfW.....d#1.......l?I.._...x\$....x^2.n..&%........8.:5.1.$.....m..:S...p.I..M.h.5.?y.W0C.@..I."H....G%.....`gS.....E...v.LbL..I. . z0U!..@5...k1.....+..AxA.'..R.U.........>.]..im.......}....]w..On.W.X.....d.I.....@rlo.W.%EI{>9...p.i....%...Lm@.....m,*.......|?U).J...xL+.....qR;.a.8<;........0./ .+./.....g..3V...l.J..^.p.O......D....>.....l..&5.(6..sJ\.E.1A......).X.5L/.}@6...r......J...._.....8.3.r.......==..w9<.q.J.....]c}_...bn...r...j.FoL.....!v}.j.__.{.~... m..(...f.M.../..7........*.]j4...N..S.}.E[D...:i.t.....)/|.t.(.'w.}...c..rQ....7.bs;..".+..4&....&..E......\....3.....e..6,.81..cMV._.7H......-.T.2D+..],..k.......^....C.....8.+.v.......!$..d6(...M.....X`~\...rt...n...k.G.~....i}.,..}6.nJ3n...E.@.l..sz-........L.8................,....dm...U\*.!...@%..).K.l..].....(ss....G.h~..SJ.......:.$.L..h@.(@-....F+.Ju}T.....h........5.;......6.Y.1..4...%>.X.......? a.@.N....5....F...Lv..."e.&
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.825752906504469
                                            Encrypted:false
                                            SSDEEP:24:Fylbe5Ejt8mC0W6qoFqq5ZYHtYg74GnrmEQcQbX6ai9yLDfn:Ih1C0Q1q5+HtPVrmEQcQjoADfn
                                            MD5:56DBDC2ADBCC5E7D694EBC236400CE96
                                            SHA1:D97DC5DC8F55C0B75D7AB8C0F18738B689907178
                                            SHA-256:A0A8708F5FDC6F5979AC87CEAFCB527FC9EBBA8064BD048AD67263C8E23D6F96
                                            SHA-512:7F01AEAD916A1CF522065CFC17B6353AB8BA7934CFE2D7D1B7B9D51161C5581B1DA49A43D42FB65DCCBE01DE8734587EBB16A12CD3B73A4EFEE657560571ED11
                                            Malicious:false
                                            Preview:D. Nu_.t.....g...!(,....N...|....XCJ..|:..Q..2js..q.]ga.....\.T._.\4\..(~..lS.A.^Y.E.........L:..A8..G|bP.6{o...J.#v..-...[..A<Q...UzO......1u.@.$9..-m.E.@.T3 ....D.Bdn2z.NN.l..^.F....i:../.>|>.rs..q...........Cb|Ja....C...E>..>..;..$b.pP\...k..YdCF.+GtK.r....p...!'*....H...e....MEI..w-..S..;eh..u.Jqm.....S.Y.O.\$S..'d..`Z.N..DG.I.......U/..[:..U{aZ.7rj...Q.,u..>..y.w |.*../.M4.$...t$.f1..n".......6....v......m.....z......G...E.1T...S.h.']./e_.D.....v.:.>b]27.\.v.......x...d.N....m....VU.7&...$.[u."....c..x0p@...A.t.*.!.dI...=....2.....].[}...q..._.2...g...E.[9.5@......$..&.%.......|q..e.A...2:.S(.s./..wh.k+p.*..'.F#.:...y-.u!.~%......=....ir......j......b........Z...Z.+H...S.h.?D.1yU3G.....u.).*jS&!.O.t.......h...c.Z....lW...P....=.M.C...]...bj..>.X...J4.mrB...I..6..h..1.O.co...!.&kP.?)$U.....r..I...rX..k..*..2..7./..FPg-Ex,..../mo...%...G..u?..k.u>....p..?..] 5.......@R@....V......{.%H..fO.3.Y..3S...`[B...p.e<..a.{.fv...X/...F..O...*X.S..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.835518797105483
                                            Encrypted:false
                                            SSDEEP:24:0whUxUIIDSgZuvOxqsqdeM2unWcufXCUDKNe3W5DLDfn:0TUIcFZWYq72a9ufCMWlDfn
                                            MD5:32AF8131050379D06A900140F65B869B
                                            SHA1:DEDF218B52AC9F627895F42E9123FBDA32E70C84
                                            SHA-256:458D50753CC4E3628056D422DB7B7300AD924922B402703D50010D6B196754F3
                                            SHA-512:33E12E860643A4E208C034502A8A3F23F5E6CF8FBB652A01F7BE028211FD82CED72DC093653B71DF5FBF20FFDAB252B2AEA017308FA574D633B2FE31B3D75731
                                            Malicious:false
                                            Preview:..2.{.w..>j.......<.F1+...... \_+.5r.v}.JL.E.Z\}J.c.K"..q.3.g...j..{N..8..K...`HV..!..N..h..QT...y+......DB8%...,."X...G..H....S..%9..(....~.........{\..y...t/.........jO.v.w.{.R.s..7O[%. ..."4.0..v..>R..6...)S....F.Vm....(...5.5...*S.-...$..y..=.r.c..8v......;.I7:......+EU'.0n.c{.AO.R.^^dC.x.S&.g.#.g......kI..7..D...iOY..;..B..{..J^.&.l>......VE;/...).-@...L..^.d.....E...U...}..*...6.!V......k...:...o..............#}.4..........cO"..(T....w..c.PY7L..c.%.........>5H....j...6...P.A}....)..V.{0\....8.W[H.OS./..LI.3..wiE.....S...r..D.t..c.W.....W...r.7..|.,.=...*..`.?...^L..........>....".X@..6.....6u.....E..._...c..,...%.8F......a...3...y.............6d.:..........kC8..(L....}..m.NS+U..p.1. .......60K....y.e.#...K.F|.>T..q^.2....K...q.;s.bL..2..^.'$ ..1.L....=.{..%..7...N....(?.;...$.R.+|.....0.......#r....W...\.ES...v.....d...Eu..KQSQ.z.1...U.Tmh.......pV...9.....].p;.4z.i.&]E..m.U{I.. ....d6_..5..9....X.......$..xS<......!....A...
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.858738768362514
                                            Encrypted:false
                                            SSDEEP:24:t3cGhK3BC0BDPHM2RUpiD8jhzXriCwSkb8uBY6atLDfn:t3HheBC0BDvMFiD8tSCOb8matDfn
                                            MD5:E1E50F173CFA40B933C07E3F91AC550B
                                            SHA1:CC8A6C5E064EFAD287F964CEB93CF1348DBC4371
                                            SHA-256:D03364FC7466EECD1CD6B7C17037FAF2BD67FE9C3121F36B57CC9380A2DF066C
                                            SHA-512:5B2C3F3CC4D9B53A7C131AA00B2D4E3C672C5C4B60B3A7D9A4E99D16B4699E5E9D23A66C916F99AD617C76ABC453F9C29A4779EEBAC817D2F4ACE286E1AED81C
                                            Malicious:false
                                            Preview:..cG@1...^.....>`....!B.z.y.....YR.<R.........."..m.n..`.kJ+VpG..^G...{..D...5.2.....Z...B/.=U......q..~...I.ZedU..pT..~.=.4[..{..qS.....t..>.I. [..;.......S.....C.F.z..%...?.*...KfOG.m&.Y...!^^..Nm5"..F..f...Ts....B.OM.k.4..C\?....)...?......uQX$...R.....%k....?L.}.a.....VG.3Z..........1..c.e..q.zT6^jD..R[...t..R...?.7.....Y...D5.%Q......~..m....K.\mgO..}X..c.>...@ge#.X.w................C..|..W.E...i...z.$.=g.......d.&C..d...D.c.`.....).B]....!.~P.._.....},..%...-...M6....]>....7c....C........Y..542....Vs.!.).'...$.....pl.D.......a~.t........m...S`R...s....F../L>g..I.9..g..|...:...F.._......[E......Vo}8.^.d................G.....J.X...q....k.%.5b.......u.(]..y...P.c.e..... .XE...,.gH..P......l=..5... ...T%....N;...v..W......!..Z..8..E.x.Au...B4.W......<+...f..........%-.5.K#....l@fXS.(ua.6..,q."...aB.S....pr....A._.........L......9.~&....>.d...,-L...(E<.2a....q.\....g.....Y.....8P.0</".G...E.%r.)5a..LZ....{h.#.q......1soIkX..1...\1jc
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.869625060681974
                                            Encrypted:false
                                            SSDEEP:24:lXEG0jlipB+2XYmxXnUh0oGmkFt/I6Ugwxx/UCansTVi6y7pNoCLDfn:z0jgTXUhxkCgwxxc3noi6y7pWwDfn
                                            MD5:CD0F98F5E34D544E00CA6F0D53B09142
                                            SHA1:056DC7CB1FFC5FBFB7A3D7C15F436CB2A5C04793
                                            SHA-256:0A081CFF190E57D09D4B48B19BB8B309283A30C0CDECBDDA02B0F81E0CC31DFA
                                            SHA-512:CDC1370EF3632D2616D7F315BFEEAEBB2BF701B366E694E05CFCD43E6A2922AA639DD2FA68C09F7B11FBF4A87C3C3DB000C93A6D8E6F297E2DB948611648E6F0
                                            Malicious:false
                                            Preview:....,&....,C...bv._..;tz-..0.......k..N?I.4.....&C..R.{.....F.5....<...fQ./~at.)......;...E.5]....>j...........x.8{..?f.z..n...3.n./.............~.....kn1@QQ.....PlK.........2.....f.u*.~T...m1r.u*.....^..W..q ......@..~...6........2B...[Y..q....A....4,....?I....li.F..0t.'..5.......m..A.S.'.....:^..M.e.....H.4....8...bD.'pta.?......&...K.$U....;j..r..........s.1h../l..:..X....!.wWs/..).Bq......c..S..lX...!.Fe7n..\.....{V......T.....h..w..>.{....b.K..8...d.....=...*.s...".dG?l....;..br..R...s.pR.9.....d.J..!s.$C.U..|{../...Z..[.eOQ...6....th..b..E..'.n$F...h..i..'..i..W].J#.....H.Hm..j..C.`#.b.D.9.3..[....!.rVh0..<.Ln......n..O..lV.4.[s;{..Z.....oB......_......}..s..>.n....a.Q..3..l....."...3.w...2.iP7e....$....g.C.......X0.kZw.I1..G.GI..=.e....Ow..ADY.(T{!.>T.90...@.T.f....k.-. ..^.....CY....!H.T..A.82../.B..2..5....d"..A...4..N...2.4E.........xI...cL......,......i$....d...H.m..:Q.:l._.&...N.,.f.{......K./. .M]....~.zU..T...`..G.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.843283355443295
                                            Encrypted:false
                                            SSDEEP:24:YGmE32XF0cCKOvYvVNmsg3ppfe3I6curH22N/mHD5K5qo+aFLDfn:Y5EgF0cCvvuC3nfeY6Pm9K5walDfn
                                            MD5:B4EA1516B2427333EDF6FEEC730DD857
                                            SHA1:64875E94D679DF15794D7736665D3302A9633B93
                                            SHA-256:10A219C6ECDA9F645B61CF24E741710DD81C6BC0E6628CB154E12F3406203827
                                            SHA-512:6DCCA42EE6C64D67C01A01E85778EA2769361C5608E08632CA8321F330F54ADA4DF593DD77B348B752FE86C3FA3E98E1B0566BE2DE0F00A4C7B4CECA47412359
                                            Malicious:false
                                            Preview:..w...?.+.l.ts:..6)v.[.X.Q......5.o.xh....t.&.F.RJ.8.]?Tk.....J...j-{.y.\cZ...0.....{.....bDP!.?..i...D...9p..]....V...Ha..........{.Ly.........Du.....y.....WE.l..x...z.Q......G...y|z...].m.P.......8........m^.HA..^`!;P....!...#..h...(....w...5.4.l.~t'...)$o.@.].Z..../..3.`.br.....j.;.\.@T.3.\=Ke.......H....3s.l.MuA...3.....u....~MX<.?..d...E...4p..T....\..6.O8<..i..{f.q..d\.w..?.v.$6%..L.s.M.6s..RXn....}.....;....z...R.g...4;.....W..G....g'."...A....?.P$..N..".LH.2/.W6;.O....T.Q.>.o....t.xL_9.%...O.'.P .H..Z.=...p.....b..g..z.u..H.<..ukD..A:Y.p.....T3;Q..f.....Ptp\..L.]_..e.../M.....'....7l.z..?.C;&..i..wc.j..zI.y..!.q.2<(=.P.`.M. f..CEx....{..../....x...O.{...$3.....J..F....l .:w..S....&.T!..^../.DA. >.H3?..q.$xv^.....A3.....`....4.....N%....t...6..0G.N.>#W.A.t.......xs.E..9.o.`..-\..j......WP.`".....u......B..,.Zj.`.";..<..vi1..sS..)...a....U.....r.6.w.?....Fn.......X.i.......P.j..P..@....x$"/....Z......!1V..*....I..o|~&.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.848003050205463
                                            Encrypted:false
                                            SSDEEP:24:etIgpmNaDZqcCWHnp6CWkF4HPXVSBrWOyh0C+XOec4LDfn:etIomNaDZ1JF0SdWOyhz+XZDfn
                                            MD5:25923913DD7DCFB92694796478354D78
                                            SHA1:EA79D14AF6F6B2016890462533E901B0259376F9
                                            SHA-256:6A9F09CAE72924D42BDE4C4309F3E762558CB5532F4F486C94ED27336696DB51
                                            SHA-512:22007C30DDE48C30C6C67C958892DE20913F1BC1631B74911C59AC9ACFC765B3F3D57C9BED469BF58B229D5359ED3FDE7FD67DDC65E485AB7166BC399D749F34
                                            Malicious:false
                                            Preview:.T.....4...\{ic`9f..V...}G.X.w.9.= ......g..H....?......Z.....,..35...Cm.RE.L\.0h.O1.....O..;)....K.]..)W.].....U...CT...O#a....J3...B.3{....{7.8......\ry<.#:..d.2..kT...iH.l.........O_....]tV.w..mo.....$..FoT8.....;.....z(.P.?z........;.a.6.P....."...O~set8d..S...yJ.O.o.$. =.......e..W....-......\.....5../:...Vq.KD..@_. k.F>.....M..2*..R.C..)G.A...\...SM"m.#8..)...gH..q.y.~h.<....%5.....6...U....-k.Z..^.....r.$.....*..e...~a("?.........4.8v3...F.h.<..n.=n...`.9.9..Ie.......wK....SYW.*X.N.o`...d+.7.H..6..t,3H$.x..>.S...s.Z..E(...Z)Vo.......L.:M.!c..[0.../ThZ.....4t ...=..<0...P...!..&v...F5+'s.3+..3...yI..~.a.xp."...0:......>...I....(p.]..L.....k.?.....8.zw...fk89<..........*.-n ...D.h./..y.)f...s.8.$..Xo....>t..]+.w..K....pKv..Z0PqPA&..{.:..R..O.\.........&..&....E_..h....#..=..G.z....3.p..uh!(.%.+."C.d.?.....|..@...).h8$......#.w%(.+4........&.........HN..\......T&.cW{M..9.K.M.5..@B...p.z..v...........^|V...w.......W.uW..6..~N
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:COM executable for DOS
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.849623744501264
                                            Encrypted:false
                                            SSDEEP:24:ixFFmjVFIGaFWyGqoRTezZgsRRLdgFA8e5eTO/8q9xLDfn:ixWFIG+G/RTelgsZ8x1qTDfn
                                            MD5:1CAD06ECFC31D69F3F0E87E12495ECAB
                                            SHA1:2FB2482914F763C608E6746235B9CEEC48FA78FE
                                            SHA-256:717B6A3E6D3CF956FF2E4CA45F63959473EEF0252371F9811929594D0DFC07A0
                                            SHA-512:A698346B02B1202DF63DCDE8D15B1EAB1B9BC337E4D1826F6E3C565568DEA7F518340D5E0B03B79E7B25BF05DC99409E64D897E505ADA28B2A02D20563A19BD7
                                            Malicious:true
                                            Preview:.z...Y~.J...<.+qJ.y#.=x.@.d.qc.b>...\..=.."y..6.......@:.qi...1..&.fz.Ww.8.V.[@j(........]m..Wf.P......+..'.p.g.2.....<%.V..4.B...>+A.xP.4..x..H.3q4...e....{....3;..[...8..2hm%w.,.X.8.4#;.o.(..kax..hV"...M................|.(%..;-.32.#".#..D)TY.~...By.R...9.-eK.i:.%..].i.bt.z7...A..2..1{..1......@4.{d.c.;..5..k.Kx.%.J.BAx%........Yr..@l.Q......2..2.p.~./.......7,.O.z.y5..?..u...W#...[....O.H.X/L.J*>[#1......x....sI.........j....x.[....^.[a.....b ..rI.M `..V'.5Y...U#..{Lb..T4.r....,gX._.....o0...eP<p..go...:!.. !.._.jH.$..S.IH..Rt..G.<...4...E..XjL..]..6.....DjT ..4.....'.'...A.K'z....^y.s...$2#..7H+..W.U.d.i&..%..d..._-...@....D.D.M:C.U/>^9;............tW.......q....f.I....F.Kz....h2..xM.P>y..E2.$[...F$..lTv.Z?.j....=mO.I.F@m.3.:...bSy.....0"..e..?.1$v.Nb:~~.0m...x....^.R*...X-.I.JB.......c..ry..Hp9.o......E..3&.*.&.#.....9 .3@\.{......H........B..EX...&u..EO-1....Ok.i-.:..5...i.+.....;..*c......m....hs..-...>....C..>.q..V.[y.t..$.]).k#.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1273
                                            Entropy (8bit):7.83351504342719
                                            Encrypted:false
                                            SSDEEP:24:sx/ODLuANxx4e/2fdtj/poUnc4wdjRN52HaLDfn:sxWDCsLOfb/Xc4wdjRN52IDfn
                                            MD5:EA187893E75F635FA5F5B51AD5C981D5
                                            SHA1:85EE0219BD1C4E6A2C356F57191EC43F53A51BA5
                                            SHA-256:33E60CBC732F4A7B8CA32FA353A05D8854B17E257CDA967061F463EBD8AF0023
                                            SHA-512:9C1C20E3B6691A701F971BD0ACCF85352316CE572847F07DB0E3CEDF7AFF37D0A5A5C64EC4CD37020294FB87F543AE07EE29B9F7B4C3EEC187DB5ED7F1CEDD1E
                                            Malicious:false
                                            Preview:.j.6$.Ha.....y>..u.z.......G.`...U#......K..XF=%*..8.V....S. Xp..j...x......B...\.),P........r.).=P....U.....7U...@.J..:<G>4R.A..r.....#B.>D....7..$..c.s.U......[S.q........><...|.."5.k.#..z....g....V....I^/Z.;...1.sn..#..*C.......-Q....m.......w.82.Mm.....l$..|.u.......C.b.....F,......O..DJ-/3..4.P....J.3@x..z...i.......[...H.6*R.t.8<...p.6..E....T.....;_...[.^..(/E.0..=..8.a.>..f5..X./...Ux.3../%..x....U.,.0....9.D.1;..v*.TccH.V..2e...t..1..Avz).Q...r..Hf...+.~.Sz^.i...1;...1m.y:'<..._......^.C.p.w7......}...s....x..%C.86N..C.lGw.f....6..r...s..4...|......BQ.....Q's}0f....-+.]. 3.4...wXS.](.fa..AK.5bQ[.8..#..2.z. ..a5..F.4...Uy.5..")..{....U.%.;....0.E.8;..|8.L~cX.H..+n...p..$..Wh}/.W...b...^q...6.p.Tx[.z...67,..#{.s*%1+....].<..NN....yA...aiO.(<.J.r'..Xz...si.......x.C(..,..6............u....K...I{m.S!c.U.!.......)Ek.S........ P...\.z(.d.u..D...K..j......._.....C&..-?..8..a..U.jO)...2.t...h...V....<..!...7v..d.QJ...-.......{O!..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1275
                                            Entropy (8bit):7.823860790080749
                                            Encrypted:false
                                            SSDEEP:24:8K74S83anuxJ/4BYr5X1KzZOThER9faquBh0KwBPYZpTesrIfFjDhhLLDfn:8K74SID/4B+91KzOPNBh0KwiZpHcd3hp
                                            MD5:FFCB65E49DA55F890DDC5C8F23A558AC
                                            SHA1:CBB924C93615F7F2466611680324745249B10591
                                            SHA-256:C77BCDBF6E8D1A2AC769BFAEA627246D0D0F27014749480EE67AF9DA4A725F73
                                            SHA-512:DAD699CFC912DAA7877A8117B1AB2FBBE00CD4740148DAB6AEAC3D27D8CE7F5EA4A4C77983FDB03FD8EDAB713D2E36DC101012B9EEEC4D6CC93E735A836542A7
                                            Malicious:false
                                            Preview:../.<.....o....&.:A$..V..k........Q!...Y..]......7..!XUr....m.P2....7..}*#.~Xew...,.T8u.Y.H=2.*....q..`...TM...4I..~...S^./.o...r....`........cL...v.~.).........O.......W..j...F_m68..5.^..x.~...I.....M...3e.l.......$:...o..S....6....)...F..*.6.....m....".(G9..O..f.......K5...Z..T...(..!..;FXx....k.Y!.... ..g-..b[vd...;.W6d.^.[27.+....k....a...TV...'@..x..KY.v...{xhk..p.Y...2....6q8%..q....H.&.....@.\Z#..! '.8.].....z.%vP.m../h...>..l...ik...l......q.]....8..U*.z$J.....1....b.@].,.d...4..f.9t6Iz.........._......bU+.....ou.|.!..tbuB..$-|l......\.E...1...h.[a....3..uu..Q...#......g..........GS.q..hu|vs..t.H...,....;u $..s....\.8.....B.[Z0..?0(.1.Q...q.&gP.n..=j.)..u....na.d.....0q._....-..Q7.v'D..... ...r\.]xlI..*.,cr`5.Z.o.....a.~$t.([.H..U.]a.`LF*.|...'.-A.kJ.?..8`YVMN.........um....v..[.$1G.....aDI.7M%..[....r.....P.X,.z8y^...1'...[".dQ.P..E...+...... F. ..gE...~q.4H.h...W....I....-..,.b..Y~D.....K.w...-...\'........
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.835858471570284
                                            Encrypted:false
                                            SSDEEP:24:JE6t/ahLmhw+DpFXYA7fN7RFvtpdQCfASfKgroBqLDfn:JEiCxcnYuN7RFlpdzZnoBYDfn
                                            MD5:EDAE0D4E2211EBB394964BE012F00A82
                                            SHA1:959D6B37ADF242FE86B076EB91A01B2759FF0C2C
                                            SHA-256:003477E4900F8D3F0B741E930A7A5DE02400B54B54432957EF863A88635B42B7
                                            SHA-512:0DCB72DF82FF18BB64B58921C608ED678E896B1EFFFBF2610B3E4687D7441EE9D1CC4B4B4A1A571B9E45105745F35C8CA00D5AD13E8F21CDAE7D794688727304
                                            Malicious:false
                                            Preview:a.....F...;.......Vv../h.b.+.B....1.&.R........w.-......`..5.......L.....h...+._k..~&y..~......J.....E..+.:t.`L..B.Cv.....%L...3S'.*Hy.....?.".S.x..LZ..eh.? ....*.(.p..Ai......;s.w...6L...c=...|.(.oJ^.&.f........1.a%G....\E......B.x......D.[K......|.....F...;.....v.Qn..*l.n.$.R....:.8._.......s. ....`..*.......M.....i...9.Gj..j"b..h.....@.....A..:.6d.cV..].El..... C.+.......u.8....V.-(.s.1..eR.[.|QC..59..S>.8]....In....BW..NF5p...*.uP...'ZA2qm. +6|s..#. ....,..)t...X..w.F^.Wd..b.K.....n.A.;.`.......XS....:J..6...g^.../.*3....0PI.h.h6F2.Of../.>..k..Rwsd.I.......$f...6m.p...f...K....}a....bH.......3)sk......<.......~.9....L.0;.o. ..x\.P.lL@..79..]!.?R....^k.....XR..OP(e... .kX...*DD(t|.?"*ia..-.6....'..=d...F..o..IN.Vg..q.V.......M...KA.#W.0B2..b. .b.....D.(Tm..i =..J..z%....;.tF.t.%..m.,xd>...%.........Avp.../n.}.U`qd...X}......I.......#......P.2a~...o...Zp.........4...zi...)..F.......Zv.....t.&z..Wm^..*.e.S....tv,.F..{)#...L.Ut.BL,......
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1269
                                            Entropy (8bit):7.823509408746193
                                            Encrypted:false
                                            SSDEEP:24:idRVAlZV2a/9SLXrqFGHabbEqp1EcdYb4pxUlCDhlbNtvKLDfn:uIt2S9SbrqAabYqp1Eci+xUlihl5V4Df
                                            MD5:22FF8C9411EB120190F51E9F8BFAFA01
                                            SHA1:84F1F2189FC2E26F63CB4D26480A9CFA7C736399
                                            SHA-256:87B78FB0B59D405FE6BD1F4E03B1C583C1FB9A4556F9C31DB22C19C1164EEC23
                                            SHA-512:BFED7231F6C45989916DA97D30A76082D69B1C6293DA52D231EBDB9A9E81472103EFB1A9259FA1847971F37778FC9C519EB1DC43F6485C8E0E8D51BB2AFC85D1
                                            Malicious:false
                                            Preview:.._.,s9........-#p.ZW...}F.....Q.w_..W/OVq.*...H....y.5h. ..;.{pIh...."..S..&......h..Teu$..A..]..){x.8..{.bI.\.............e.o./..}...Lx...W..B]>.....L.8a.\.+...n.......:.Q.q.........7....e....;.rN;l.V.n$..V...p.,B9.%.2m0.M....9.xx.V._.l. ....T.=y9........ *p.BX...xJ.....A..|K..Z&N@u.4..L....h.5r.,..%.~s\l....*..U..?...g..r..O{x2..B..Y..>dy.<..j.nY._........x.....f>_Y..#m.?.}..W..t...n*Tr...f....o^.Yr5...w............e*39.\..{..+..$..ca.r.3....TT......J...B.E#....g..Q....v..(..~Wp...A.E..Y.<..ym3p9....D.. .t.H.=9w............p.....Q...@EE.f].....P.[=..@..-).O.G..-f....U..7.........Nh....7n.....w(HQ.."j.&.g..J..h....s$Yy...d...n^.Vy5...|.....i....w 4'.G..v..1.n&...t.n.=.....B_......[...Z.L,....t..V....w..{.d.*..,....F!;...o..*..I..7....._;..9.=C..(0....:d.4.o.,...7/Rg.0..#.?J.9{.!..\.....c$E.~_,f.8..SJ.\.~n)4.f.,G.m9....P$..6..c...%...Q......p..!....Ls.+..&..ys......SI.8b.P....kh.c..e.$.9..?.&....Z.{.%'....."]~.'.....l..,....
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.856714978297507
                                            Encrypted:false
                                            SSDEEP:24:d3ouIqlWUBh4nQyXIqNKGflFUseUNVSfznJN+2OEfvFUHZRLDfn:dND4nQ2NKGtFX3SLJN+zLDfn
                                            MD5:5F929E084E3191490007C453F23298E4
                                            SHA1:EDA14B1A40193BA31BF7110656D9D299825BE67E
                                            SHA-256:9A2AF6E8A772EA866242CB4771F69AC10596E406DE224F1F3336A84DC1115191
                                            SHA-512:5C29B1D3E443B10C8B9E540E18ABB6945DE369A78950D03364CEAAA6942FB00A293758726F2BA17EF87C4F3D94619DD863970B799EE42A47727D754929434690
                                            Malicious:false
                                            Preview:.!......z.3..[|0.....}...b#.L.&...2...1._..M..{&E?..=:H=..tXl..LGz..7...+....,._...dL.?.L.....S.S.i...........5.!...u.N..}..7...um;.~..G.z.7mO.....6H..CA..H......$........;E..#.......OE..-(.G|.&. ...:..7uf.;<.rB..P.u.|~.I.............&k(..D.F..x........a.1..\v).....u...a).L.8...)...2.H..Z..k(]0..:2W-..cMo...JEd..1...:....7.E...dB.!.V.....[.^.~...........;.8...`.^..{..c..d..s^d...$....f.{sSffg...v.P]..Tu.8.......Gj.[p.v^..9(B....z.ysqT`..2Ka; .bojI...8..../...<...X...^...a....[O,..V].,#7...L."P'%=.+Y.m...I,.R._.....}........7.hX...V..oR.[.....Y`..5.@p..U...5..-K......WhRY.......+>*....(8(....n2..C0#..g.. ..X.l..o..`Xg...#......pfPwvp...|.GO..Ow.&.}......Q`.Jl.zK..4 Y....|.wocXc.."@{*2.ccuT...0....4...*...W...^...o....T[>..^N.=;$.....X.........'.8u...Gh.S.{..?...og...V...~!..+.e....[P..?]%j...Ar....+yo.....W;U.......t-.b{.<..%......q.....bRi[...b.B..U.0=.|2..&.!n...T......*..+Wk...u..p.H........M*....q..J:......S.....g.tR.T.3"0.+..._..]2T...C.=>{.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1271
                                            Entropy (8bit):7.87706554896248
                                            Encrypted:false
                                            SSDEEP:24:fBJvDh4q6qHjNY4DWMrHO6uErbWKZtBC0AZ8xwxB/GLbBMXLMafOp2LDfn:/h4NIyyWMi6ulKZtB3hxcuLbubMtp0Df
                                            MD5:54C233BED394FE639AED02A8C6376CBF
                                            SHA1:3160CCC6094C1FB6AD87C708941A9810AD7B0C11
                                            SHA-256:4EA873CDE9309593E8E8C0C976C7A7FAC12C69ECBFAFDB9155A0E02B76BB3D2E
                                            SHA-512:0309CA4D1F5C55614BC7E7D726F14586F9C1CE5CADB17DDA1EA2E7E56D732798A6DFFD097FEE06E1A15C93DF89DAA56567AD342BCFD04AB56F0C80C49D03E926
                                            Malicious:false
                                            Preview:s..s..g......Y).TBsp....uK$..Rd...UX..Dp.C.@.7~.qo.W(.+`"..?..Q"u.....;..{..~...d.m.....325...5r...qD.]..[+.Z..Jz...3.K8.J.n.V...A.ct..XX.-E..K)xQ.G...;.p..;.m...~.....!............;......ICRg.........1....E.V......e...y.F.r...0...Aj......l..g..e......^#.TEuv....oD'..Rs...HH..Ml.T.C.1g..w.\7.#.2..(..@7f.....#..t..q...y.m......6#%...8f...v@.O..J%.T.._y...2.M9h..../E1..j..<...@.8o....]....J...........R+S....}3q..../.Jr ....)l>."...x...-.(.W.H$ ..N..D..u6#.;&....-o..#.X..50+..UOa..v....2.....t..o.A..0.x.Szc...L.T`eS.;.\tZ#!.!'.j.&.w.z...d....0-......T...Cy Q\...x<.._....+...NDa\...x..?7$^.......<..4.E.o....:V7..n..0...Y.3z....H....]...........\-W....k?d....4.Bv8....5~2."...i...!.5.O.@#3..U..Z..j ,./<....#h..,.J..&?#..F[~. ......@..*.ZC)........O.i....%".BU..*...Z~.f../.VQ.....S....S.t.......nC..w.....>o...#F.&.D..^Q....3I..4.=z.w&.....D......%....}X.|.#_...Hh=.b.6P......qWN.1...M....AN....-..V.i./.js-1..r..X.....l.C9...>.@.o4 u..D.~.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.854191903644563
                                            Encrypted:false
                                            SSDEEP:24:Kg64OFDMPjne+VepjeHVogqDk9LHv5hOl7PZgt/9EiD9cXGmLDfn:KRJOPjnp4eHWgqDk9r5i7PZsEi2GEDfn
                                            MD5:8083E0CC464AE7A06D41F68DFF9A407F
                                            SHA1:EAC856FB60DAC3B05541CFA6BB24C5AD9935DAB1
                                            SHA-256:5FD725DCDC32CC1E8A192D55B57773D5BA16D8B0AD9FCA7C884459572D329087
                                            SHA-512:5A704E86C2CB70BA68460C54913BF8A8D72B887B4332F09D57D5F19247179F03693165D545E82DF19F020831A86B269C088FC0DBBAEE6864E72520137C7C3C88
                                            Malicious:false
                                            Preview:.7.....I.....<.@.h+....!...j...p..7x...!_._........2..g#.....L.Gm6E{w.P....a.F}..........D......}.;.X.".qf.x%1,...A.2.H...R9..a[.A.`|O..G...lXS2....J.....OV......ScY.^9......vw........}\,.P..}r$...%V..}c.^>...{...I....mV.j.. o.N.Rb.>K.`..-.....1<....Y...3.M..4.).."...`...r...8g....$W.B..=...4..t(.....H._d.Wfa.M..~._q..........V......c.6.T.?.zp.n*:?...P.1..U...<.]0G/..i&3...S.M(..[@.@N.k.B.5d..M..m..y...I..wF.f.. H..b.yA5\X...a.KB=uA<\s.7....hIO) w.?Z.N.O...K<.^N.Y....'..;.}.I..`i..I.....A.H......kv..tnx.7.0....M#...>..r^.w>.....W..t.~.j..v..5...d.-3<...^....J/3X5...6...Y.m.9N>....H.Z..,.......7....?.O-E/..i%'...H.Z+..YM.]\.a.@.&...L..e..t...M..j[.g..<C..f.{@3SY...x.XO9jS*M~.?~.).b^L!6d.6L.D.N...]9.FV.]....5..8.~._.......,...qeX...v,.G.^...l...~....<+H.y.J..`..T.bn...._.....(..9.*......s..S/....jC.r..a...TX....j%..y?S..9.......*.b.?......;.Cc...NN. Z...:...H...g...58p.~\.Nr.Lr.gV.F.i;7....K.B.=X..p.."......r..`./m..K.w[.x:...G2.
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1272
                                            Entropy (8bit):7.843845251335711
                                            Encrypted:false
                                            SSDEEP:24:p3FNH7ZxtAbTHlVnns0rTJkMHKkYF30slI79w7TbPLDfn:LF7FAbTHlVns0ptKJF30uIiTfDfn
                                            MD5:4D52C8B0186A7BFF978E0E60B7E88235
                                            SHA1:E889926C9171585C9EE0E6EA989E27A6AB3C81B3
                                            SHA-256:997521AB517D9110DE2914D7BE6CBEB8148F8B3AA6FB54EC1EF1310CB3198C38
                                            SHA-512:FF59C7E353ADEEE29DDE2A6938A6A1FCCB9CB1FCDB4996A5973CC656ED5BDA6F5618C6FFD6545AEC27C10C915ECE346A64AC2E16B7DB7EB7F0B1CCE34DE371F4
                                            Malicious:false
                                            Preview:Y.~.C&.....x".......sb.i..=..C.A.+.~@..Cm4....s..'a......Rk.y.._.k..nA.}..R..9..n.-..:o5.R`.X%.1..e..P.&..;..I..t.u....G..;}v|vo.$..].U.%.....2O.?.B.,......D..i...Ds.r.......D....bS0G..G,n...)..U...../:..=..Fo..+w."......2..KtM.@....}..(.h.}.U.v.E*.....r'.......~x.i..1..Y.B.4.eO.Rn8....h..?m......Ko.{..[.a..d@.g...N..1..g.#..<{<.U~.E%.!..n..X.)..-..G..`.v...M%.{..P.<.<)..!..%..S+x=BHS.:....|.`...s.V .q..J..A.<..._..=.7.x.6....Xa...6b..iU.....g....C..........;'Ns.".k.\.dy........t\..V..H..e..i.....v({.QDg...\.|V.f.k.S.-..X..AtM...fe.....&.v..f.N..KT.aO6.C>U......A.'...R..z....$...0....R......)...#.*.V....u..I.,.,+..4..:..A<z8CTS.2....|.fo..j.I0.{..J..I.6...B..,. .x. ....[i...%h..qJ.....~...V..........=>Xi.;.q.V.at........rW..TZ.L.t|...d)..:j.H=gn......<.....$.r.9 P4..xX.p.^.5?..r.+.+W.A..;.7.!...u.M.M....r..h..<...4/C(.O......'.-.k.....DK."...e.O.a.J..D..Y.........3Ek.Hv.e..rP.[..M....K..@9p~..'Z\,#...].d............H..+..]C...=T....X...;..1%
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:OpenPGP Public Key
                                            Category:dropped
                                            Size (bytes):350
                                            Entropy (8bit):7.362470096364652
                                            Encrypted:false
                                            SSDEEP:6:BgeMDP+gvoG39zVDr9FkVzin0fEKophsbqYjw+iEHPP3qc+H2Bpf4C:BgerMB39XX0fWhMvjntI2Dfn
                                            MD5:240BE798C6DD4AE0B9B7B8506C403C44
                                            SHA1:1082ECECBA09093449CA25946878A379B9E85E93
                                            SHA-256:DB36F4BF85F84A1FB900C1C966D50ECCA9D83DB0BC87F44459836ED54F56D683
                                            SHA-512:8AE268EF03657EA83D552C8E99FA76DD25F055BD211F183CE99066B731A3D46B4E104EFFA83642B333E5D0227C2A9ECCA25F045BDB2F3DD7E5B388B4092EBF79
                                            Malicious:false
                                            Preview:.......:$.....n.a.kg.@....>#.4......C...i..6.l......%..o.M.#+.........{.S.:|.......M={.&g.p;.+WJ...BL .Q....p..bY.....f..y..-+..sW.G>z..2..d..,......5.`..=.$G.n_.D.b...I..cGm...n..i...~.X....M~#.i..%.^i.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):443
                                            Entropy (8bit):7.526111868577643
                                            Encrypted:false
                                            SSDEEP:6:t2vKfaBqo4AIBcevshFBlGxo64Zo6fsXgylBWXLfdDhQOqWH2iWNxvSfJXQgEHPx:0zl9IGeIFDTdySdvHHWCFQBtI2Dfn
                                            MD5:554047C0E3296758DFD485B58AC489A0
                                            SHA1:C60F625320513990673DACEC3383B0A4632FAFDE
                                            SHA-256:D80A834D786D4B41FFABD01A26D8DD89CC5E478631B77ED34CD99698A2131022
                                            SHA-512:E7B88C65937C3DA40AC1D4CEFB5AE21F2C0866F06EA58E7A8C274BFD466715FED9F2E56B6ACE39F631B0DF114EE44DD39C514A0326FCF238097EFC16EC25CFAA
                                            Malicious:false
                                            Preview:mP..Z[..........W..z...m...L%....e._. .`....r...M..c.t..[__..........`...{.zJ...Hv..4.1...R......^.?4.Z.C%f...u.o.(-.@..-..@...W.......i+.!.....zx......z._......}..A.|.BgQ.....h....6.9..h..[.*+..q....t....Y...........)..sW..D>z..2..M.JJ0.IxkX...q08e..|.p>................f_.......w..0=?oZ..e.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):355
                                            Entropy (8bit):7.413997618650625
                                            Encrypted:false
                                            SSDEEP:6:msUxVMCqOQt0vhj3xN5lbHC7VsFKdFNeymyh2RuEHPP3qc+H2Bpf4C:gxC+55H5JHHqOyitI2Dfn
                                            MD5:A76BE868E0C26F95FEAE1F3FAA39EBA6
                                            SHA1:7AAAF85B42202BB2818BD2B9081E23E61E669C84
                                            SHA-256:1A0CEB51E1F6AD302E31CC649ED91AE6D00066AC61AE688CA2FFE90987ACFAE7
                                            SHA-512:AB33EF6AB7B48E5B898D7DE70C06ABD5C1EC788F27EBD529D97851DD904F614A773CA403693930E5C06CFB08570D8320FB66C53B17CD53B001C1E28F14D17826
                                            Malicious:false
                                            Preview:+....m..V.D...g.e5.k.l....Y....U?p..v.W.... b$.o.5Z..G..h@.P.-...N.......`.{.8O.J../F.he]....,....;\1..j)......|..}Y....~.Qz..y.E..sM..Glz..2..g../*.......Pz...@7.{..eS..(*%.2F..@.E+.Mt,.........S|..)....x.Cb....El.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):347
                                            Entropy (8bit):7.402551472294906
                                            Encrypted:false
                                            SSDEEP:6:eZaIUPfaPTl7v32NiC1VlQWNs8u8Dl7iQgEHPP3qc+H2Bpf4C:WaNPyPZ7+NZT+3qJtI2Dfn
                                            MD5:F153C9C7CC4CC5BC2805F9449B87DAF2
                                            SHA1:6B872EB686F8CAD474CEAEB085E4970990F28A90
                                            SHA-256:4ABBC2BD95620F95B7AE5DAB8ADB5041E800C0D5601B9FED898C9621C201BC0F
                                            SHA-512:72C8CA83FF4C128BEC3D0CCCDD791A76733808CB7631CE831BBBA00E715C62E10108AE5917AEC0164B942667471BD2E755204DFEFE3A183B2C7254B1A9F5CDC8
                                            Malicious:false
                                            Preview:..S.SMn.h..E....n..$..N.Qo..x.d+O.'...#.../s.?.'_[v..p..:.R,.B.....eO.I.......\M...k.:..1...V7s.b.2..W.....r..3...N...`..a)...)...sW..G=z..1..gz.q`%..:....`.L...+....(.3?.k3wb..../~...k.Zu.`........0.u'..f.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):344
                                            Entropy (8bit):7.3951000483472855
                                            Encrypted:false
                                            SSDEEP:6:thAuOkaIdx/ODe1VhQOqkAHwPoX1fuj4D4UQgEHPP3qc+H2Bpf4C:tha/InODef/WFlGjePQBtI2Dfn
                                            MD5:4E35A1B61A0F272295DD64794DC7AEB0
                                            SHA1:F206857483DF5C80820D8B77B11A98E64E468E65
                                            SHA-256:9BB70A642EAE42FF895717A931E933F8B05A5740E5A7826FD06428D3EC71F662
                                            SHA-512:ADFA4120813E30C3BEC59EBF28EDAFA020CE74476760FA68226A42670363E2D4A5A6F72957E6B986AD279294FD9E89796D3109F1BB79285FAE9199A738EFD8D8
                                            Malicious:false
                                            Preview:.v^....Sd..vs..d]....e.[.7..?.q..........^...>.0....x..D....R.U....<.....qP#.^1......P..`.......^.....?......t..}Y...........)..sW..D>z..2..Q...h6.k......%1.n.R5`..u5...*|s..I$.?..y-NE..t............b..e.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:SysEx File -
                                            Category:dropped
                                            Size (bytes):353
                                            Entropy (8bit):7.425176099965686
                                            Encrypted:false
                                            SSDEEP:6:jP8NjkAXXOW0MxLcW/pkH8I5hwKEE/qEiBKx8MAHEiEHPP3qc+H2Bpf4C:jPilXoMNcW/KH8IDwmqEvx8fMtI2Dfn
                                            MD5:55C9AD4265F780FCF9FC29397268449F
                                            SHA1:4FB45970621E685887254ABB8957B8276BCDE580
                                            SHA-256:864302A1E07E7B092DCD377D708C5F1465BF9E233C7858FDDE01FF95D3D94166
                                            SHA-512:3D62CEEA960B802C757E28283EC58DC97F2DDAE395D26BEBB110861B7232DCAD8B9D7EC1AD6C30960526004A743B817246ECE861F7B6B2372A0B6ED6C73141E8
                                            Malicious:false
                                            Preview:.5.b*gZN..:...*F.x >).Aq{..G.A'.2.B.L..c3_>Vz..=.P..CK.......I.-.~^..wmY8_5.M.ipAl.......J..0..y.AA..X.../...[..D...qY.....=..y....w.jW...>z..2..g..,*..?.+....DC.f.......NeF.e.|.7%$.....A.. .....X..A.kY...bh..4k.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):349
                                            Entropy (8bit):7.336365909520266
                                            Encrypted:false
                                            SSDEEP:6:MzJItuIaPyNsT0cqLl+rqwvJ47TS9puslCpwclSEHPP3qc+H2Bpf4C:Mz+tSJ0c/+i4egslYvVtI2Dfn
                                            MD5:0409A5200142AB6FE324F5AFD093489A
                                            SHA1:2196D8BAE8BFDA865F5EA65C55520977D7AC9CBA
                                            SHA-256:980AD653FF3704CF0972D0EE8E9C3017516D1A0CCC9A74FB430EF3636120403D
                                            SHA-512:7593DC47E660EBAD31C6F59278476028DEFB3DEDE6A2AD0F7E1AF07E9736F2F012C52BDF8D639AEF75B7D4D99EADA6330CA83759DE36915FCAC859CB49FD17AC
                                            Malicious:false
                                            Preview:]$.P-..c.....{8".._.].2Y.&=%.[.{:J}.h.N..............}..:..c..-OM.o...h..E~.....=......sQ.z.7...1.....,nB.o..x....._...`..z....)..s...G>z..2..g...1......i...Y..\99....)..].3.T..\..4-.K$....(Q1|O...yd..^.h.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):350
                                            Entropy (8bit):7.4091520861579
                                            Encrypted:false
                                            SSDEEP:6:cbfto4dO6wZb9lHkVTk44SLBaSraTwa315q3RuUdEHPP3qc+H2Bpf4C:cbfGKjVr4CB1rdavqhp+tI2Dfn
                                            MD5:E47D431F0D89EB4D20643C06154E9C85
                                            SHA1:C676FD326237DC092CBCB6663C333025E18C8E85
                                            SHA-256:8510B2B414256A1612FBCAB875255DC28AF7EC6461B42D176F4BEEBBE3782632
                                            SHA-512:4FD22977F536E076E8C285AFAA63208326588272D0929444BD66C258AF69EDB45D8847078C913939E844EFE74F42EC3EB0D9DFE1B92DBFDDE0670BC77F1DF567
                                            Malicious:false
                                            Preview:....9.5..9...o...x.I,......$Z...O....c.....`...._..!.H..*mip8..e..~0.Y/. aE}q.4..b.....T..GA.Tfg..&.. .2.y.vb...j..lw.N..;..y....)..s...G>z..2..g.....q.\rd.<1Rt.. ......(w...5\i......x.F....4S.)..5.OZ..d.h.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):356
                                            Entropy (8bit):7.409973276691278
                                            Encrypted:false
                                            SSDEEP:6:04wzlJ+EAKBIznmDy0rtZwcw8igGlHgVLXQXg5KXcpex9jkdEHPP3qc+H2Bpf4C:0LDnAKB40rEAAwCEqXnrtI2Dfn
                                            MD5:1EF6A34EF01FD0C81E2316601205170F
                                            SHA1:59FC55EA17A5FAA783897004B62BD67F7FAC061B
                                            SHA-256:617DEB57DF7F8AB4A3DF4AA654F49AB0908D21E845F5C03E7ED92153037AA605
                                            SHA-512:350CAB39C8B2923FC5CC4249F7CC1113F7712888B96F7D0BE294871B24A50E1253345C93938C413749F3268706E74F4A1CA682906C8086CB42E2B6263FF53B8A
                                            Malicious:false
                                            Preview:'.]BUM..Jprg.*..e'.....Ga,.&j......6.%H%DN.i...aJ..%..gA.......Q*,H.......x.H..(..V..S-.B!.ua....Z...%W.x.!...t.....N..t.Q...y}E&@.sM..Glz..2..g../*...I."1.-..r.W....0z....S=.o......^.p...;..Q&...{.(..v..EEhIHjl.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):350
                                            Entropy (8bit):7.399880336164083
                                            Encrypted:false
                                            SSDEEP:6:1kghYFyz/zKJXKTCBTJitoRjsqWaTKuZ1SKDc3IyEHPP3qc+H2Bpf4C:ughHZCB9OesBMLSMtI2Dfn
                                            MD5:DBF68A08B58E5FB173F1F6F25FE830E7
                                            SHA1:51A83E8F60D5FF703931D6BF913D961F70D106D0
                                            SHA-256:77472F533589D395CA9D05E7B80F0949D31C8D9F279457312375D2E2A3D8AA44
                                            SHA-512:5B1D52A243C75B3D88D8B6AA208203F5C82BE6D45F0983627F411BCDAF041B74E6BDD6A71CA1749522456C1F3ED1D113D94DF3289726C03C4B3DA25104FFC0FE
                                            Malicious:false
                                            Preview:x......R....`..)....q.;`6.g"4.s..~......Yv..t.N.5.6Z~....O.....1.. .......y...nk..k.U.S...C...T...hC...-....r..lw.I..;.......)..s...G>z..2..g....v..g...r..k.*./#.......]K.........;...Wr.M.A..%....G...,.h.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):497
                                            Entropy (8bit):7.584936092122444
                                            Encrypted:false
                                            SSDEEP:12:GL9MUfPIHqMZyQI3AYaKh+GWbzGUOGW4ZBtI2Dfn:GLSGPIKMZyQIGKh+lOGWCLLDfn
                                            MD5:77816C34CD53D2B19C0FFE5965770F1C
                                            SHA1:D5FB3E942C234BC56CF1A81F948D121004492C61
                                            SHA-256:4036251F6058BF688685054BCF7A5B89107FC062E04C8A871AD961B76711DD47
                                            SHA-512:494D1AABA2A1B5BD2E13FF1C34A58D2001CBBB84213C3AE4E6163B228ECEEDB4DA2FE9A12A5D18B856BECAEA199E8445ECF02DDAC6CE4FA565410EFE7320D58F
                                            Malicious:false
                                            Preview:.?......Z.C.C..'...n.!%)w.....I@%..l8.6.^..:.%+.0H.......D..J........(..Wo.'..-P=Ry.cS$..|a.m..!..W**|_..9P..N....9_aD..O.^..b.N....1......Lf...bq.F. ....(...p"G!.$.cf...a.H[....A.6.jQ..<....4....t.A.Ug...C....PKL[%y|.....;9.....>T`..k..jY......G|..x.H...Zz..+.x."2..5..,*.....0.....I..=3-F....{F4..!.o.^1.I.3.B..\8..q...U..m`.?...TIK8j.U..3s.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):511
                                            Entropy (8bit):7.620159791420355
                                            Encrypted:false
                                            SSDEEP:6:q50T1NTndZCZOh8gRGmlH7XvZOi7jZsj6PyW0tmIuCNHQc+oxNSVLEHPP3qc+H2j:q5sNTndIzcJdXvZOOsj69OeJbctI2Dfn
                                            MD5:1F635456124202293535ADE5DF223803
                                            SHA1:6AB0A7C907FB5692B2978D24B0C94408684E2CEF
                                            SHA-256:31B829DA74A1B0162F4E88B986E94F63002D156EA636CB641975427DA858FFE9
                                            SHA-512:DA7B71EC0FABFE9AE1D6D071AB02DC40D1D0CFA046D7B6E8EC06F9B5B385590421332833A9D739664CDE63E571C52BCC88E8DA1718804C6F210729149ED6FD4E
                                            Malicious:false
                                            Preview:....c...k\IH.:.....fC.>ym...4..q..O...s?6P1....**"C....bV...!g...8E.Zi*....x:.y1k..=.4-....f. a..[c.BN.-.>..C......._|.*X...v4...[...Td..;..f...A.@.......s....+^..&^.<..qc....M>......H8>....../V}..:x..)....>I.Y.T..mWZ%..r.3....j..]-.M..s..}Y......_..X....1..B.....D....V......`......nK..(..GU.....5"..Z..$.K..?.9e....CUG...^(i..5..>..f.Mf ,1...=..9&..............T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1174
                                            Entropy (8bit):7.829085741675148
                                            Encrypted:false
                                            SSDEEP:24:E9YkmcqZbIWDa+PoVBMcSRABEE5SQ+Yc6RpvzWaXWogRd00QF2LDfn:EZcbItbaB/4SQ+wNWaGu0FDfn
                                            MD5:8E6F9CC3615927FBE2C76A1C0177CFC0
                                            SHA1:AA2EE08D1BC2AC0AD2B177E36DDF36925BF532E2
                                            SHA-256:DE36C70B13E1A64451BBE3EB1D25879225C5834FEBEF16A49AE65F5C26C87B70
                                            SHA-512:12F6EB337753FDC4A8159F1B1261F62BF8CF96290C1A7B6A1763B1D5B0C38C16534931FF4E42F7715AEBC9C4CB248177F99A6744513221CCEE7077C548AF175E
                                            Malicious:false
                                            Preview:oB.FRb.jg..E.7;H`..5..a..9H.........../.WE,..;....Q.+'...B..$bJO.{+}....L..TQL..3....-..S..I.ga..!,U]+..sC2..j.q............9.....g. ....h/....Qn.u.dk...].g..ds3.....qgA8X...v.hF.....<..'.{.%kEL..OFXS...UB..T.........8..m..>#..M2...yW'9#..{..M.2..f[,.\v..O...Yn.p.an....A.\.........JQ@E?..#%.;..Hhz.....y%..I,N(....V...b*T....q..V..T.qp..DaZ.m..qD-.V?~&....H..... ..*6N/0.e-.7..x$..H..;..rH..D......Q-..p.#u.X.8f......_..0o..J...j..#."b:,....2jY. .^?.F.....l..v1.l.`......Q!m.......:.Y....%W&......1[-.JI...T0W.=..AYv.i....\.:.V0u{..[...z...U..56..X.*..F....g#..z.f+.......{.U}K..b@.F..^.....e.w.Y'_.[9........ml./.|vUp.,E......c..J3.e~9.....!y...~K.....X.ahh...j/..C/.R0{.s...e.S..B..*.....x..Q..%...*K..VN..Z.`.....-.Q-h.n.o...?.o......Yh.#.c0D..6...{...'..2I..y.J.0.0.{..Y.].......N6/.cr....Qk...%.D.t..L.Y.l..:.... .t...jY.....n.,y.3......R..q&m....KJ...29'....N.x.E.....&.<.Yn&. -...`)`.k...%. r..p(.@NH..k.F...O%...........5O."..c......3..r..
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:true
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):239
                                            Entropy (8bit):7.13135466154463
                                            Encrypted:false
                                            SSDEEP:6:6IfJe8M3zNfpSpuGOAtiEHPP3qc+H2Bpf4C:6IfJjM5fpSpqSrtI2Dfn
                                            MD5:4D51EAB8FFC0CCFC39929EDFFC5F300E
                                            SHA1:6A70FEDC635460599578674362C0DC3C53390810
                                            SHA-256:9DD13A4D0A9C02BCFF7F2645578E03E7BF93553D2A84C4F223C6265C71E41312
                                            SHA-512:5C13606AFCF9DF6FD7D40B9EA952AF3D2B00922DC0F0FB2F00D06014E50F28BE06FE40D31CCD9993230081A26BC438DCDBA06ADD5BA1D5F19EDE4F38AED21F65
                                            Malicious:false
                                            Preview::.>..|..~..jY......pt..Y.)..pW..D>z.m..F|......H...R..g.......}&.......j.....rF_...l.x`...2.9 X.a.........T._Fj....e5..S..1t..,O.93hM|...Q.a.W..h2.k...b...~%....b..i..?.bj#K......o.q|..v..&....c.....gq...../....@a.....@pW...K
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:ASCII text, with very long lines (657), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):3044
                                            Entropy (8bit):5.063883193567258
                                            Encrypted:false
                                            SSDEEP:48:sW0Y3EMo/K85aHJm8pbKS1zyx6RZjpz3FUZDpbK69iiSWKws4cCpqq5nPAvYzIXg:sW0YHo/AHJmubKS1yx0TydEminWKwsFa
                                            MD5:828D69354B72112D2D7DE60EDDC8F44C
                                            SHA1:C9D7C22D8E280E24146BDC5CFA3AC733E7B6973F
                                            SHA-256:29A94307773087C0567020976E1B7384510B202FCEFA8A213A8BDCE511BD5644
                                            SHA-512:92929EB407BAD15377F8C978D6EB3EB2F357FED65DFF6D832F42A601462E42959CAB52C083C8B3FDD846375CB420B8141D6FA06603669BAAA53977982AFBFC96
                                            Malicious:false
                                            Preview:..~~ LockBit 3.0 the world's fastest and most stable ransomware from 2019~~~....>>>>> Your data is stolen and encrypted.....BLOG Tor Browser Links:..http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/..http://lockbit3g3ohd3katajf6zaehxz4h4cnhmz5t735zpltywhwpc6oy3id.onion/..http://lockbit3olp7oetlc4tl5zydnoluphh7fvdt5oa6arcp2757r7xkutid.onion/..http://lockbit435xk3ki62yun7z5nhwz6jyjdp2c64j5vge536if2eny3gtid.onion/..http://lockbit4lahhluquhoka3t4spqym2m3dhe66d6lr337glmnlgg2nndad.onion/..http://lockbit6knrauo3qafoksvl742vieqbujxw7rd6ofzdtapjb4rrawqad.onion/..http://lockbit7ouvrsdgtojeoj5hvu6bljqtghitekwpdy3b6y62ixtsu5jqd.onion/....>>>>> What guarantee is there that we won't cheat you? ..We are the oldest ransomware affiliate program on the planet, nothing is more important than our reputation. We are not a politically motivated group and we want nothing more than money. If you pay, we will fulfill all the terms we agree on during the negotiation process. Treat this situ
                                            Process:C:\Users\user\Desktop\LBB.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):64
                                            Entropy (8bit):3.7216634761230463
                                            Encrypted:false
                                            SSDEEP:3:wUOldlrI2Y1AnOvP/mFRR:wUOlgGI6RR
                                            MD5:783BFCE2E4C11C17A147135B98A6F9C0
                                            SHA1:5D5668D239AE1856F58BC8A742872F90191FE80D
                                            SHA-256:8B9CFCDB0BD7924E5973CD02D7B290B24CCAC66B61513100455219C59989B4F9
                                            SHA-512:6D67C7A5820FDE69B7FDCDD9A5519280037632765A0BFBF3A1C4224A986CCA28BA028F4412B00B2AEC2AA3C1C6B07297C76AAAFEE89030F99CE53F769716B268
                                            Malicious:false
                                            Preview:....5.2.8.1.1.0.....\MAILSLOT\NET\GETDCC6FE90C0............ ....
                                            Process:C:\Windows\SysWOW64\cmd.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):22
                                            Entropy (8bit):4.277613436819114
                                            Encrypted:false
                                            SSDEEP:3:otljTLT:otFHT
                                            MD5:29C4EBFF298528AAD70A38E0A9F2B323
                                            SHA1:894F110FBB2BCD948F1594A49C4FC0DC35D97D5D
                                            SHA-256:FD7F558D8C4BB4E3BA8DC9ED9F89A09EE9297B5D4D39E31293B13BCDBB4C8144
                                            SHA-512:102BFEBFADEC80696A6658B5E855F6A2F1C297B9039F2D3C73106FEAB00A1292B2807EEDBF1DE8E2EFC68B46BB3A92F7A68403F7766FB37E39296BBDEC78AA4F
                                            Malicious:false
                                            Preview:C:\PROGRA~3\1EB6.tmp..
                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):7.200379280950435
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.94%
                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:LBB.exe
                                            File size:160'256 bytes
                                            MD5:827fd84e6c235dbb400442390a538441
                                            SHA1:f88eafeeb71837534f32d7de483497d8d74fb279
                                            SHA256:7de7ce42cde20847749fa5bc4048cf5cacec8c2bf49169d7d262ea38630640ea
                                            SHA512:4e6df341e606cdc5ecafd02b7e9ba979502301e5e89aaecf604018d014019ffd6bd26b1380cb316ec1beb8f533df5125e75ec67d8760f7bcd90f883b72199f6b
                                            SSDEEP:3072:1DDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP3368yUTtc76PJCW:n5d/zugZqll3OUCuPJ
                                            TLSH:47F37D21B112E177CA6734F6A729B3B4734A9E2C12A8A463F6D4CF4B35738236F15847
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e.b............................o.............@.................................nr....@...........@....................
                                            Icon Hash:90cececece8e8eb0
                                            Entrypoint:0x41b46f
                                            Entrypoint Section:.itext
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x62A4657F [Sat Jun 11 09:50:55 2022 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:5
                                            OS Version Minor:1
                                            File Version Major:5
                                            File Version Minor:1
                                            Subsystem Version Major:5
                                            Subsystem Version Minor:1
                                            Import Hash:3bc510de773c954bd69d33670cb624d6
                                            Instruction
                                            nop
                                            call 00007F31ACDA7090h
                                            call 00007F31ACD9429Fh
                                            call 00007F31ACD9783Ah
                                            call 00007F31ACDA4F49h
                                            push 00000000h
                                            call dword ptr [004275C0h]
                                            call 00007F31ACDA68AAh
                                            call 00007F31ACDA6899h
                                            call 00007F31ACDA68A0h
                                            call 00007F31ACDA6895h
                                            call 00007F31ACDA688Ah
                                            call 00007F31ACDA687Fh
                                            call 00007F31ACDA6874h
                                            call 00007F31ACDA685Dh
                                            call 00007F31ACDA6858h
                                            call 00007F31ACDA6859h
                                            call 00007F31ACDA684Eh
                                            call 00007F31ACDA6849h
                                            call 00007F31ACDA6850h
                                            call 00007F31ACDA53E5h
                                            call 00007F31ACDA53E0h
                                            call 00007F31ACDA53BDh
                                            call 00007F31ACDA53D0h
                                            call 00007F31ACDA53BFh
                                            call 00007F31ACDA53D2h
                                            call 00007F31ACDA5391h
                                            call 00007F31ACDA5386h
                                            call 00007F31ACDA5399h
                                            call 00007F31ACDA538Eh
                                            call 00007F31ACDA5383h
                                            call 00007F31ACDA5396h
                                            call 00007F31ACDA5397h
                                            call 00007F31ACDA5398h
                                            call 00007F31ACDA536Fh
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1c2200x50.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x2a0000x1128.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x1c1100x1c.rdata
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x1c0000x60.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x1983c0x19a0077f1d0aea9e9462b32efcd4d44dfc4c0False0.4443692835365854data6.632719440409723IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .itext0x1b0000x5180x60020ecbfcc87e53c78ea8ce9c0dd66c6bcFalse0.234375data2.7807255627049052IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0x1c0000x43a0x6009ca82a61ff7ef48f91aac3b0abfa7802False0.3372395833333333data3.2050103933604612IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x1d0000xadc00xa000d4483cb297a77d6fdd9b4ac654e69fecFalse0.9825439453125SysEx File -7.986719809913542IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .pdata0x280000x14310x160096266ecdcaa3b2b59961a63051a2dafaFalse0.9287997159090909data7.692143658393027IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .reloc0x2a0000x11280x1200d1fc67767f0df03587cc49406db85585False0.8107638888888888GLS_BINARY_LSB_FIRST6.62355195676201IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            DLLImport
                                            gdi32.dllSetPixel, GetPixel, GetTextColor, SelectPalette, SelectObject, GetTextMetricsW, TextOutW, GetTextCharset, CreateSolidBrush, CreateFontW, SetTextColor, CreateDIBitmap
                                            USER32.dllLoadImageW, GetClassNameW, DialogBoxParamW, CreateDialogParamW
                                            KERNEL32.dllGetCommandLineA, GetAtomNameW, LoadLibraryW, GetFileAttributesW
                                            No network behavior found

                                            Click to jump to process

                                            Click to jump to process

                                            Click to dive into process behavior distribution

                                            Click to jump to process

                                            Target ID:0
                                            Start time:15:55:56
                                            Start date:14/07/2024
                                            Path:C:\Users\user\Desktop\LBB.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\LBB.exe"
                                            Imagebase:0x4a0000
                                            File size:160'256 bytes
                                            MD5 hash:827FD84E6C235DBB400442390A538441
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000000.1656749006.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                            • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000000.1656749006.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1676899269.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                            • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1679769738.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1679324608.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1682386125.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000003.1682819920.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            Target ID:3
                                            Start time:15:56:05
                                            Start date:14/07/2024
                                            Path:C:\ProgramData\1EB6.tmp
                                            Wow64 process (32bit):true
                                            Commandline:"C:\ProgramData\1EB6.tmp"
                                            Imagebase:0x400000
                                            File size:14'336 bytes
                                            MD5 hash:294E9F64CB1642DD89229FFF0592856B
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Antivirus matches:
                                            • Detection: 100%, Avira
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 92%, ReversingLabs
                                            Reputation:moderate
                                            Has exited:true

                                            Target ID:8
                                            Start time:15:57:02
                                            Start date:14/07/2024
                                            Path:C:\Windows\SysWOW64\cmd.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\1EB6.tmp >> NUL
                                            Imagebase:0x240000
                                            File size:236'544 bytes
                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Target ID:9
                                            Start time:15:57:02
                                            Start date:14/07/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff7699e0000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:19.3%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:17.4%
                                              Total number of Nodes:1727
                                              Total number of Limit Nodes:9
                                              execution_graph 11180 4a8208 11181 4a821e 11180->11181 11182 4a820f 11180->11182 11183 4a7968 3 API calls 11181->11183 11184 4a8226 11183->11184 11185 4a822e RtlCreateHeap 11184->11185 11186 4a83c5 11184->11186 11185->11186 11187 4a8249 11185->11187 11188 4a7968 3 API calls 11187->11188 11189 4a8265 11188->11189 11189->11186 11190 4a7c1c 8 API calls 11189->11190 11191 4a8280 11190->11191 11192 4a7c1c 8 API calls 11191->11192 11193 4a8291 11192->11193 11194 4a7c1c 8 API calls 11193->11194 11195 4a82a2 11194->11195 11196 4a7c1c 8 API calls 11195->11196 11197 4a82b3 11196->11197 11198 4a7c1c 8 API calls 11197->11198 11199 4a82c4 11198->11199 11200 4a7c1c 8 API calls 11199->11200 11201 4a82d5 11200->11201 11202 4a7c1c 8 API calls 11201->11202 11203 4a82e6 11202->11203 11204 4a7c1c 8 API calls 11203->11204 11205 4a82f7 11204->11205 11206 4a7c1c 8 API calls 11205->11206 11207 4a8308 11206->11207 11208 4a7c1c 8 API calls 11207->11208 11209 4a8319 11208->11209 11210 4a7c1c 8 API calls 11209->11210 11211 4a832a 11210->11211 11212 4a7c1c 8 API calls 11211->11212 11213 4a833b 11212->11213 11214 4a7c1c 8 API calls 11213->11214 11215 4a834c 11214->11215 11216 4a7c1c 8 API calls 11215->11216 11217 4a835d 11216->11217 11218 4a7c1c 8 API calls 11217->11218 11219 4a836e 11218->11219 11220 4a7c1c 8 API calls 11219->11220 11221 4a837f 11220->11221 11222 4a7c1c 8 API calls 11221->11222 11223 4a8390 11222->11223 11224 4a7c1c 8 API calls 11223->11224 11225 4a83a1 11224->11225 11226 4a7c1c 8 API calls 11225->11226 11227 4a83b2 11226->11227 11228 4ad264 NtSetInformationThread 11227->11228 11229 4a83b9 11228->11229 11230 4b91a8 2 API calls 11229->11230 11231 4a83c0 11230->11231 11232 4ad290 4 API calls 11231->11232 11232->11186 11354 4b13c0 11356 4b13a2 11354->11356 11355 4a86a8 RtlAllocateHeap 11355->11356 11356->11355 11358 4b13be 11356->11358 11357 4b14e2 11358->11357 11359 4a86a8 RtlAllocateHeap 11358->11359 11359->11358 11602 4b19ab 11615 4b1822 11602->11615 11603 4a86d0 RtlFreeHeap 11603->11615 11604 4a8844 RtlAllocateHeap 11604->11615 11605 4b1aab 11608 4b1ab9 11605->11608 11609 4a86d0 RtlFreeHeap 11605->11609 11606 4b1a41 11606->11605 11607 4a86d0 RtlFreeHeap 11606->11607 11607->11605 11610 4b1ac7 11608->11610 11611 4a86d0 RtlFreeHeap 11608->11611 11609->11608 11611->11610 11612 4b106c NtSetInformationThread NtClose 11612->11615 11613 4b11a8 NtSetInformationThread NtClose 11613->11615 11614 4ad1e0 2 API calls 11614->11615 11615->11603 11615->11604 11615->11606 11615->11612 11615->11613 11615->11614 11414 4ad4e8 11415 4ad535 11414->11415 11416 4ad53a 11415->11416 11417 4ad53c RtlAdjustPrivilege 11415->11417 11417->11415 11417->11416 9288 4bb46f 9289 4bb475 9288->9289 9296 4a8214 9289->9296 9293 4bb47f 9394 4b8ec8 9293->9394 9297 4a8226 9296->9297 9298 4a7968 3 API calls 9296->9298 9299 4a822e RtlCreateHeap 9297->9299 9300 4a83c5 9297->9300 9298->9297 9299->9300 9301 4a8249 9299->9301 9347 4ab7b4 9300->9347 9439 4a7968 9301->9439 9306 4a7c1c 8 API calls 9307 4a8291 9306->9307 9308 4a7c1c 8 API calls 9307->9308 9309 4a82a2 9308->9309 9310 4a7c1c 8 API calls 9309->9310 9311 4a82b3 9310->9311 9312 4a7c1c 8 API calls 9311->9312 9313 4a82c4 9312->9313 9314 4a7c1c 8 API calls 9313->9314 9315 4a82d5 9314->9315 9316 4a7c1c 8 API calls 9315->9316 9317 4a82e6 9316->9317 9318 4a7c1c 8 API calls 9317->9318 9319 4a82f7 9318->9319 9320 4a7c1c 8 API calls 9319->9320 9321 4a8308 9320->9321 9322 4a7c1c 8 API calls 9321->9322 9323 4a8319 9322->9323 9324 4a7c1c 8 API calls 9323->9324 9325 4a832a 9324->9325 9326 4a7c1c 8 API calls 9325->9326 9327 4a833b 9326->9327 9328 4a7c1c 8 API calls 9327->9328 9329 4a834c 9328->9329 9330 4a7c1c 8 API calls 9329->9330 9331 4a835d 9330->9331 9332 4a7c1c 8 API calls 9331->9332 9333 4a836e 9332->9333 9334 4a7c1c 8 API calls 9333->9334 9335 4a837f 9334->9335 9336 4a7c1c 8 API calls 9335->9336 9337 4a8390 9336->9337 9338 4a7c1c 8 API calls 9337->9338 9339 4a83a1 9338->9339 9340 4a7c1c 8 API calls 9339->9340 9341 4a83b2 9340->9341 9453 4ad264 9341->9453 9343 4a83b9 9456 4b91a8 9343->9456 9348 4ab7b9 9347->9348 9503 4a8dac 9348->9503 9353 4ab7cc 9539 4ad2fc CheckTokenMembership 9353->9539 9354 4ab7fb 9540 4a8ba4 9354->9540 9356 4ab80a 9357 4ab818 9356->9357 9543 4ad990 9356->9543 9357->9293 9358 4ab7dd 9358->9354 9587 4ad31c 9358->9587 9361 4ab824 9546 4ad528 9361->9546 9368 4ab837 9372 4ab8c3 9368->9372 9617 4acfcc 9368->9617 9375 4ab902 9372->9375 9378 4ad494 NtQueryInformationToken 9372->9378 9373 4ab860 9373->9368 9600 4acc94 9373->9600 9559 4ae218 9375->9559 9387 4ab8f0 9378->9387 9386 4ab89e 9386->9372 9389 4a86d0 RtlFreeHeap 9386->9389 9387->9375 9638 4b4cb8 9387->9638 9390 4ab8ad 9389->9390 9391 4a86d0 RtlFreeHeap 9390->9391 9392 4ab8b8 9391->9392 9393 4a86d0 RtlFreeHeap 9392->9393 9393->9372 9395 4b8ef2 9394->9395 9396 4b8f13 9395->9396 9408 4b8f22 9395->9408 9420 4b8f08 29 API calls 9395->9420 9703 4ab9d0 9396->9703 9400 4b90a1 9402 4b90a7 9400->9402 9403 4b90b6 9400->9403 9401 4b9094 9772 4b3b2c 9401->9772 9405 4ab9d0 15 API calls 9402->9405 9406 4b90bc 9403->9406 9407 4b90c6 9403->9407 9409 4b90ac 9405->9409 9856 4b8e1c 9406->9856 9411 4b90cc 9407->9411 9412 4b90e5 9407->9412 9408->9400 9408->9401 9823 4b39c4 9409->9823 9867 4b8a70 9411->9867 9413 4b90eb 9412->9413 9414 4b90f5 9412->9414 9894 4b53dc 9413->9894 9419 4b9148 9414->9419 9425 4b90fb 9414->9425 9422 4b914e 9419->9422 9423 4b9157 9419->9423 9426 4b868c 2 API calls 9422->9426 9947 4ac158 9423->9947 9424 4b912a 9424->9420 9915 4b1f84 9424->9915 9425->9424 9901 4b8878 9425->9901 9426->9420 9431 4b918c 9431->9420 9951 4b3ef8 9431->9951 9433 4ac158 2 API calls 9434 4b917b 9433->9434 9434->9431 9435 4b9180 9434->9435 9436 4ab9d0 15 API calls 9435->9436 9437 4b9185 9436->9437 9438 4b8b04 128 API calls 9437->9438 9438->9420 9440 4a797a 9439->9440 9441 4a7994 9439->9441 9442 4a7968 3 API calls 9440->9442 9443 4a7968 3 API calls 9441->9443 9445 4a79bc 9441->9445 9442->9441 9443->9445 9444 4a7a86 9444->9300 9447 4a7c1c 9444->9447 9445->9444 9467 4a7900 9445->9467 9482 4a7aa0 9447->9482 9449 4a7c47 9449->9306 9450 4a7968 3 API calls 9451 4a7c57 RtlAllocateHeap 9450->9451 9452 4a7c31 9451->9452 9452->9449 9452->9450 9454 4ad278 NtSetInformationThread 9453->9454 9454->9343 9457 4b91c4 9456->9457 9497 4a86a8 9457->9497 9459 4a83c0 9462 4ad290 9459->9462 9461 4b91d4 9461->9459 9500 4a86d0 9461->9500 9463 4a7968 3 API calls 9462->9463 9464 4ad2b5 9463->9464 9465 4ad2be NtProtectVirtualMemory 9464->9465 9466 4ad2db 9464->9466 9465->9466 9466->9300 9468 4a795e 9467->9468 9469 4a792c 9467->9469 9468->9445 9469->9468 9474 4a789c 9469->9474 9471 4a7940 9471->9468 9471->9471 9472 4a7954 9471->9472 9477 4a7850 9472->9477 9475 4a78b3 9474->9475 9476 4a78e1 LdrLoadDll 9475->9476 9476->9471 9478 4a785f 9477->9478 9479 4a7880 LdrGetProcedureAddress 9477->9479 9481 4a786b LdrGetProcedureAddress 9478->9481 9480 4a7892 9479->9480 9480->9468 9481->9480 9483 4a7acd 9482->9483 9484 4a7ab3 9482->9484 9486 4a7af5 9483->9486 9487 4a7968 3 API calls 9483->9487 9485 4a7968 3 API calls 9484->9485 9485->9483 9488 4a7968 3 API calls 9486->9488 9489 4a7b1d 9486->9489 9487->9486 9488->9489 9490 4a7b65 FindFirstFileW 9489->9490 9491 4a7bd6 9489->9491 9492 4a7bb3 FindNextFileW 9489->9492 9493 4a7b95 FindClose 9489->9493 9490->9489 9491->9452 9492->9489 9494 4a7bc7 FindClose 9492->9494 9495 4a789c LdrLoadDll 9493->9495 9494->9489 9496 4a7bac 9495->9496 9496->9452 9498 4a86b0 9497->9498 9499 4a86be RtlAllocateHeap 9498->9499 9499->9461 9501 4a86d8 9500->9501 9502 4a86e6 RtlFreeHeap 9501->9502 9502->9459 9642 4a8c4c 9503->9642 9505 4a8dc4 9506 4a909b 9505->9506 9507 4a86a8 RtlAllocateHeap 9505->9507 9506->9353 9536 4a9ee8 9506->9536 9511 4a8de1 9507->9511 9508 4a9093 9509 4a86d0 RtlFreeHeap 9508->9509 9509->9506 9510 4a86d0 RtlFreeHeap 9510->9508 9511->9508 9512 4a86a8 RtlAllocateHeap 9511->9512 9517 4a8e64 9511->9517 9535 4a9085 9511->9535 9512->9517 9513 4a86a8 RtlAllocateHeap 9514 4a8e97 9513->9514 9515 4a8eca 9514->9515 9516 4a86a8 RtlAllocateHeap 9514->9516 9518 4a86a8 RtlAllocateHeap 9515->9518 9520 4a8efd 9515->9520 9516->9515 9517->9513 9517->9514 9518->9520 9519 4a8f96 9526 4a86a8 RtlAllocateHeap 9519->9526 9527 4a8fcd 9519->9527 9521 4a8f30 9520->9521 9522 4a86a8 RtlAllocateHeap 9520->9522 9523 4a86a8 RtlAllocateHeap 9521->9523 9524 4a8f63 9521->9524 9522->9521 9523->9524 9524->9519 9525 4a86a8 RtlAllocateHeap 9524->9525 9525->9519 9526->9527 9528 4a86a8 RtlAllocateHeap 9527->9528 9527->9535 9529 4a9008 9528->9529 9529->9535 9645 4a8d48 9529->9645 9531 4a9030 9532 4a86a8 RtlAllocateHeap 9531->9532 9533 4a904f 9532->9533 9534 4a86d0 RtlFreeHeap 9533->9534 9533->9535 9534->9535 9535->9510 9537 4a9efb NtQueryDefaultUILanguage 9536->9537 9538 4a9f21 9537->9538 9538->9353 9539->9358 9541 4a86a8 RtlAllocateHeap 9540->9541 9542 4a8bb9 9541->9542 9542->9356 9544 4a86a8 RtlAllocateHeap 9543->9544 9545 4ad9a1 9544->9545 9545->9361 9547 4ad535 9546->9547 9548 4ad53c RtlAdjustPrivilege 9547->9548 9549 4ab82e 9547->9549 9548->9547 9548->9549 9550 4ad494 9549->9550 9551 4ad4ab 9550->9551 9552 4ad4af NtQueryInformationToken 9551->9552 9553 4ab833 9551->9553 9552->9553 9553->9368 9554 4ad1a8 9553->9554 9654 4ab5fc 9554->9654 9556 4ad1c5 9558 4ab84d 9556->9558 9665 4ab6a4 9556->9665 9558->9368 9599 4ad2fc CheckTokenMembership 9558->9599 9560 4ab917 9559->9560 9561 4ae238 9559->9561 9581 4b00a0 9560->9581 9562 4a8c4c RtlAllocateHeap 9561->9562 9563 4ae249 9562->9563 9563->9560 9564 4a86a8 RtlAllocateHeap 9563->9564 9569 4ae265 9564->9569 9565 4ae465 9566 4a86d0 RtlFreeHeap 9565->9566 9566->9560 9567 4ae456 9568 4a86d0 RtlFreeHeap 9567->9568 9568->9565 9569->9565 9569->9567 9570 4ae2b9 CreateFileW 9569->9570 9570->9567 9571 4ae30d WriteFile 9570->9571 9571->9567 9572 4ae328 RegCreateKeyExW 9571->9572 9572->9567 9573 4ae351 RegSetValueExW 9572->9573 9575 4ae44d NtClose 9573->9575 9576 4ae383 RegCreateKeyExW 9573->9576 9575->9567 9576->9575 9578 4ae3fe RegSetValueExW 9576->9578 9578->9575 9580 4ae432 SHChangeNotify 9578->9580 9580->9575 9582 4b00bc 9581->9582 9672 4b0138 9582->9672 9584 4b0112 9585 4a86d0 RtlFreeHeap 9584->9585 9586 4ab91c 9584->9586 9585->9586 9586->9293 9588 4ad331 9587->9588 9589 4a86a8 RtlAllocateHeap 9588->9589 9590 4ab7f2 9588->9590 9591 4ad36a 9589->9591 9590->9354 9593 4ad8dc 9590->9593 9591->9590 9592 4a86d0 RtlFreeHeap 9591->9592 9592->9590 9594 4ad8f1 9593->9594 9595 4ad986 9594->9595 9676 4ab564 9594->9676 9595->9354 9598 4a86d0 RtlFreeHeap 9598->9595 9599->9373 9601 4accdf 9600->9601 9616 4ace94 9601->9616 9680 4aca48 9601->9680 9603 4acced 9604 4acddb 9603->9604 9605 4aceef 9603->9605 9603->9616 9606 4a8c4c RtlAllocateHeap 9604->9606 9604->9616 9607 4a8c4c RtlAllocateHeap 9605->9607 9605->9616 9608 4ace0e 9606->9608 9609 4acf1e 9607->9609 9611 4a86d0 RtlFreeHeap 9608->9611 9608->9616 9610 4a86d0 RtlFreeHeap 9609->9610 9609->9616 9610->9616 9612 4ace30 9611->9612 9613 4a8c4c RtlAllocateHeap 9612->9613 9612->9616 9614 4ace76 9613->9614 9615 4a86d0 RtlFreeHeap 9614->9615 9614->9616 9615->9616 9616->9368 9618 4acfea 9617->9618 9619 4a86a8 RtlAllocateHeap 9618->9619 9621 4acff5 9619->9621 9620 4ab87c 9620->9372 9631 4ad3d8 9620->9631 9621->9620 9622 4a86d0 RtlFreeHeap 9621->9622 9624 4ad016 9622->9624 9623 4a86d0 RtlFreeHeap 9623->9620 9630 4ad170 9624->9630 9690 4a8c7c 9624->9690 9626 4ad126 9627 4a8c7c RtlAllocateHeap 9626->9627 9628 4ad14b 9627->9628 9629 4a8c7c RtlAllocateHeap 9628->9629 9629->9630 9630->9623 9632 4ad3ed 9631->9632 9633 4ab895 9632->9633 9634 4a86a8 RtlAllocateHeap 9632->9634 9633->9372 9637 4ad2fc CheckTokenMembership 9633->9637 9636 4ad426 9634->9636 9635 4a86d0 RtlFreeHeap 9635->9633 9636->9633 9636->9635 9637->9386 9639 4b4cc8 9638->9639 9641 4b4d26 9639->9641 9693 4b4a28 9639->9693 9641->9375 9643 4a86a8 RtlAllocateHeap 9642->9643 9644 4a8c5d 9643->9644 9644->9505 9646 4a8d6f 9645->9646 9651 4a8cf0 9646->9651 9648 4a8d8f 9649 4a86d0 RtlFreeHeap 9648->9649 9650 4a8da3 9649->9650 9650->9531 9652 4a86a8 RtlAllocateHeap 9651->9652 9653 4a8d13 9652->9653 9653->9648 9655 4a86a8 RtlAllocateHeap 9654->9655 9658 4ab61a 9655->9658 9656 4ab61d NtQuerySystemInformation 9657 4ab633 9656->9657 9656->9658 9663 4a86d0 RtlFreeHeap 9657->9663 9658->9656 9659 4ab650 9658->9659 9669 4a86f8 9658->9669 9661 4a86d0 RtlFreeHeap 9659->9661 9662 4ab658 9661->9662 9662->9556 9664 4ab696 9663->9664 9664->9556 9668 4ab6c9 9665->9668 9666 4ab79b 9666->9558 9667 4ab792 NtClose 9667->9666 9668->9666 9668->9667 9670 4a8700 9669->9670 9671 4a870e RtlReAllocateHeap 9670->9671 9671->9658 9673 4b0144 9672->9673 9675 4b0151 9672->9675 9674 4a86a8 RtlAllocateHeap 9673->9674 9673->9675 9674->9675 9675->9584 9677 4ab576 9676->9677 9679 4ab59e 9676->9679 9678 4a86a8 RtlAllocateHeap 9677->9678 9678->9679 9679->9598 9681 4a86a8 RtlAllocateHeap 9680->9681 9682 4aca6d 9681->9682 9683 4acaa3 9682->9683 9684 4a86f8 RtlReAllocateHeap 9682->9684 9689 4aca86 9682->9689 9685 4a86d0 RtlFreeHeap 9683->9685 9684->9682 9686 4acaab 9685->9686 9686->9603 9687 4a86d0 RtlFreeHeap 9688 4acbd0 9687->9688 9688->9603 9689->9687 9691 4a86a8 RtlAllocateHeap 9690->9691 9692 4a8c8e 9691->9692 9692->9626 9694 4b4a39 9693->9694 9696 4b4bc7 9694->9696 9697 4ad1e0 9694->9697 9696->9641 9698 4ad1f2 9697->9698 9699 4ad1ef 9697->9699 9698->9699 9700 4ad239 NtSetInformationThread 9698->9700 9699->9696 9701 4ad24e 9700->9701 9702 4ad24f NtClose 9700->9702 9701->9702 9702->9699 9704 4aba7e 9703->9704 9705 4ab9e3 9703->9705 9712 4b8b04 9704->9712 9988 4a9dec 9705->9988 9708 4aba31 9709 4aba51 CreateMutexW 9708->9709 9992 4a8750 9709->9992 9710 4b1f84 14 API calls 9710->9708 9727 4b8b1b 9712->9727 9713 4b8be4 CreateThread 9717 4b8bff 9713->9717 10540 4aad98 RtlAdjustPrivilege 9713->10540 9998 4a92d8 GetLogicalDriveStringsW 9717->9998 9719 4b8b86 9721 4aba84 3 API calls 9719->9721 9723 4b8bc9 9719->9723 9720 4b8c19 9722 4b8c27 9720->9722 10005 4a9b14 OpenSCManagerW 9720->10005 9721->9723 9725 4b8c48 9722->9725 9726 4b8c30 CreateThread 9722->9726 9723->9713 9723->9717 9728 4b8cc5 9725->9728 10011 4ad554 9725->10011 9726->9725 10527 4a9c88 9726->10527 9727->9719 9727->9723 10142 4aba84 9727->10142 9729 4b8cdb NtTerminateThread 9728->9729 9730 4b8cef 9728->9730 9729->9730 9732 4b8cf8 CreateThread 9730->9732 9733 4b8d13 9730->9733 9732->9733 10535 4ab458 9732->10535 9737 4b8e02 9733->9737 9761 4b8d33 9733->9761 10167 4b3404 9737->10167 9739 4b8da9 9744 4ad494 NtQueryInformationToken 9739->9744 9740 4b8ca5 9742 4b8cb8 9740->9742 9746 4b00a0 2 API calls 9740->9746 9758 4b00a0 2 API calls 9742->9758 9748 4b8dae 9744->9748 9751 4b8cb3 9746->9751 9753 4b8db9 9748->9753 9754 4b8db2 9748->9754 10065 4b1758 9751->10065 9752 4b00a0 2 API calls 9759 4b8c96 9752->9759 10102 4aa060 9753->10102 10163 4aa790 9754->10163 9755 4b8e00 9755->9420 9758->9728 10034 4b2508 9759->10034 9761->9739 10087 4af820 9761->10087 9764 4b8c9b 9767 4b00a0 2 API calls 9764->9767 9765 4b8db7 9765->9755 10136 4ab464 9765->10136 9769 4b8ca0 9767->9769 10041 4b26b4 9769->10041 9770 4b1f84 14 API calls 9770->9755 9773 4a8798 RtlAllocateHeap 9772->9773 9774 4b3b44 9773->9774 9775 4b3b66 9774->9775 9776 4b3b75 9774->9776 9793 4b3bdd 9774->9793 10598 4b1ad0 9775->10598 10624 4a9298 9776->10624 9780 4b3bd5 9781 4a86d0 RtlFreeHeap 9780->9781 9781->9793 9782 4a86a8 RtlAllocateHeap 9814 4b3bba 9782->9814 9783 4b3bf2 9784 4a86d0 RtlFreeHeap 9783->9784 9784->9793 9785 4ac158 2 API calls 9785->9814 9786 4b3c66 9787 4a86d0 RtlFreeHeap 9786->9787 9787->9793 9788 4b3e3f 9790 4a86d0 RtlFreeHeap 9788->9790 9789 4b3d5e 9791 4a86d0 RtlFreeHeap 9789->9791 9790->9793 9791->9793 9792 4ac0a0 NtSetInformationThread NtClose 9792->9814 9793->9420 9794 4b3e52 9797 4b3e71 9794->9797 9802 4b3e67 9794->9802 9795 4b3d71 10636 4ac1fc 9795->10636 9796 4b3d41 9801 4a86d0 RtlFreeHeap 9796->9801 9799 4a87e8 RtlAllocateHeap 9797->9799 9798 4b3d95 9806 4b3dfd 9798->9806 9807 4b3df3 9798->9807 9803 4b3eca 9799->9803 9801->9793 9809 4a86d0 RtlFreeHeap 9802->9809 9810 4a86d0 RtlFreeHeap 9803->9810 10640 4a88d8 9806->10640 9812 4a87e8 RtlAllocateHeap 9807->9812 9809->9793 9815 4b3ed3 9810->9815 9811 4b3d88 9816 4a86d0 RtlFreeHeap 9811->9816 9813 4b3dfb 9812->9813 9818 4a86d0 RtlFreeHeap 9813->9818 9814->9780 9814->9782 9814->9783 9814->9785 9814->9786 9814->9788 9814->9789 9814->9792 9814->9793 9814->9794 9814->9795 9814->9796 9814->9797 9814->9798 9817 4a86d0 RtlFreeHeap 9814->9817 9819 4ac988 NtSetInformationThread NtClose 9814->9819 10630 4ac778 9814->10630 9815->9793 9821 4b243c 11 API calls 9815->9821 9816->9793 9817->9814 9820 4b3e0e 9818->9820 9819->9814 9820->9793 10644 4b243c 9820->10644 9821->9793 9824 4b37f8 2 API calls 9823->9824 9825 4b39d2 9824->9825 9826 4b39f7 9825->9826 9827 4b39d6 9825->9827 9829 4ab464 2 API calls 9826->9829 9828 4b39f2 9827->9828 9831 4b1f84 14 API calls 9827->9831 9828->9420 9830 4b39fc 9829->9830 9832 4b3a0a 9830->9832 9833 4b3a00 9830->9833 9831->9828 10653 4ad2fc CheckTokenMembership 9832->10653 9834 4b8b04 128 API calls 9833->9834 9836 4b3a05 9834->9836 9836->9420 9837 4b3b26 9837->9420 9838 4b3a85 9839 4b3ace 9838->9839 9844 4aba84 3 API calls 9838->9844 10654 4b2900 9839->10654 9840 4aba84 3 API calls 9840->9838 9842 4b3a0f 9842->9837 9842->9838 9842->9840 9844->9839 9849 4b2968 3 API calls 9850 4b3b13 9849->9850 10702 4b2c40 9850->10702 9853 4aa060 15 API calls 9854 4b3b1f 9853->9854 9855 4b317c 2 API calls 9854->9855 9855->9837 10741 4b36b8 9856->10741 9859 4aa060 15 API calls 9860 4b8e2f 9859->9860 9861 4ad494 NtQueryInformationToken 9860->9861 9865 4b8e48 9861->9865 9862 4b8ec0 9862->9420 9863 4ab464 2 API calls 9864 4b8ea0 9863->9864 9866 4b1f84 14 API calls 9864->9866 9865->9862 9865->9863 9866->9862 9868 4b5424 RtlAllocateHeap 9867->9868 9872 4b8a82 9868->9872 9869 4b8aff 9882 4b868c 9869->9882 9870 4b8af1 9870->9869 9871 4a86d0 RtlFreeHeap 9870->9871 9871->9869 9872->9870 9873 4b8ac6 9872->9873 10754 4b7f60 9872->10754 10772 4b5970 9873->10772 9879 4b8ae7 9881 4b5970 2 API calls 9879->9881 9881->9870 9883 4b886f 9882->9883 9884 4b86a0 9882->9884 9883->9420 9885 4b5424 RtlAllocateHeap 9884->9885 9890 4b86b0 9885->9890 9886 4b8756 9887 4b8861 9886->9887 9888 4a86d0 RtlFreeHeap 9886->9888 9887->9883 9889 4a86d0 RtlFreeHeap 9887->9889 9888->9887 9889->9883 9890->9886 9891 4a86a8 RtlAllocateHeap 9890->9891 9892 4b8778 9891->9892 9892->9886 11080 4b8158 9892->11080 9895 4b5424 RtlAllocateHeap 9894->9895 9899 4b53ee 9895->9899 9896 4b5412 9897 4b5420 9896->9897 9898 4a86d0 RtlFreeHeap 9896->9898 9897->9420 9898->9897 9899->9896 11090 4b5254 9899->11090 9902 4b8894 9901->9902 9903 4a8c4c RtlAllocateHeap 9902->9903 9904 4b89a5 9903->9904 9905 4a8c4c RtlAllocateHeap 9904->9905 9914 4b89ae 9904->9914 9907 4b89bf 9905->9907 9906 4b8a4b 9909 4b8a59 9906->9909 9911 4a86d0 RtlFreeHeap 9906->9911 9910 4a8c4c RtlAllocateHeap 9907->9910 9907->9914 9908 4a86d0 RtlFreeHeap 9908->9906 9912 4b8a67 9909->9912 9913 4a86d0 RtlFreeHeap 9909->9913 9910->9914 9911->9909 9912->9424 9913->9912 9914->9906 9914->9908 9916 4b1fb9 9915->9916 9917 4a8c4c RtlAllocateHeap 9916->9917 9918 4b2032 9917->9918 9919 4a86a8 RtlAllocateHeap 9918->9919 9920 4b203b 9918->9920 9922 4b2052 9919->9922 9921 4b2400 9920->9921 9923 4a86d0 RtlFreeHeap 9920->9923 9924 4b240e 9921->9924 9925 4a86d0 RtlFreeHeap 9921->9925 9922->9920 11108 4b1e08 9922->11108 9923->9921 9926 4b241c 9924->9926 9928 4a86d0 RtlFreeHeap 9924->9928 9925->9924 9929 4b242a 9926->9929 9931 4a86d0 RtlFreeHeap 9926->9931 9928->9926 9929->9420 9930 4b2083 9930->9920 9932 4b20a4 GetTempFileNameW CreateFileW 9930->9932 9931->9929 9932->9920 9933 4b20e9 WriteFile 9932->9933 9933->9920 9934 4b2105 CreateProcessW 9933->9934 9934->9920 9936 4b216f NtQueryInformationProcess 9934->9936 9936->9920 9937 4b2193 NtReadVirtualMemory 9936->9937 9937->9920 9938 4b21ba 9937->9938 9939 4a8c4c RtlAllocateHeap 9938->9939 9940 4b21c4 9939->9940 9940->9920 9941 4b2228 NtProtectVirtualMemory 9940->9941 9941->9920 9942 4b2254 NtWriteVirtualMemory 9941->9942 9942->9920 9943 4b226e 9942->9943 9943->9920 9944 4b22d1 NtDuplicateObject 9943->9944 9944->9920 9945 4b22f9 CreateNamedPipeW 9944->9945 9945->9920 9946 4b2365 ResumeThread ConnectNamedPipe 9945->9946 9946->9920 9948 4ac17b 9947->9948 9949 4ad1e0 2 API calls 9948->9949 9950 4ac195 9948->9950 9949->9950 9950->9431 9950->9433 9952 4a8798 RtlAllocateHeap 9951->9952 9967 4b3f10 9952->9967 9953 4ac0a0 NtSetInformationThread NtClose 9953->9967 9954 4ac158 2 API calls 9954->9967 9955 4b408c 9956 4a86d0 RtlFreeHeap 9955->9956 9983 4b3f96 9956->9983 9957 4b3fab 9958 4a86d0 RtlFreeHeap 9957->9958 9958->9983 9959 4b3fbe 9964 4ac1fc 2 API calls 9959->9964 9960 4b3f8e 9965 4a86d0 RtlFreeHeap 9960->9965 9961 4b40be 9963 4a87e8 RtlAllocateHeap 9961->9963 9962 4b409f 9962->9961 9968 4b40b4 9962->9968 9969 4b4117 9963->9969 9970 4b3fd1 9964->9970 9965->9983 9966 4b3fe2 9971 4b404a 9966->9971 9972 4b4040 9966->9972 9967->9953 9967->9954 9967->9955 9967->9957 9967->9959 9967->9960 9967->9961 9967->9962 9967->9966 9980 4ac988 NtSetInformationThread NtClose 9967->9980 9967->9983 9986 4a86d0 RtlFreeHeap 9967->9986 9973 4a86d0 RtlFreeHeap 9968->9973 9974 4a86d0 RtlFreeHeap 9969->9974 9970->9966 9975 4b3fd5 9970->9975 9977 4a88d8 RtlAllocateHeap 9971->9977 9976 4a87e8 RtlAllocateHeap 9972->9976 9973->9983 9982 4b4120 9974->9982 9978 4a86d0 RtlFreeHeap 9975->9978 9979 4b4048 9976->9979 9977->9979 9978->9983 9981 4a86d0 RtlFreeHeap 9979->9981 9980->9967 9984 4b405b 9981->9984 9982->9983 9985 4b243c 11 API calls 9982->9985 9983->9420 9984->9983 9987 4b243c 11 API calls 9984->9987 9985->9983 9986->9967 9987->9983 9989 4a9e05 9988->9989 9991 4a9ebe 9989->9991 9995 4a8724 9989->9995 9991->9708 9991->9710 9993 4a86d0 RtlFreeHeap 9992->9993 9994 4a875f 9993->9994 9994->9704 9996 4a86a8 RtlAllocateHeap 9995->9996 9997 4a873a 9996->9997 9997->9991 9999 4a92fb 9998->9999 10000 4a9323 9998->10000 9999->10000 10001 4a9304 GetDriveTypeW 9999->10001 10196 4a932c 9999->10196 10003 4a969c CoInitialize 10000->10003 10001->9999 10004 4a96d1 10003->10004 10004->9720 10006 4a9b42 10005->10006 10010 4a9b71 10005->10010 10009 4a86a8 RtlAllocateHeap 10006->10009 10007 4a9c25 10007->9722 10008 4a86d0 RtlFreeHeap 10008->10007 10009->10010 10010->10007 10010->10008 10012 4a8724 RtlAllocateHeap 10011->10012 10013 4ad55c 10012->10013 10014 4ad562 NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess 10013->10014 10015 4ad5a4 10013->10015 10016 4a8750 RtlFreeHeap 10014->10016 10017 4affd0 10015->10017 10016->10015 10020 4affdd 10017->10020 10018 4b0042 10018->9728 10018->9740 10023 4ac4ac 10018->10023 10019 4b0012 CreateThread 10019->10020 10263 4afc5c SetThreadPriority 10019->10263 10020->10018 10020->10019 10021 4ad264 NtSetInformationThread 10020->10021 10022 4b0033 NtClose 10021->10022 10022->10020 10024 4ac4d3 GetVolumeNameForVolumeMountPointW 10023->10024 10026 4ac516 FindFirstVolumeW 10024->10026 10027 4ac767 10026->10027 10032 4ac532 10026->10032 10027->9752 10028 4ac54b GetVolumePathNamesForVolumeNameW 10028->10032 10029 4ac57c GetDriveTypeW 10029->10032 10030 4ac61d CreateFileW 10031 4ac643 DeviceIoControl 10030->10031 10030->10032 10031->10032 10032->10027 10032->10028 10032->10029 10032->10030 10033 4ac420 6 API calls 10032->10033 10033->10032 10035 4b2562 10034->10035 10037 4b25d8 10035->10037 10040 4b2633 10035->10040 10271 4ad2fc CheckTokenMembership 10035->10271 10038 4b25dc 10037->10038 10272 4a87e8 10037->10272 10038->9764 10040->9764 10042 4b26c9 10041->10042 10276 4ac2a8 CreateThread 10042->10276 10044 4b26db 10045 4b26e1 10044->10045 10046 4a86a8 RtlAllocateHeap 10044->10046 10047 4b28da 10045->10047 10049 4a86d0 RtlFreeHeap 10045->10049 10048 4b26f3 10046->10048 10050 4b28e8 10047->10050 10052 4a86d0 RtlFreeHeap 10047->10052 10048->10045 10051 4ac2a8 6 API calls 10048->10051 10049->10047 10053 4b28f6 10050->10053 10055 4a86d0 RtlFreeHeap 10050->10055 10054 4b2710 10051->10054 10052->10050 10053->9740 10054->10045 10056 4a86a8 RtlAllocateHeap 10054->10056 10055->10053 10057 4b272b 10056->10057 10057->10045 10058 4a86a8 RtlAllocateHeap 10057->10058 10059 4b2746 10058->10059 10059->10045 10061 4a87e8 RtlAllocateHeap 10059->10061 10063 4a87e8 RtlAllocateHeap 10059->10063 10064 4ad1e0 2 API calls 10059->10064 10284 4abfe0 CreateThread 10059->10284 10062 4b27a2 CreateThread 10061->10062 10062->10059 10294 4b0dd4 GetFileAttributesW 10062->10294 10063->10059 10064->10059 10066 4b1784 10065->10066 10067 4a86a8 RtlAllocateHeap 10066->10067 10068 4b1791 10067->10068 10082 4b179a 10068->10082 10446 4b12fc CoInitialize 10068->10446 10070 4b1aab 10073 4b1ab9 10070->10073 10074 4a86d0 RtlFreeHeap 10070->10074 10072 4a86d0 RtlFreeHeap 10072->10070 10075 4b1ac7 10073->10075 10077 4a86d0 RtlFreeHeap 10073->10077 10074->10073 10075->9742 10076 4a86a8 RtlAllocateHeap 10078 4b17c7 10076->10078 10077->10075 10079 4a86a8 RtlAllocateHeap 10078->10079 10078->10082 10084 4b17e2 10079->10084 10080 4b106c NtSetInformationThread NtClose 10080->10084 10082->10070 10082->10072 10083 4a86d0 RtlFreeHeap 10083->10084 10084->10080 10084->10082 10084->10083 10085 4b11a8 NtSetInformationThread NtClose 10084->10085 10086 4ad1e0 2 API calls 10084->10086 10452 4a8844 10084->10452 10085->10084 10086->10084 10456 4aecfc 10087->10456 10089 4af98a 10092 4af998 10089->10092 10093 4a86d0 RtlFreeHeap 10089->10093 10090 4af859 10096 4a8c4c RtlAllocateHeap 10090->10096 10099 4af862 10090->10099 10091 4a86d0 RtlFreeHeap 10091->10089 10094 4af9a6 10092->10094 10095 4a86d0 RtlFreeHeap 10092->10095 10093->10092 10094->9739 10095->10094 10097 4af8af 10096->10097 10098 4a86a8 RtlAllocateHeap 10097->10098 10097->10099 10100 4af8e5 10098->10100 10099->10089 10099->10091 10100->10099 10460 4aedec 10100->10460 10103 4aa0bb 10102->10103 10107 4aa0c0 10102->10107 10104 4aa739 10103->10104 10105 4a86d0 RtlFreeHeap 10103->10105 10106 4a86d0 RtlFreeHeap 10104->10106 10109 4aa747 10104->10109 10105->10104 10106->10109 10107->10103 10499 4b2968 10107->10499 10109->9765 10110 4aa11d 10110->10103 10111 4a86a8 RtlAllocateHeap 10110->10111 10112 4aa1ff 10111->10112 10112->10103 10113 4aa231 10112->10113 10114 4aa217 10112->10114 10115 4a8c4c RtlAllocateHeap 10113->10115 10116 4a8c4c RtlAllocateHeap 10114->10116 10117 4aa221 10115->10117 10116->10117 10117->10103 10118 4aa278 GetTextExtentPoint32W 10117->10118 10119 4aa264 10117->10119 10118->10103 10121 4aa292 10118->10121 10120 4a86d0 RtlFreeHeap 10119->10120 10120->10103 10121->10103 10122 4aa32b DrawTextW 10121->10122 10122->10103 10123 4aa353 10122->10123 10123->10103 10124 4aa48d CreateFileW 10123->10124 10124->10103 10125 4aa4b6 WriteFile 10124->10125 10125->10103 10126 4aa4d7 WriteFile 10125->10126 10126->10103 10127 4aa4f5 WriteFile 10126->10127 10127->10103 10128 4aa513 10127->10128 10506 4a8afc 10128->10506 10130 4aa535 10130->10103 10131 4aa5b8 RegCreateKeyExW 10130->10131 10131->10103 10132 4aa5e9 10131->10132 10133 4aa622 RegSetValueExW 10132->10133 10133->10103 10134 4aa64f 10133->10134 10135 4aa6ae RegSetValueExW 10134->10135 10135->10103 10139 4ab48d 10136->10139 10137 4ab559 10137->9770 10138 4a86d0 RtlFreeHeap 10138->10137 10141 4ab4bc 10139->10141 10512 4ae6e4 10139->10512 10141->10137 10141->10138 10144 4abab6 10142->10144 10143 4ababa 10143->9719 10144->10143 10518 4b5424 10144->10518 10146 4abe6a 10148 4abe7e 10146->10148 10149 4a86d0 RtlFreeHeap 10146->10149 10147 4a86d0 RtlFreeHeap 10147->10146 10150 4abe92 10148->10150 10152 4a86d0 RtlFreeHeap 10148->10152 10149->10148 10151 4abea6 10150->10151 10153 4a86d0 RtlFreeHeap 10150->10153 10151->9719 10152->10150 10153->10151 10154 4abc31 10155 4ad494 NtQueryInformationToken 10154->10155 10159 4abc40 10154->10159 10156 4abd02 10155->10156 10157 4a8c4c RtlAllocateHeap 10156->10157 10156->10159 10158 4abd45 10157->10158 10158->10159 10160 4a8c4c RtlAllocateHeap 10158->10160 10159->10146 10159->10147 10161 4abd65 10160->10161 10161->10159 10162 4a8c4c RtlAllocateHeap 10161->10162 10162->10159 10165 4aa7a1 10163->10165 10164 4aa99c 10164->9765 10165->10164 10166 4ad1e0 2 API calls 10165->10166 10166->10164 10168 4a8c4c RtlAllocateHeap 10167->10168 10172 4b3437 10168->10172 10169 4b3578 10171 4b3586 10169->10171 10174 4a86d0 RtlFreeHeap 10169->10174 10170 4a86d0 RtlFreeHeap 10170->10169 10175 4b3594 10171->10175 10176 4a86d0 RtlFreeHeap 10171->10176 10181 4b3440 10172->10181 10521 4b3388 10172->10521 10174->10171 10184 4b37f8 10175->10184 10176->10175 10177 4b3474 10178 4a8798 RtlAllocateHeap 10177->10178 10177->10181 10179 4b348f 10178->10179 10180 4a8c4c RtlAllocateHeap 10179->10180 10179->10181 10182 4b34f5 10180->10182 10181->10169 10181->10170 10183 4a86d0 RtlFreeHeap 10182->10183 10183->10181 10185 4b38fc 10184->10185 10189 4b392a 10185->10189 10524 4b3704 10185->10524 10187 4b39bb 10190 4b317c 10187->10190 10188 4a86d0 RtlFreeHeap 10188->10187 10189->10187 10189->10188 10191 4b3194 10190->10191 10192 4a8c4c RtlAllocateHeap 10191->10192 10193 4b31ce 10192->10193 10194 4b31d7 10193->10194 10195 4a86d0 RtlFreeHeap 10193->10195 10194->9755 10195->10194 10204 4a9400 10196->10204 10198 4a93f0 10198->9999 10199 4a9344 10199->10198 10200 4a9376 FindFirstFileExW 10199->10200 10200->10198 10202 4a939e 10200->10202 10201 4a93dc FindNextFileW 10201->10198 10201->10202 10202->10201 10210 4a94dc 10202->10210 10205 4a9420 FindFirstFileExW 10204->10205 10207 4a94d2 10205->10207 10209 4a947e FindClose 10205->10209 10207->10199 10209->10207 10211 4a94fe 10210->10211 10212 4a9692 10211->10212 10213 4a86a8 RtlAllocateHeap 10211->10213 10212->10201 10217 4a9516 10213->10217 10214 4a966d 10215 4a9684 10214->10215 10216 4a86d0 RtlFreeHeap 10214->10216 10215->10212 10218 4a86d0 RtlFreeHeap 10215->10218 10216->10215 10217->10214 10219 4a954e FindFirstFileExW 10217->10219 10218->10212 10219->10214 10221 4a9576 10219->10221 10220 4a9655 FindNextFileW 10220->10214 10220->10221 10221->10220 10222 4a86a8 RtlAllocateHeap 10221->10222 10223 4a95f0 GetFileAttributesW 10221->10223 10225 4a86d0 RtlFreeHeap 10221->10225 10226 4a94dc 12 API calls 10221->10226 10227 4a84cc 10221->10227 10222->10221 10223->10221 10225->10221 10226->10221 10228 4a84e2 10227->10228 10228->10228 10247 4abeb4 FindFirstFileExW 10228->10247 10231 4a8509 CreateFileW 10235 4a8609 10231->10235 10236 4a8531 10231->10236 10232 4a8536 NtAllocateVirtualMemory 10233 4a8567 10232->10233 10232->10236 10233->10235 10242 4a85c7 WriteFile 10233->10242 10234 4a8638 NtFreeVirtualMemory 10234->10235 10235->10234 10237 4a865d 10235->10237 10236->10232 10236->10233 10238 4a866c 10237->10238 10239 4a8663 NtClose 10237->10239 10250 4a83c8 10238->10250 10239->10238 10242->10233 10244 4a85e1 SetFilePointerEx 10242->10244 10243 4a8685 10245 4a869a 10243->10245 10246 4a86d0 RtlFreeHeap 10243->10246 10244->10233 10244->10242 10245->10221 10246->10245 10248 4a84f9 10247->10248 10249 4abee5 FindClose 10247->10249 10248->10231 10248->10235 10249->10248 10259 4a8798 10250->10259 10253 4a8798 RtlAllocateHeap 10256 4a83f7 10253->10256 10254 4a8481 DeleteFileW 10254->10243 10255 4a86d0 RtlFreeHeap 10255->10254 10257 4a8442 MoveFileExW 10256->10257 10258 4a83eb 10256->10258 10257->10256 10257->10258 10258->10254 10258->10255 10260 4a87ae 10259->10260 10261 4a83e2 10260->10261 10262 4a86a8 RtlAllocateHeap 10260->10262 10261->10253 10261->10258 10262->10261 10267 4afc73 10263->10267 10264 4afcd5 ReadFile 10264->10267 10265 4afe92 WriteFile 10265->10267 10266 4aff38 NtClose 10266->10267 10267->10264 10267->10265 10267->10266 10268 4a86d0 RtlFreeHeap 10267->10268 10269 4afcc6 10267->10269 10270 4afe19 WriteFile 10267->10270 10268->10267 10270->10267 10271->10037 10273 4a8800 10272->10273 10274 4a8816 10273->10274 10275 4a86a8 RtlAllocateHeap 10273->10275 10274->10040 10275->10274 10277 4ac2e8 10276->10277 10278 4ac344 10276->10278 10292 4ac290 GetLogicalDriveStringsW 10276->10292 10279 4ac31a ResumeThread 10277->10279 10280 4ad1e0 2 API calls 10277->10280 10278->10044 10281 4ac32e GetExitCodeThread 10279->10281 10282 4ac2f9 10280->10282 10281->10278 10282->10279 10283 4ac2fd 10282->10283 10283->10044 10285 4ac06f 10284->10285 10286 4ac013 10284->10286 10293 4abfd0 GetDriveTypeW 10284->10293 10285->10059 10287 4ac045 ResumeThread 10286->10287 10288 4ad1e0 2 API calls 10286->10288 10290 4ac059 GetExitCodeThread 10287->10290 10289 4ac024 10288->10289 10289->10287 10291 4ac028 10289->10291 10290->10285 10291->10059 10295 4b0e4b SetThreadPriority 10294->10295 10296 4b0ded 10294->10296 10299 4b0e5a 10295->10299 10297 4b0e3d 10296->10297 10298 4abeb4 2 API calls 10296->10298 10300 4a86d0 RtlFreeHeap 10297->10300 10301 4b0e07 10298->10301 10302 4a86a8 RtlAllocateHeap 10299->10302 10303 4b0e45 10300->10303 10301->10297 10304 4b0e17 10301->10304 10320 4b0e79 10302->10320 10305 4adfbc 11 API calls 10304->10305 10307 4b0e21 10305->10307 10309 4b0a38 13 API calls 10307->10309 10311 4b0e37 10309->10311 10310 4a86d0 RtlFreeHeap 10312 4b0ea9 FindFirstFileExW 10310->10312 10312->10320 10313 4a86d0 RtlFreeHeap 10313->10320 10314 4b101e 10315 4a86d0 RtlFreeHeap 10314->10315 10317 4b1041 10315->10317 10316 4b0fe6 FindNextFileW 10318 4b0ffe FindClose 10316->10318 10316->10320 10318->10320 10319 4b0c94 RtlAllocateHeap 10319->10320 10320->10310 10320->10313 10320->10314 10320->10316 10320->10319 10322 4adfbc 10320->10322 10341 4b0c30 10320->10341 10345 4b0a38 10320->10345 10323 4adfd8 10322->10323 10340 4adfd3 10322->10340 10324 4a8798 RtlAllocateHeap 10323->10324 10325 4adfe2 10324->10325 10326 4adff0 GetFileAttributesW 10325->10326 10325->10340 10327 4ae000 10326->10327 10328 4ae05e 10327->10328 10329 4ae045 10327->10329 10331 4ae066 10328->10331 10332 4ae075 GetFileAttributesW 10328->10332 10330 4ae0ac 6 API calls 10329->10330 10333 4ae04d 10330->10333 10376 4ae0ac CreateFileW 10331->10376 10335 4ae08e CopyFileW 10332->10335 10336 4ae082 10332->10336 10338 4a86d0 RtlFreeHeap 10333->10338 10337 4a86d0 RtlFreeHeap 10335->10337 10339 4a86d0 RtlFreeHeap 10336->10339 10337->10340 10338->10340 10339->10331 10340->10320 10342 4b0c48 10341->10342 10343 4b0c5e 10342->10343 10344 4a86a8 RtlAllocateHeap 10342->10344 10343->10320 10344->10343 10346 4b0a59 10345->10346 10347 4b0c21 10345->10347 10387 4b0194 10346->10387 10347->10320 10350 4b0c19 10351 4a86d0 RtlFreeHeap 10350->10351 10351->10347 10353 4b0a71 10353->10350 10354 4b0a98 10353->10354 10355 4b0a85 10353->10355 10424 4b07b0 10354->10424 10420 4b06cc 10355->10420 10358 4b0ab3 MoveFileExW 10359 4b0a93 10358->10359 10369 4b0ac5 10358->10369 10359->10350 10359->10358 10360 4b0b00 10359->10360 10362 4a86d0 RtlFreeHeap 10359->10362 10366 4b07b0 RtlAllocateHeap 10359->10366 10359->10369 10363 4a86d0 RtlFreeHeap 10360->10363 10361 4b0b1d CreateFileW 10364 4b0b41 10361->10364 10367 4b0b46 10361->10367 10362->10359 10363->10369 10364->10350 10365 4a86d0 RtlFreeHeap 10364->10365 10365->10350 10366->10359 10400 4b07fc 10367->10400 10369->10361 10369->10364 10371 4b0b6f CreateIoCompletionPort 10372 4b0b86 10371->10372 10374 4b0ba8 10371->10374 10373 4a86d0 RtlFreeHeap 10372->10373 10373->10364 10374->10364 10375 4a86d0 RtlFreeHeap 10374->10375 10375->10364 10377 4ae20d 10376->10377 10378 4ae0dd 10376->10378 10377->10340 10379 4ae115 WriteFile 10378->10379 10380 4ae13a 10379->10380 10381 4ae14c WriteFile 10379->10381 10380->10340 10382 4ae173 10381->10382 10383 4ae185 WriteFile 10381->10383 10382->10340 10384 4ae1bc WriteFile 10383->10384 10386 4ae1aa 10383->10386 10384->10378 10385 4ae1e3 NtClose 10384->10385 10385->10340 10386->10340 10388 4b01ad SetFileAttributesW CreateFileW 10387->10388 10390 4b01f3 10388->10390 10391 4b01db 10388->10391 10390->10350 10392 4b0244 SetFileAttributesW CreateFileW 10390->10392 10391->10388 10391->10390 10428 4afc2c 10391->10428 10393 4b0284 SetFilePointerEx 10392->10393 10395 4b02f0 10392->10395 10394 4b02a3 ReadFile 10393->10394 10393->10395 10394->10395 10396 4b02c2 10394->10396 10395->10353 10397 4b0138 RtlAllocateHeap 10396->10397 10398 4b02d3 10397->10398 10398->10395 10399 4a86d0 RtlFreeHeap 10398->10399 10399->10395 10401 4b082c 10400->10401 10402 4b085d 10401->10402 10403 4b00a0 2 API calls 10401->10403 10404 4a86a8 RtlAllocateHeap 10402->10404 10403->10402 10411 4b0869 10404->10411 10405 4b0a03 10407 4b0a11 10405->10407 10408 4a86d0 RtlFreeHeap 10405->10408 10406 4a86d0 RtlFreeHeap 10406->10405 10409 4b0a1f 10407->10409 10410 4a86d0 RtlFreeHeap 10407->10410 10408->10407 10409->10364 10409->10371 10410->10409 10412 4a86a8 RtlAllocateHeap 10411->10412 10419 4b09b0 10411->10419 10413 4b08c6 10412->10413 10414 4a86a8 RtlAllocateHeap 10413->10414 10413->10419 10415 4b08f5 10414->10415 10416 4a86a8 RtlAllocateHeap 10415->10416 10415->10419 10417 4b09a7 10416->10417 10418 4a86d0 RtlFreeHeap 10417->10418 10417->10419 10418->10419 10419->10405 10419->10406 10421 4b06d9 10420->10421 10422 4a8798 RtlAllocateHeap 10421->10422 10423 4b06e5 10422->10423 10423->10359 10425 4b07be 10424->10425 10426 4a8798 RtlAllocateHeap 10425->10426 10427 4b07cd 10426->10427 10427->10359 10429 4afc37 10428->10429 10430 4afc44 10429->10430 10432 4afac8 10429->10432 10430->10391 10435 4afaff 10432->10435 10433 4afbd4 10434 4afc21 10433->10434 10436 4a86d0 RtlFreeHeap 10433->10436 10434->10430 10435->10433 10437 4a86a8 RtlAllocateHeap 10435->10437 10436->10434 10438 4afb58 10437->10438 10438->10433 10439 4a86f8 RtlReAllocateHeap 10438->10439 10440 4afb81 10438->10440 10439->10438 10440->10433 10442 4afa44 10440->10442 10443 4afa9e 10442->10443 10444 4afab6 10443->10444 10445 4afaa2 NtTerminateProcess 10443->10445 10444->10440 10445->10444 10447 4b14e2 10446->10447 10449 4b1339 10446->10449 10447->10076 10447->10082 10448 4b13be 10448->10447 10451 4a86a8 RtlAllocateHeap 10448->10451 10449->10448 10450 4a86a8 RtlAllocateHeap 10449->10450 10450->10449 10451->10448 10453 4a885d 10452->10453 10454 4a86a8 RtlAllocateHeap 10453->10454 10455 4a887d 10454->10455 10455->10084 10458 4aed18 10456->10458 10457 4aed9d 10457->10090 10458->10457 10459 4a86a8 RtlAllocateHeap 10458->10459 10459->10457 10461 4aee44 10460->10461 10464 4aee3f 10460->10464 10462 4a86a8 RtlAllocateHeap 10461->10462 10461->10464 10473 4aee85 10462->10473 10463 4af27e 10466 4af28c 10463->10466 10467 4a86d0 RtlFreeHeap 10463->10467 10464->10463 10465 4a86d0 RtlFreeHeap 10464->10465 10465->10463 10468 4af29a 10466->10468 10469 4a86d0 RtlFreeHeap 10466->10469 10467->10466 10470 4af2a8 10468->10470 10471 4a86d0 RtlFreeHeap 10468->10471 10469->10468 10472 4af2b6 10470->10472 10474 4a86d0 RtlFreeHeap 10470->10474 10471->10470 10475 4af2c4 10472->10475 10477 4a86d0 RtlFreeHeap 10472->10477 10473->10464 10487 4af49c 10473->10487 10474->10472 10475->10099 10477->10475 10478 4aeeae 10478->10464 10491 4af2d0 10478->10491 10480 4aeec1 10480->10464 10495 4af458 10480->10495 10483 4a8c4c RtlAllocateHeap 10484 4aeeec 10483->10484 10484->10464 10485 4a86a8 RtlAllocateHeap 10484->10485 10486 4a86d0 RtlFreeHeap 10484->10486 10485->10484 10486->10484 10488 4af4c7 10487->10488 10489 4a86a8 RtlAllocateHeap 10488->10489 10490 4af5c4 10489->10490 10490->10478 10492 4af360 10491->10492 10493 4a86a8 RtlAllocateHeap 10492->10493 10494 4af39e 10493->10494 10494->10480 10496 4af477 10495->10496 10497 4a8c4c RtlAllocateHeap 10496->10497 10498 4aeed4 10497->10498 10498->10464 10498->10483 10500 4b29af 10499->10500 10501 4b2abe RegCreateKeyExW 10500->10501 10505 4b29fc 10500->10505 10502 4b2aeb RegQueryValueExW 10501->10502 10501->10505 10503 4b2b1a 10502->10503 10504 4b2b66 RegDeleteKeyExW 10503->10504 10503->10505 10504->10505 10505->10110 10507 4a8b1f 10506->10507 10508 4a8b36 NtQueryInformationToken 10506->10508 10507->10508 10509 4a8b31 10507->10509 10508->10509 10510 4a8b88 10509->10510 10511 4a86d0 RtlFreeHeap 10509->10511 10510->10130 10511->10510 10513 4ae705 10512->10513 10514 4a86a8 RtlAllocateHeap 10513->10514 10516 4ae715 10514->10516 10515 4ae737 10515->10141 10516->10515 10517 4a86d0 RtlFreeHeap 10516->10517 10517->10515 10519 4a86a8 RtlAllocateHeap 10518->10519 10520 4b543b 10519->10520 10520->10154 10522 4a86a8 RtlAllocateHeap 10521->10522 10523 4b339e 10522->10523 10523->10177 10525 4a86a8 RtlAllocateHeap 10524->10525 10526 4b371e 10525->10526 10526->10189 10532 4a9c90 10527->10532 10528 4a86a8 RtlAllocateHeap 10528->10532 10529 4a9ca2 NtQuerySystemInformation 10529->10532 10530 4a86f8 RtlReAllocateHeap 10530->10532 10531 4a86d0 RtlFreeHeap 10531->10532 10532->10528 10532->10529 10532->10530 10532->10531 10533 4a86d0 RtlFreeHeap 10532->10533 10534 4a9d70 Sleep 10533->10534 10534->10532 10555 4aaff8 10535->10555 10541 4ab5fc 4 API calls 10540->10541 10542 4aadd0 10541->10542 10543 4ab6a4 NtClose 10542->10543 10554 4aae40 10542->10554 10544 4aadde 10543->10544 10546 4aade7 NtSetInformationThread 10544->10546 10544->10554 10545 4aae65 10548 4aadfb 10546->10548 10546->10554 10584 4aabd8 10548->10584 10551 4ab6a4 NtClose 10552 4aae1e 10551->10552 10552->10554 10589 4aaa10 10552->10589 10554->10545 10595 4aacfc 10554->10595 10556 4ab0d9 10555->10556 10557 4ab29d RegCreateKeyExW 10556->10557 10558 4ab2f7 RegCreateKeyExW 10557->10558 10559 4ab2d1 RegEnumKeyW 10557->10559 10566 4ab412 10558->10566 10569 4ab3ec RegEnumKeyW 10558->10569 10559->10558 10562 4ab2fc RegCreateKeyExW 10559->10562 10562->10559 10564 4ab32a RegSetValueExW 10562->10564 10564->10559 10565 4ab34c RegSetValueExW 10564->10565 10565->10559 10570 4ab36a OpenEventLogW 10565->10570 10572 4aaeec 10566->10572 10567 4ab414 OpenEventLogW 10568 4ab42c ClearEventLogW 10567->10568 10567->10569 10568->10569 10569->10566 10569->10567 10570->10559 10571 4ab382 ClearEventLogW 10570->10571 10571->10559 10579 4aae6c RtlAdjustPrivilege 10572->10579 10574 4aafc4 10575 4aafdc CloseServiceHandle 10574->10575 10576 4aafe5 10574->10576 10575->10576 10577 4aaf05 10577->10574 10578 4afa44 NtTerminateProcess 10577->10578 10578->10574 10580 4ab5fc 4 API calls 10579->10580 10581 4aaea4 10580->10581 10582 4aaeb2 10581->10582 10583 4ab6a4 NtClose 10581->10583 10582->10577 10583->10582 10585 4ab5fc 4 API calls 10584->10585 10586 4aac03 10585->10586 10587 4aac10 OpenSCManagerW 10586->10587 10588 4aac29 10586->10588 10587->10588 10588->10551 10588->10554 10590 4aaa41 10589->10590 10592 4a86a8 RtlAllocateHeap 10590->10592 10594 4aaa7d 10590->10594 10591 4aabcc 10591->10554 10592->10594 10593 4a86d0 RtlFreeHeap 10593->10591 10594->10591 10594->10593 10596 4ab5fc 4 API calls 10595->10596 10597 4aad15 10596->10597 10597->10545 10649 4b106c 10598->10649 10601 4b106c 2 API calls 10604 4b1b50 10601->10604 10602 4b1ba1 10603 4b1de3 10602->10603 10605 4a86d0 RtlFreeHeap 10602->10605 10606 4b1df1 10603->10606 10608 4a86d0 RtlFreeHeap 10603->10608 10607 4b1b78 10604->10607 10609 4b106c 2 API calls 10604->10609 10605->10603 10610 4b1dff 10606->10610 10612 4a86d0 RtlFreeHeap 10606->10612 10607->10602 10611 4a86a8 RtlAllocateHeap 10607->10611 10608->10606 10609->10607 10610->9420 10613 4b1b98 10611->10613 10612->10610 10613->10602 10614 4a86a8 RtlAllocateHeap 10613->10614 10615 4b1bb3 10614->10615 10615->10602 10616 4affd0 9 API calls 10615->10616 10623 4b1bc6 10616->10623 10617 4a8844 RtlAllocateHeap 10617->10623 10618 4b1d5d 10618->10602 10619 4a86d0 RtlFreeHeap 10618->10619 10619->10602 10620 4b11a8 NtSetInformationThread NtClose 10620->10623 10621 4ad1e0 2 API calls 10621->10623 10622 4a86d0 RtlFreeHeap 10622->10623 10623->10617 10623->10618 10623->10620 10623->10621 10623->10622 10625 4a92a3 10624->10625 10626 4a8798 RtlAllocateHeap 10625->10626 10628 4a92b1 10626->10628 10627 4a92d4 10627->9814 10628->10627 10629 4a86d0 RtlFreeHeap 10628->10629 10629->10627 10631 4ac7a3 10630->10631 10632 4ac2a8 6 API calls 10631->10632 10634 4ac7ba 10632->10634 10633 4ac7e9 10633->9814 10634->10633 10635 4a86a8 RtlAllocateHeap 10634->10635 10635->10633 10637 4ac21f 10636->10637 10638 4ad1e0 2 API calls 10637->10638 10639 4ac239 10637->10639 10638->10639 10639->9798 10639->9811 10641 4a88f1 10640->10641 10642 4a86a8 RtlAllocateHeap 10641->10642 10643 4a8907 10641->10643 10642->10643 10643->9813 10645 4affd0 9 API calls 10644->10645 10647 4b2447 10645->10647 10646 4b2498 10646->9793 10647->10646 10648 4ad1e0 2 API calls 10647->10648 10648->10646 10650 4b10c6 10649->10650 10651 4b10e0 10650->10651 10652 4ad1e0 2 API calls 10650->10652 10651->10601 10651->10607 10652->10651 10653->9842 10655 4b2918 10654->10655 10656 4b295d 10654->10656 10657 4ae6e4 2 API calls 10655->10657 10656->9837 10660 4b2ed0 10656->10660 10658 4b291d 10657->10658 10658->10656 10659 4a86d0 RtlFreeHeap 10658->10659 10659->10656 10712 4b2d10 10660->10712 10662 4b2f11 10663 4a8c4c RtlAllocateHeap 10662->10663 10688 4b2f15 10662->10688 10671 4b2f24 10663->10671 10664 4b30b0 10666 4b30be 10664->10666 10667 4a86d0 RtlFreeHeap 10664->10667 10665 4a86d0 RtlFreeHeap 10665->10664 10668 4b30cc 10666->10668 10669 4a86d0 RtlFreeHeap 10666->10669 10667->10666 10670 4b30da 10668->10670 10672 4a86d0 RtlFreeHeap 10668->10672 10669->10668 10670->9837 10689 4b3230 10670->10689 10671->10688 10734 4b30e1 10671->10734 10672->10670 10675 4a8c4c RtlAllocateHeap 10676 4b2f6b 10675->10676 10677 4b30e1 RtlFreeHeap 10676->10677 10676->10688 10678 4b2fa4 10677->10678 10679 4a8c4c RtlAllocateHeap 10678->10679 10680 4b2fae 10679->10680 10681 4b30e1 RtlFreeHeap 10680->10681 10680->10688 10682 4b2ff1 10681->10682 10683 4a8c4c RtlAllocateHeap 10682->10683 10684 4b2ffb 10683->10684 10685 4b30e1 RtlFreeHeap 10684->10685 10684->10688 10686 4b303b 10685->10686 10687 4a8c4c RtlAllocateHeap 10686->10687 10687->10688 10688->10664 10688->10665 10690 4a8c4c RtlAllocateHeap 10689->10690 10694 4b3261 10690->10694 10691 4b3360 10693 4b336e 10691->10693 10695 4a86d0 RtlFreeHeap 10691->10695 10692 4a86d0 RtlFreeHeap 10692->10691 10693->9837 10693->9849 10696 4b3388 RtlAllocateHeap 10694->10696 10698 4b326a 10694->10698 10695->10693 10697 4b329e 10696->10697 10697->10698 10699 4a8c4c RtlAllocateHeap 10697->10699 10698->10691 10698->10692 10700 4b32d9 10699->10700 10701 4a86d0 RtlFreeHeap 10700->10701 10701->10698 10703 4b2c60 10702->10703 10704 4a8c4c RtlAllocateHeap 10703->10704 10711 4b2c65 10703->10711 10709 4b2c71 10704->10709 10705 4b2ce9 10707 4b2cf7 10705->10707 10708 4a86d0 RtlFreeHeap 10705->10708 10706 4a86d0 RtlFreeHeap 10706->10705 10707->9853 10708->10707 10710 4a8c4c RtlAllocateHeap 10709->10710 10709->10711 10710->10711 10711->10705 10711->10706 10713 4b2d3f 10712->10713 10716 4b2d52 10712->10716 10715 4a8c4c RtlAllocateHeap 10713->10715 10713->10716 10714 4b2ddf 10714->10662 10717 4b2d5d 10715->10717 10716->10714 10738 4b2b9c 10716->10738 10717->10716 10718 4a8c4c RtlAllocateHeap 10717->10718 10720 4b2d75 10718->10720 10720->10716 10722 4b2d84 10720->10722 10721 4b2e06 10723 4a8798 RtlAllocateHeap 10721->10723 10724 4a8c4c RtlAllocateHeap 10722->10724 10726 4b2e15 10723->10726 10725 4b2d8d 10724->10725 10725->10662 10726->10714 10727 4a8798 RtlAllocateHeap 10726->10727 10728 4b2e47 10727->10728 10728->10714 10729 4b2e8d 10728->10729 10730 4a86d0 RtlFreeHeap 10728->10730 10731 4b2e9b 10729->10731 10732 4a86d0 RtlFreeHeap 10729->10732 10730->10729 10731->10714 10733 4a86d0 RtlFreeHeap 10731->10733 10732->10731 10733->10714 10735 4b30e7 10734->10735 10736 4b2f61 10734->10736 10737 4a86d0 RtlFreeHeap 10735->10737 10736->10675 10737->10736 10739 4a86a8 RtlAllocateHeap 10738->10739 10740 4b2bb2 10739->10740 10740->10721 10742 4b36bf 10741->10742 10745 4b3620 10742->10745 10744 4b36d7 10744->9859 10746 4a86a8 RtlAllocateHeap 10745->10746 10747 4b3637 10746->10747 10748 4b366d 10747->10748 10749 4a86f8 RtlReAllocateHeap 10747->10749 10751 4b3650 10747->10751 10750 4a86d0 RtlFreeHeap 10748->10750 10749->10747 10750->10751 10751->10744 10752 4a86d0 RtlFreeHeap 10751->10752 10753 4b36b0 10752->10753 10753->10744 10758 4b7f86 10754->10758 10755 4b7f9e 10756 4b80c0 10755->10756 10757 4a86d0 RtlFreeHeap 10755->10757 10756->9873 10757->10756 10758->10755 10806 4b7bf4 10758->10806 10773 4b5a74 10772->10773 10775 4b5aa5 10773->10775 11067 4b5868 10773->11067 10776 4b5b36 10775->10776 10777 4a86d0 RtlFreeHeap 10775->10777 10776->9870 10778 4b5fd8 10776->10778 10777->10776 10779 4b5ffe 10778->10779 10797 4b6002 10779->10797 11070 4b45c8 10779->11070 10781 4b6154 10784 4b6162 10781->10784 10786 4a86d0 RtlFreeHeap 10781->10786 10783 4a86d0 RtlFreeHeap 10783->10781 10787 4b6170 10784->10787 10789 4a86d0 RtlFreeHeap 10784->10789 10785 4a86a8 RtlAllocateHeap 10788 4b6023 10785->10788 10786->10784 10787->9879 10798 4b6178 10787->10798 10790 4ab464 2 API calls 10788->10790 10788->10797 10789->10787 10791 4b6036 10790->10791 10792 4b12fc 2 API calls 10791->10792 10793 4b604f 10792->10793 10794 4a86a8 RtlAllocateHeap 10793->10794 10793->10797 10795 4b606d 10794->10795 10796 4a86a8 RtlAllocateHeap 10795->10796 10795->10797 10796->10797 10797->10781 10797->10783 10799 4b6189 10798->10799 10800 4b638a 10799->10800 10801 4ab464 2 API calls 10799->10801 10800->9879 10802 4b6197 10801->10802 10802->10800 10803 4a8c4c RtlAllocateHeap 10802->10803 10805 4b61b1 10803->10805 10804 4a86d0 RtlFreeHeap 10804->10800 10805->10800 10805->10804 11038 4b7b78 10806->11038 10808 4b7f20 10809 4b7f2e 10808->10809 10811 4a86d0 RtlFreeHeap 10808->10811 10812 4b7f3c 10809->10812 10814 4a86d0 RtlFreeHeap 10809->10814 10810 4a86d0 RtlFreeHeap 10810->10808 10811->10809 10815 4b7f4a 10812->10815 10816 4a86d0 RtlFreeHeap 10812->10816 10814->10812 10817 4b7f58 10815->10817 10819 4a86d0 RtlFreeHeap 10815->10819 10816->10815 10817->10755 10829 4b77f8 10817->10829 10818 4a86a8 RtlAllocateHeap 10820 4b7c78 10818->10820 10819->10817 10821 4b7c3c 10820->10821 10822 4a86a8 RtlAllocateHeap 10820->10822 10821->10808 10821->10810 10823 4b7d19 10822->10823 10823->10821 10824 4a86a8 RtlAllocateHeap 10823->10824 10825 4b7d69 10824->10825 10825->10821 10826 4a86a8 RtlAllocateHeap 10825->10826 10827 4b7e14 10826->10827 10827->10821 10828 4a86d0 RtlFreeHeap 10827->10828 10828->10821 10830 4b785f 10829->10830 10831 4a8c4c RtlAllocateHeap 10830->10831 10833 4b7874 10830->10833 10837 4b78eb 10831->10837 10832 4b7b5f 10835 4b7b6d 10832->10835 10836 4a86d0 RtlFreeHeap 10832->10836 10833->10832 10834 4a86d0 RtlFreeHeap 10833->10834 10834->10832 10835->10755 10839 4b6730 10835->10839 10836->10835 10837->10833 10838 4a8c4c RtlAllocateHeap 10837->10838 10838->10833 10840 4a86a8 RtlAllocateHeap 10839->10840 10843 4b6763 10840->10843 10841 4b676c 10842 4b68eb 10841->10842 10844 4a86d0 RtlFreeHeap 10841->10844 10845 4b68f9 10842->10845 10848 4a86d0 RtlFreeHeap 10842->10848 10843->10841 10847 4a86a8 RtlAllocateHeap 10843->10847 10844->10842 10846 4b6907 10845->10846 10849 4a86d0 RtlFreeHeap 10845->10849 10846->10755 10852 4b7554 10846->10852 10850 4b6796 10847->10850 10848->10845 10849->10846 10850->10841 10851 4a86a8 RtlAllocateHeap 10850->10851 10851->10841 10853 4a86a8 RtlAllocateHeap 10852->10853 10854 4b75ad 10853->10854 10888 4b75b6 10854->10888 11044 4b644c 10854->11044 10855 4a86d0 RtlFreeHeap 10857 4b777a 10855->10857 10856 4b7788 10860 4b7796 10856->10860 10861 4a86d0 RtlFreeHeap 10856->10861 10857->10856 10859 4a86d0 RtlFreeHeap 10857->10859 10859->10856 10862 4b77a4 10860->10862 10864 4a86d0 RtlFreeHeap 10860->10864 10861->10860 10863 4b77b2 10862->10863 10865 4a86d0 RtlFreeHeap 10862->10865 10866 4b77c0 10863->10866 10867 4a86d0 RtlFreeHeap 10863->10867 10864->10862 10865->10863 10868 4b77ce 10866->10868 10869 4a86d0 RtlFreeHeap 10866->10869 10867->10866 10870 4b77dc 10868->10870 10872 4a86d0 RtlFreeHeap 10868->10872 10869->10868 10870->10755 10891 4b7284 10870->10891 10871 4b75de 10871->10888 11047 4b6500 10871->11047 10872->10870 10874 4b760a 10875 4a86d0 RtlFreeHeap 10874->10875 10874->10888 10876 4b762c 10875->10876 10877 4b6500 RtlAllocateHeap 10876->10877 10878 4b7645 10877->10878 10878->10888 11050 4b6578 10878->11050 10880 4b768d 10880->10888 11053 4b66d8 10880->11053 10883 4a86a8 RtlAllocateHeap 10884 4b76c2 10883->10884 10885 4a8c4c RtlAllocateHeap 10884->10885 10884->10888 10886 4b76da 10885->10886 10887 4a86a8 RtlAllocateHeap 10886->10887 10886->10888 10889 4b7703 10887->10889 10888->10855 10888->10857 10889->10888 10890 4a86d0 RtlFreeHeap 10889->10890 10890->10889 10892 4a86a8 RtlAllocateHeap 10891->10892 10893 4b72cc 10892->10893 10894 4a86a8 RtlAllocateHeap 10893->10894 10915 4b72d5 10893->10915 10905 4b72e4 10894->10905 10895 4b74f2 10897 4b7500 10895->10897 10898 4a86d0 RtlFreeHeap 10895->10898 10896 4a86d0 RtlFreeHeap 10896->10895 10899 4b750e 10897->10899 10900 4a86d0 RtlFreeHeap 10897->10900 10898->10897 10901 4a86d0 RtlFreeHeap 10899->10901 10903 4b751c 10899->10903 10900->10899 10901->10903 10902 4b752a 10902->10755 10916 4b6920 10902->10916 10903->10902 10904 4a86d0 RtlFreeHeap 10903->10904 10904->10902 10906 4a86a8 RtlAllocateHeap 10905->10906 10905->10915 10907 4b7413 10906->10907 10908 4a8c4c RtlAllocateHeap 10907->10908 10907->10915 10909 4b742b 10908->10909 10910 4a86d0 RtlFreeHeap 10909->10910 10909->10915 10911 4b7474 10910->10911 10912 4a86a8 RtlAllocateHeap 10911->10912 10913 4b748d 10912->10913 10914 4a8c4c RtlAllocateHeap 10913->10914 10913->10915 10914->10915 10915->10895 10915->10896 10917 4a86a8 RtlAllocateHeap 10916->10917 10921 4b6968 10917->10921 10918 4b6b35 10920 4b6b43 10918->10920 10923 4a86d0 RtlFreeHeap 10918->10923 10919 4a86d0 RtlFreeHeap 10919->10918 10924 4b6b51 10920->10924 10925 4a86d0 RtlFreeHeap 10920->10925 10922 4b644c RtlAllocateHeap 10921->10922 10953 4b6971 10921->10953 10935 4b6999 10922->10935 10923->10920 10926 4b6b5f 10924->10926 10927 4a86d0 RtlFreeHeap 10924->10927 10925->10924 10928 4b6b6d 10926->10928 10930 4a86d0 RtlFreeHeap 10926->10930 10927->10926 10929 4b6b7b 10928->10929 10931 4a86d0 RtlFreeHeap 10928->10931 10932 4b6b89 10929->10932 10933 4a86d0 RtlFreeHeap 10929->10933 10930->10928 10931->10929 10934 4b6b97 10932->10934 10936 4a86d0 RtlFreeHeap 10932->10936 10933->10932 10934->10755 10955 4b6bb0 10934->10955 10935->10953 11058 4b63f0 10935->11058 10936->10934 10938 4b69c5 10939 4a86d0 RtlFreeHeap 10938->10939 10938->10953 10940 4b69e7 10939->10940 10941 4b63f0 RtlAllocateHeap 10940->10941 10942 4b6a00 10941->10942 10943 4b6578 RtlAllocateHeap 10942->10943 10942->10953 10944 4b6a48 10943->10944 10945 4b66d8 RtlAllocateHeap 10944->10945 10944->10953 10946 4b6a5d 10945->10946 10947 4a86a8 RtlAllocateHeap 10946->10947 10946->10953 10948 4b6a7d 10947->10948 10949 4a8c4c RtlAllocateHeap 10948->10949 10948->10953 10950 4b6a95 10949->10950 10951 4a86a8 RtlAllocateHeap 10950->10951 10950->10953 10952 4b6abe 10951->10952 10952->10953 10954 4a86d0 RtlFreeHeap 10952->10954 10953->10918 10953->10919 10954->10952 10956 4a86a8 RtlAllocateHeap 10955->10956 10978 4b6c13 10956->10978 10957 4b6c1c 10958 4b71eb 10957->10958 10959 4a86d0 RtlFreeHeap 10957->10959 10960 4b71f9 10958->10960 10961 4a86d0 RtlFreeHeap 10958->10961 10959->10958 10962 4b7207 10960->10962 10963 4a86d0 RtlFreeHeap 10960->10963 10961->10960 10964 4b7215 10962->10964 10965 4a86d0 RtlFreeHeap 10962->10965 10963->10962 10966 4b7223 10964->10966 10967 4a86d0 RtlFreeHeap 10964->10967 10965->10964 10968 4b7231 10966->10968 10969 4a86d0 RtlFreeHeap 10966->10969 10967->10966 10970 4b723f 10968->10970 10972 4a86d0 RtlFreeHeap 10968->10972 10969->10968 10971 4b724d 10970->10971 10973 4a86d0 RtlFreeHeap 10970->10973 10974 4b725b 10971->10974 10975 4a86d0 RtlFreeHeap 10971->10975 10972->10970 10973->10971 10976 4b7269 10974->10976 10977 4a86d0 RtlFreeHeap 10974->10977 10975->10974 10976->10755 10977->10976 10978->10957 10979 4a86a8 RtlAllocateHeap 10978->10979 10980 4b6ccf 10979->10980 10980->10957 10981 4b644c RtlAllocateHeap 10980->10981 10982 4b6d00 10981->10982 10982->10957 11061 4b6394 10982->11061 10984 4b6d2c 10984->10957 10985 4a86d0 RtlFreeHeap 10984->10985 10986 4b6d4e 10985->10986 10987 4b6394 RtlAllocateHeap 10986->10987 10988 4b6d67 10987->10988 10988->10957 10989 4b6578 RtlAllocateHeap 10988->10989 10990 4b6daf 10989->10990 10990->10957 10991 4b66d8 RtlAllocateHeap 10990->10991 10992 4b6dc4 10991->10992 10992->10957 10993 4a86a8 RtlAllocateHeap 10992->10993 10994 4b6e0d 10993->10994 10994->10957 10995 4a8c4c RtlAllocateHeap 10994->10995 10996 4b6e25 10995->10996 10996->10957 10997 4a86a8 RtlAllocateHeap 10996->10997 10998 4b6e51 10997->10998 10998->10957 10999 4a86d0 RtlFreeHeap 10998->10999 11000 4b6ef7 10999->11000 11001 4b6f05 11000->11001 11002 4a86d0 RtlFreeHeap 11000->11002 11003 4b6f1a 11001->11003 11004 4a86d0 RtlFreeHeap 11001->11004 11002->11001 11005 4b6f2f 11003->11005 11006 4a86d0 RtlFreeHeap 11003->11006 11004->11003 11007 4b6f44 11005->11007 11008 4a86d0 RtlFreeHeap 11005->11008 11006->11005 11009 4b6f59 11007->11009 11010 4a86d0 RtlFreeHeap 11007->11010 11008->11007 11011 4b6f6e 11009->11011 11012 4a86d0 RtlFreeHeap 11009->11012 11010->11009 11013 4b6f83 11011->11013 11014 4a86d0 RtlFreeHeap 11011->11014 11012->11011 11015 4b6f98 11013->11015 11016 4a86d0 RtlFreeHeap 11013->11016 11014->11013 11017 4a86a8 RtlAllocateHeap 11015->11017 11016->11015 11018 4b6fbf 11017->11018 11018->10957 11019 4b644c RtlAllocateHeap 11018->11019 11020 4b6ff0 11019->11020 11020->10957 11064 4b6490 11020->11064 11022 4b701c 11022->10957 11023 4a86d0 RtlFreeHeap 11022->11023 11024 4b7049 11023->11024 11025 4b6490 RtlAllocateHeap 11024->11025 11026 4b7057 11025->11026 11026->10957 11027 4b6578 RtlAllocateHeap 11026->11027 11028 4b709f 11027->11028 11028->10957 11029 4b66d8 RtlAllocateHeap 11028->11029 11030 4b70b4 11029->11030 11030->10957 11031 4a86a8 RtlAllocateHeap 11030->11031 11032 4b712b 11031->11032 11032->10957 11033 4a8c4c RtlAllocateHeap 11032->11033 11034 4b7143 11033->11034 11034->10957 11035 4a86a8 RtlAllocateHeap 11034->11035 11036 4b716c 11035->11036 11036->10957 11037 4a86d0 RtlFreeHeap 11036->11037 11037->10957 11039 4b7b98 11038->11039 11040 4a8798 RtlAllocateHeap 11039->11040 11043 4b7bd8 11039->11043 11041 4b7bc1 11040->11041 11042 4a8798 RtlAllocateHeap 11041->11042 11041->11043 11042->11043 11043->10818 11043->10821 11045 4a86a8 RtlAllocateHeap 11044->11045 11046 4b6455 11045->11046 11046->10871 11048 4a86a8 RtlAllocateHeap 11047->11048 11049 4b650c 11048->11049 11049->10874 11051 4a86a8 RtlAllocateHeap 11050->11051 11052 4b6588 11051->11052 11052->10880 11054 4a86a8 RtlAllocateHeap 11053->11054 11056 4b66f7 11054->11056 11055 4a86a8 RtlAllocateHeap 11055->11056 11056->11055 11057 4b6724 11056->11057 11057->10883 11057->10888 11059 4a86a8 RtlAllocateHeap 11058->11059 11060 4b63fc 11059->11060 11060->10938 11062 4a86a8 RtlAllocateHeap 11061->11062 11063 4b63a0 11062->11063 11063->10984 11065 4a86a8 RtlAllocateHeap 11064->11065 11066 4b649c 11065->11066 11066->11022 11068 4a86a8 RtlAllocateHeap 11067->11068 11069 4b5882 11068->11069 11069->10775 11073 4b45f1 11070->11073 11071 4b45f5 11071->10785 11073->11071 11074 4b4424 11073->11074 11075 4b444b 11074->11075 11076 4ab5fc 4 API calls 11075->11076 11077 4b445b 11076->11077 11078 4b446f 11077->11078 11079 4ab5fc 4 API calls 11077->11079 11078->11071 11079->11078 11081 4b8186 11080->11081 11082 4b81e4 11081->11082 11087 4a8c4c RtlAllocateHeap 11081->11087 11083 4b8674 11082->11083 11084 4a86d0 RtlFreeHeap 11082->11084 11085 4b8682 11083->11085 11086 4a86d0 RtlFreeHeap 11083->11086 11084->11083 11085->9886 11086->11085 11088 4b82bc 11087->11088 11088->11082 11089 4a86a8 RtlAllocateHeap 11088->11089 11089->11082 11091 4b5277 11090->11091 11092 4b45c8 4 API calls 11091->11092 11107 4b527b 11091->11107 11094 4b5292 11092->11094 11093 4b53b9 11096 4b53c7 11093->11096 11098 4a86d0 RtlFreeHeap 11093->11098 11097 4a86a8 RtlAllocateHeap 11094->11097 11095 4a86d0 RtlFreeHeap 11095->11093 11099 4b53d5 11096->11099 11101 4a86d0 RtlFreeHeap 11096->11101 11100 4b529c 11097->11100 11098->11096 11099->9896 11102 4b12fc 2 API calls 11100->11102 11100->11107 11101->11099 11103 4b52b4 11102->11103 11104 4a86a8 RtlAllocateHeap 11103->11104 11103->11107 11105 4b52d2 11104->11105 11106 4a86a8 RtlAllocateHeap 11105->11106 11105->11107 11106->11107 11107->11093 11107->11095 11109 4b1e20 11108->11109 11110 4a86a8 RtlAllocateHeap 11109->11110 11111 4b1e41 11110->11111 11111->9930 11418 4a81fe 11419 4a8208 11418->11419 11420 4a820f 11419->11420 11421 4a7968 3 API calls 11419->11421 11422 4a8226 11421->11422 11423 4a822e RtlCreateHeap 11422->11423 11424 4a83c5 11422->11424 11423->11424 11425 4a8249 11423->11425 11426 4a7968 3 API calls 11425->11426 11427 4a8265 11426->11427 11427->11424 11428 4a7c1c 8 API calls 11427->11428 11429 4a8280 11428->11429 11430 4a7c1c 8 API calls 11429->11430 11431 4a8291 11430->11431 11432 4a7c1c 8 API calls 11431->11432 11433 4a82a2 11432->11433 11434 4a7c1c 8 API calls 11433->11434 11435 4a82b3 11434->11435 11436 4a7c1c 8 API calls 11435->11436 11437 4a82c4 11436->11437 11438 4a7c1c 8 API calls 11437->11438 11439 4a82d5 11438->11439 11440 4a7c1c 8 API calls 11439->11440 11441 4a82e6 11440->11441 11442 4a7c1c 8 API calls 11441->11442 11443 4a82f7 11442->11443 11444 4a7c1c 8 API calls 11443->11444 11445 4a8308 11444->11445 11446 4a7c1c 8 API calls 11445->11446 11447 4a8319 11446->11447 11448 4a7c1c 8 API calls 11447->11448 11449 4a832a 11448->11449 11450 4a7c1c 8 API calls 11449->11450 11451 4a833b 11450->11451 11452 4a7c1c 8 API calls 11451->11452 11453 4a834c 11452->11453 11454 4a7c1c 8 API calls 11453->11454 11455 4a835d 11454->11455 11456 4a7c1c 8 API calls 11455->11456 11457 4a836e 11456->11457 11458 4a7c1c 8 API calls 11457->11458 11459 4a837f 11458->11459 11460 4a7c1c 8 API calls 11459->11460 11461 4a8390 11460->11461 11462 4a7c1c 8 API calls 11461->11462 11463 4a83a1 11462->11463 11464 4a7c1c 8 API calls 11463->11464 11465 4a83b2 11464->11465 11466 4ad264 NtSetInformationThread 11465->11466 11467 4a83b9 11466->11467 11468 4b91a8 2 API calls 11467->11468 11469 4a83c0 11468->11469 11470 4ad290 4 API calls 11469->11470 11470->11424

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 9 4b1f84-4b2039 call 4a1630 call 4a8c4c 18 4b203b 9->18 19 4b2040-4b2059 call 4a86a8 9->19 20 4b23b9-4b23c0 18->20 27 4b205b 19->27 28 4b2060-4b2073 call 4ba6c4 19->28 22 4b23ce-4b23d5 20->22 23 4b23c2 20->23 25 4b23e3-4b23e7 22->25 26 4b23d7 22->26 23->22 29 4b23e9 25->29 30 4b23f2-4b23f6 25->30 26->25 27->20 35 4b207a-4b208a call 4b1e08 28->35 36 4b2075 28->36 29->30 33 4b23f8-4b23fb call 4a86d0 30->33 34 4b2400-4b2404 30->34 33->34 38 4b240e-4b2412 34->38 39 4b2406-4b2409 call 4a86d0 34->39 48 4b208c 35->48 49 4b2091-4b20e2 GetTempFileNameW CreateFileW 35->49 36->20 41 4b241c-4b2420 38->41 42 4b2414-4b2417 call 4a86d0 38->42 39->38 45 4b242a-4b2430 41->45 46 4b2422-4b2425 call 4a86d0 41->46 42->41 46->45 48->20 52 4b20e9-4b20fe WriteFile 49->52 53 4b20e4 49->53 54 4b2100 52->54 55 4b2105-4b211e 52->55 53->20 54->20 57 4b2120-4b2125 55->57 58 4b2129-4b212b 57->58 59 4b2127-4b2168 CreateProcessW 57->59 58->57 61 4b216a 59->61 62 4b216f-4b218c NtQueryInformationProcess 59->62 61->20 63 4b218e 62->63 64 4b2193-4b21b3 NtReadVirtualMemory 62->64 63->20 65 4b21ba-4b21cb call 4a8c4c 64->65 66 4b21b5 64->66 69 4b21cd 65->69 70 4b21d2-4b224d call 4bb2f4 call 4bb348 call 4bb41c NtProtectVirtualMemory 65->70 66->20 69->20 77 4b224f 70->77 78 4b2254-4b2267 NtWriteVirtualMemory 70->78 77->20 79 4b2269 78->79 80 4b226e-4b22ca 78->80 79->20 82 4b22cc 80->82 83 4b22d1-4b22f2 NtDuplicateObject 80->83 82->20 84 4b22f9-4b2361 CreateNamedPipeW 83->84 85 4b22f4 83->85 86 4b2363 84->86 87 4b2365-4b237e ResumeThread ConnectNamedPipe 84->87 85->20 86->20 88 4b238f-4b23ac 87->88 89 4b2380-4b238b 87->89 92 4b23ae 88->92 93 4b23b0 88->93 89->88 90 4b238d 89->90 90->20 92->20 93->20
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: D
                                              • API String ID: 0-2746444292
                                              • Opcode ID: 5bb61432e168e0f45e80688f3da8bc46a1e8768dad86a6f963ca77902de98df7
                                              • Instruction ID: 71c6f35d3a8715254f40e51045d1469bf8352b56f50f4289e5f26f9f23e449e4
                                              • Opcode Fuzzy Hash: 5bb61432e168e0f45e80688f3da8bc46a1e8768dad86a6f963ca77902de98df7
                                              • Instruction Fuzzy Hash: 9AE14C71900218EFDF509FA0DD49FEEBBB8FB04304F1040A6E609B61A1D7B95A85DF69

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 231 4aaff8-4ab2cb call 4a1228 * 5 RegCreateKeyExW 242 4ab3ad-4ab3b1 231->242 243 4ab2d1 231->243 244 4ab3bc-4ab3ea RegCreateKeyExW 242->244 245 4ab3b3 242->245 246 4ab2d8-4ab2f5 RegEnumKeyW 243->246 247 4ab3ec 244->247 248 4ab445-4ab449 244->248 245->244 249 4ab2fc-4ab328 RegCreateKeyExW 246->249 250 4ab2f7 246->250 253 4ab3f3-4ab410 RegEnumKeyW 247->253 251 4ab44b 248->251 252 4ab454-4ab457 248->252 254 4ab32a-4ab34a RegSetValueExW 249->254 255 4ab3a5-4ab3a8 249->255 250->242 251->252 258 4ab412 253->258 259 4ab414-4ab42a OpenEventLogW 253->259 256 4ab34c-4ab368 RegSetValueExW 254->256 257 4ab396-4ab39a 254->257 255->246 256->257 262 4ab36a-4ab380 OpenEventLogW 256->262 257->255 263 4ab39c 257->263 258->248 260 4ab42c-4ab437 ClearEventLogW 259->260 261 4ab440-4ab443 259->261 260->261 261->253 262->257 264 4ab382-4ab38d ClearEventLogW 262->264 263->255 264->257
                                              APIs
                                              • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000,?,00000007,?,00000004,?,00000019,?), ref: 004AB2C3
                                              • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 004AB2EA
                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 004AB320
                                              • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000004,00000000,00000004), ref: 004AB342
                                              • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000001,?,00000064), ref: 004AB360
                                              • OpenEventLogW.ADVAPI32(00000000,?), ref: 004AB373
                                              • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 004AB387
                                              • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 004AB3E2
                                              • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 004AB405
                                              • OpenEventLogW.ADVAPI32(00000000,?), ref: 004AB41D
                                              • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 004AB431
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Event$Create$ClearEnumOpenValue
                                              • String ID:
                                              • API String ID: 1260815474-0
                                              • Opcode ID: 40fa479b90d6ba69903045b83240014162bee408c47904ecfcdda0194f28da29
                                              • Instruction ID: a94f30b9d19a61e7df17991bb0394bd21d8e633437061f55ce2c9f26df0ac9aa
                                              • Opcode Fuzzy Hash: 40fa479b90d6ba69903045b83240014162bee408c47904ecfcdda0194f28da29
                                              • Instruction Fuzzy Hash: F4C113B0500308EFDB50AF59D845F997F34AB26714F1280D9E2146F2B2C7B68A64CF98

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 265 4ac4ac-4ac52c GetVolumeNameForVolumeMountPointW FindFirstVolumeW 269 4ac532-4ac538 265->269 270 4ac770-4ac775 265->270 271 4ac53e-4ac545 269->271 272 4ac73f-4ac761 269->272 271->272 273 4ac54b-4ac562 GetVolumePathNamesForVolumeNameW 271->273 272->269 281 4ac767 272->281 273->272 274 4ac568-4ac56c 273->274 274->272 276 4ac572-4ac576 274->276 276->272 277 4ac57c-4ac586 GetDriveTypeW 276->277 279 4ac588-4ac58b 277->279 280 4ac591-4ac599 call 4a1548 277->280 279->272 279->280 284 4ac59b-4ac5e3 280->284 285 4ac617-4ac63d call 4a16d4 CreateFileW 280->285 281->270 295 4ac603-4ac607 284->295 296 4ac5e5-4ac5fe call 4ac420 284->296 289 4ac643-4ac669 DeviceIoControl 285->289 290 4ac736 285->290 289->290 291 4ac66f-4ac676 289->291 290->272 293 4ac678-4ac684 291->293 294 4ac6dc-4ac6e3 291->294 300 4ac6a3-4ac6a9 293->300 301 4ac686-4ac68d 293->301 294->290 299 4ac6e5-4ac6ec 294->299 297 4ac609 295->297 298 4ac612 295->298 296->295 297->298 298->272 299->290 304 4ac6ee-4ac6f5 299->304 302 4ac6ab-4ac6b2 300->302 303 4ac6c8-4ac6d5 call 4a16a4 call 4ac420 300->303 301->300 305 4ac68f-4ac696 301->305 302->303 308 4ac6b4-4ac6bb 302->308 319 4ac6da 303->319 304->290 310 4ac6f7-4ac711 call 4a16a4 304->310 305->300 311 4ac698-4ac69f 305->311 308->303 312 4ac6bd-4ac6c4 308->312 321 4ac72a-4ac731 call 4ac420 310->321 322 4ac713-4ac71a 310->322 311->300 315 4ac6a1 311->315 312->303 316 4ac6c6 312->316 315->319 316->319 319->290 321->290 323 4ac728 322->323 324 4ac71c-4ac723 call 4ac420 322->324 323->290 324->323
                                              APIs
                                              • GetVolumeNameForVolumeMountPointW.KERNELBASE(?,?,00000104), ref: 004AC4F6
                                              • FindFirstVolumeW.KERNELBASE(?,00000104), ref: 004AC51F
                                              • GetVolumePathNamesForVolumeNameW.KERNELBASE(?,?,00000040,00000000), ref: 004AC55A
                                              • GetDriveTypeW.KERNELBASE(?), ref: 004AC57D
                                              • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?), ref: 004AC630
                                              • DeviceIoControl.KERNELBASE(000000FF,00070048,00000000,00000000,?,00000090,00000001,00000000), ref: 004AC661
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Volume$Name$ControlCreateDeviceDriveFileFindFirstMountNamesPathPointType
                                              • String ID: '
                                              • API String ID: 754975672-1997036262
                                              • Opcode ID: 27039f22166a554f1ade9cf3a5010280f196ddfa867acca9fa7c96429520fac8
                                              • Instruction ID: 35b91f19db8252e20eedb53b898f949959728588e1493fde125d4fbe4a9a6619
                                              • Opcode Fuzzy Hash: 27039f22166a554f1ade9cf3a5010280f196ddfa867acca9fa7c96429520fac8
                                              • Instruction Fuzzy Hash: 1A71B230805614FFDBB19B10DC89F9B7BB8EF22315F1480B6E105A62A1D7785A45CFAE

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 327 4ae218-4ae232 328 4ae46b-4ae474 327->328 329 4ae238-4ae24d call 4a8c4c 327->329 329->328 332 4ae253-4ae269 call 4a86a8 329->332 335 4ae26f-4ae280 call 4ba6c4 332->335 336 4ae465-4ae466 call 4a86d0 332->336 340 4ae45f-4ae460 call 4a86d0 335->340 341 4ae286-4ae307 call 4a16a4 CreateFileW 335->341 336->328 340->336 341->340 347 4ae30d-4ae322 WriteFile 341->347 348 4ae328-4ae34b RegCreateKeyExW 347->348 349 4ae456 347->349 348->349 350 4ae351-4ae37d RegSetValueExW 348->350 349->340 352 4ae44d-4ae450 NtClose 350->352 353 4ae383-4ae3fc RegCreateKeyExW 350->353 352->349 353->352 356 4ae3fe-4ae430 RegSetValueExW 353->356 356->352 358 4ae432-4ae446 SHChangeNotify 356->358 358->352
                                              APIs
                                                • Part of subcall function 004A86A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004B91D4,?,00000000,00000000), ref: 004A86C4
                                              • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 004AE2FA
                                              • WriteFile.KERNELBASE(000000FF,00000000,000000FF,?,00000000), ref: 004AE31A
                                              • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 004AE343
                                              • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 004AE375
                                              • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 004AE3F4
                                              • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 004AE428
                                              • SHChangeNotify.SHELL32(08000000,00001000,00000000,00000000), ref: 004AE440
                                              • NtClose.NTDLL(?), ref: 004AE450
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Create$FileValue$AllocateChangeCloseHeapNotifyWrite
                                              • String ID:
                                              • API String ID: 1108940941-0
                                              • Opcode ID: 952a7983f5255925d10ea2c0aaab1848a9481abda4a01f47b0bdad0f8697c86d
                                              • Instruction ID: eafa84304eee701410d6022164829c53f42b180dc22494d5be222b43cb9888c3
                                              • Opcode Fuzzy Hash: 952a7983f5255925d10ea2c0aaab1848a9481abda4a01f47b0bdad0f8697c86d
                                              • Instruction Fuzzy Hash: D7519070A04209BBEB208FA5DC49FAE7B7CFB04704F144165F614E61D0D7B5AA58CFA9

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 359 4a84cc-4a84df 360 4a84e2-4a84e7 359->360 360->360 361 4a84e9-4a84fd call 4abeb4 360->361 364 4a8509-4a852b CreateFileW 361->364 365 4a84ff-4a8503 361->365 366 4a862e-4a8630 364->366 367 4a8531-4a8533 364->367 365->364 365->366 369 4a8633-4a8636 366->369 368 4a8536-4a855f NtAllocateVirtualMemory 367->368 370 4a8561-4a856c 368->370 371 4a8567 368->371 372 4a8638-4a8651 NtFreeVirtualMemory 369->372 373 4a8657-4a865b 369->373 379 4a856e-4a857d 370->379 380 4a857f-4a8582 370->380 375 4a8597-4a859c 371->375 372->373 373->369 376 4a865d-4a8661 373->376 381 4a859f-4a85aa 375->381 377 4a866c-4a8683 call 4a83c8 DeleteFileW 376->377 378 4a8663-4a8666 NtClose 376->378 391 4a868c-4a8690 377->391 392 4a8685 377->392 378->377 385 4a8591-4a8595 379->385 380->385 386 4a8584-4a858c call 4a848c 380->386 382 4a85b8 381->382 383 4a85ac-4a85b6 381->383 387 4a85bd-4a85c4 382->387 383->387 385->368 385->375 386->385 390 4a85c7-4a85dd WriteFile 387->390 393 4a85df 390->393 394 4a85e1-4a85fe SetFilePointerEx 390->394 395 4a869a-4a86a3 391->395 396 4a8692-4a8695 call 4a86d0 391->396 392->391 397 4a8600-4a8607 393->397 394->390 394->397 396->395 399 4a860b-4a8629 397->399 400 4a8609 397->400 399->381 400->366
                                              APIs
                                              • CreateFileW.KERNELBASE(004A9646,40000000,00000003,00000000,00000003,80000000,00000000,004A9646,?,?,00000000,?), ref: 004A851E
                                              • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004,?,00000000,?), ref: 004A8557
                                              • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000,?,00000000,?), ref: 004A85D5
                                              • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001,?,00000000,?), ref: 004A85F1
                                              • NtFreeVirtualMemory.NTDLL(000000FF,?,00010000,00008000,?,00000000,?), ref: 004A8651
                                              • NtClose.NTDLL(000000FF,?,00000000,?), ref: 004A8666
                                              • DeleteFileW.KERNELBASE(?,000000FF,?,?,00000000,?), ref: 004A867B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$MemoryVirtual$AllocateCloseCreateDeleteFreePointerWrite
                                              • String ID:
                                              • API String ID: 3569053182-0
                                              • Opcode ID: c1b9d9ec01ff6bbed86b65fab30420d8f77fd7bfe540fca8eaa41022617c9ba1
                                              • Instruction ID: 3d5cd4669f1d0fd0f96fc5beafd04e408ebfbcf3699113340537c4f33471d823
                                              • Opcode Fuzzy Hash: c1b9d9ec01ff6bbed86b65fab30420d8f77fd7bfe540fca8eaa41022617c9ba1
                                              • Instruction Fuzzy Hash: 63514F71D00209BFEF11CFA4DC44BEEBBB9EB29314F20012AF611B6190DB795A85CB59

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 402 4ae0ac-4ae0d7 CreateFileW 403 4ae20d-4ae213 402->403 404 4ae0dd-4ae0f6 402->404 405 4ae0fc-4ae10e call 4a1790 404->405 408 4ae115-4ae138 WriteFile 405->408 409 4ae13a-4ae149 408->409 410 4ae14c-4ae171 WriteFile 408->410 411 4ae173-4ae182 410->411 412 4ae185-4ae1a8 WriteFile 410->412 414 4ae1aa-4ae1b9 412->414 415 4ae1bc-4ae1e1 WriteFile 412->415 416 4ae1e3-4ae1f2 NtClose 415->416 417 4ae1f5-4ae202 415->417 417->408 420 4ae208 417->420 420->405
                                              APIs
                                              • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,00000000), ref: 004AE0CA
                                              • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,Function_00028000,?,?,?,00000000), ref: 004AE12B
                                              • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,?,?,00000000), ref: 004AE164
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$Write$Create
                                              • String ID:
                                              • API String ID: 1602526932-0
                                              • Opcode ID: dc323df7dff8551c8a4fa5a8725bff008f4deba463078d6111beeadad2f754dc
                                              • Instruction ID: 3c04c4ef3d01e6d149bd0dd04cbf3db8a2a5539fadd444ed5322e3d5605876e6
                                              • Opcode Fuzzy Hash: dc323df7dff8551c8a4fa5a8725bff008f4deba463078d6111beeadad2f754dc
                                              • Instruction Fuzzy Hash: 44413971A0410CFFDB00DB95EC05FEEFBBAEB55312F5041A6EA04A2291D7714E14DB99

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 421 4afc5c-4afc6d SetThreadPriority 422 4afc73-4afc92 421->422 424 4afcc2-4afcc4 422->424 425 4afc94-4afc9c 422->425 427 4afcca-4afccf 424->427 428 4afcc6-4afcc9 424->428 425->424 426 4afc9e 425->426 429 4afca5-4afcba 426->429 430 4afd84-4afd87 427->430 431 4afcd5-4afd07 ReadFile 427->431 445 4afcbe 429->445 446 4afcbc-4afcc0 429->446 432 4afe89-4afe8c 430->432 433 4afd8d-4afdd6 call 4a20b0 430->433 434 4afd7a 431->434 435 4afd09-4afd14 431->435 437 4aff19-4aff1c 432->437 438 4afe92-4afed1 WriteFile 432->438 475 4afdd8-4afded 433->475 476 4afdef-4afdf7 433->476 439 4aff68-4aff87 434->439 435->434 440 4afd16-4afd1e 435->440 437->439 444 4aff1e-4aff22 437->444 447 4afed3-4afede 438->447 448 4aff15 438->448 457 4aff8b-4aff93 439->457 458 4aff89-4affbd 439->458 442 4afd3c-4afd63 440->442 443 4afd20-4afd3a 440->443 477 4afd76 442->477 478 4afd65-4afd70 442->478 443->434 451 4aff38-4aff56 NtClose call 4a1074 call 4a86d0 444->451 452 4aff24-4aff2a 444->452 445->429 446->422 447->448 454 4afee0-4afefe 447->454 448->439 480 4aff5b-4affc8 451->480 460 4aff2e-4aff36 452->460 461 4aff2c 452->461 487 4aff00-4aff0b 454->487 488 4aff11 454->488 464 4affb9 457->464 465 4aff95 457->465 473 4affbf-4affc2 458->473 474 4affc3 458->474 460->452 461->451 464->439 469 4aff9c-4affb1 465->469 491 4affb3-4affb7 469->491 492 4affb5 469->492 474->427 481 4afe19-4afe35 WriteFile 475->481 482 4afdf9-4afdfb 476->482 483 4afe06-4afe12 476->483 477->434 485 4afd72 478->485 486 4afd74 478->486 480->422 493 4afe7f 481->493 494 4afe37-4afe42 481->494 482->483 490 4afdfd-4afe04 482->490 483->481 485->434 486->442 495 4aff0f 487->495 496 4aff0d 487->496 488->448 490->481 491->439 492->469 493->439 494->493 499 4afe44-4afe68 494->499 495->454 496->448 502 4afe6a-4afe75 499->502 503 4afe7b 499->503 504 4afe79 502->504 505 4afe77 502->505 503->493 504->499 505->493
                                              APIs
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 004AFC6D
                                              • ReadFile.KERNELBASE(?,?,?,?,?), ref: 004AFCFF
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FilePriorityReadThread
                                              • String ID:
                                              • API String ID: 3643687941-0
                                              • Opcode ID: 2369ff562f157aabea60fa201d17b06c5a1910576f8bf64c4df03bab2e4323a9
                                              • Instruction ID: 0a73b8f558625b3db1ca61ec3c6d7640f78962c9c555c7ac9b814afd35756691
                                              • Opcode Fuzzy Hash: 2369ff562f157aabea60fa201d17b06c5a1910576f8bf64c4df03bab2e4323a9
                                              • Instruction Fuzzy Hash: DBA18DB1504604EFDF618F90CDC4FA637BCEB2A314F2002B7E906891A5D778DA49DB5A

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 506 4b0dd4-4b0deb GetFileAttributesW 507 4b0e4b-4b0e5d SetThreadPriority call 4a1548 506->507 508 4b0ded-4b0df9 call 4ada14 506->508 513 4b0e68 507->513 514 4b0e5f-4b0e66 507->514 515 4b0dfb-4b0e09 call 4abeb4 508->515 516 4b0e3d-4b0e48 call 4a86d0 508->516 518 4b0e6f-4b0e82 call 4a86a8 513->518 514->518 515->516 523 4b0e0b-4b0e0f 515->523 527 4b0e89-4b0ec9 call 4adfbc call 4b0c30 call 4a86d0 FindFirstFileExW 518->527 525 4b0e11-4b0e15 523->525 526 4b0e17-4b0e3a call 4adfbc call 4a9100 call 4b0a38 523->526 525->516 525->526 540 4b0ecf-4b0edd 527->540 541 4b1007-4b101c call 4a86d0 527->541 545 4b0ee2-4b0eeb 540->545 546 4b101e-4b103c call 4a86d0 541->546 547 4b1020-4b1034 541->547 548 4b0eed-4b0ef3 545->548 549 4b0ef5 545->549 554 4b1041-4b1044 546->554 547->527 548->549 552 4b0efa-4b0f04 548->552 553 4b0fe6-4b0ff8 FindNextFileW 549->553 555 4b0f0c 552->555 556 4b0f06-4b0f0a 552->556 553->545 557 4b0ffe-4b1001 FindClose 553->557 555->553 556->555 558 4b0f11-4b0f18 556->558 557->541 559 4b0f1a-4b0f1e 558->559 560 4b0f25-4b0f29 558->560 559->560 561 4b0f20 559->561 562 4b0f2b-4b0f33 call 4b0d80 560->562 563 4b0f53-4b0f5b call 4b0ce8 560->563 561->553 570 4b0f4e 562->570 571 4b0f35-4b0f4c call 4b0c94 562->571 568 4b0f5d 563->568 569 4b0f62-4b0f69 563->569 568->553 572 4b0f6b-4b0f72 569->572 573 4b0f76-4b0f80 call 4ada14 569->573 570->553 571->570 572->573 575 4b0f74 572->575 579 4b0f82 573->579 580 4b0f84-4b0fa2 call 4b0c94 call 4a9100 call 4b0a38 573->580 575->553 579->553 586 4b0fa7-4b0fae 580->586 586->553 587 4b0fb0-4b0fb2 586->587 588 4b0fdb 587->588 589 4b0fb4-4b0fd9 587->589 588->553 589->553
                                              APIs
                                              • GetFileAttributesW.KERNELBASE(?), ref: 004B0DE0
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 004B0E4F
                                              • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000,?,?,?,004C7180,003D0900), ref: 004B0EBC
                                              • FindNextFileW.KERNELBASE(000000FF,?), ref: 004B0FF0
                                              • FindClose.KERNELBASE(000000FF), ref: 004B1001
                                                • Part of subcall function 004ABEB4: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 004ABED6
                                                • Part of subcall function 004ABEB4: FindClose.KERNELBASE(000000FF), ref: 004ABEFC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$File$CloseFirst$AttributesNextPriorityThread
                                              • String ID:
                                              • API String ID: 3755735135-0
                                              • Opcode ID: 80d4f6c3ea2e9385c6342ce10e1453afffaf259ed4d2a159843adf94ee5186d8
                                              • Instruction ID: dd083b6aa70d78560cf0c8e3fdae99e61e322c6c14610cf133b294a5dd96bff8
                                              • Opcode Fuzzy Hash: 80d4f6c3ea2e9385c6342ce10e1453afffaf259ed4d2a159843adf94ee5186d8
                                              • Instruction Fuzzy Hash: 58618A30908209AFDF21AFA0CC05BFFBB75AF15346F10056BE805652A1DBB98D91DB6D

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 591 4a94dc-4a9503 593 4a9509-4a951d call 4a86a8 591->593 594 4a9692-4a9697 591->594 597 4a9523-4a9570 call 4a16a4 FindFirstFileExW 593->597 598 4a9676-4a967a 593->598 597->598 608 4a9576-4a957f 597->608 599 4a967c-4a967f call 4a86d0 598->599 600 4a9684-4a9688 598->600 599->600 600->594 603 4a968a-4a968d call 4a86d0 600->603 603->594 609 4a9655-4a9667 FindNextFileW 608->609 610 4a9585-4a958b 608->610 609->608 612 4a966d 609->612 610->609 611 4a9591-4a95bf call 4a86a8 610->611 611->609 617 4a95c5-4a9601 GetFileAttributesW 611->617 612->598 621 4a963e-4a9641 call 4a84cc 617->621 622 4a9603-4a960e 617->622 624 4a9646-4a964e call 4a86d0 621->624 627 4a9612-4a961d 622->627 628 4a9610 622->628 624->609 631 4a9629 627->631 632 4a961f-4a962b call 4a94dc 627->632 630 4a962d-4a963c call 4a86d0 628->630 630->609 631->630 632->622
                                              APIs
                                                • Part of subcall function 004A86A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004B91D4,?,00000000,00000000), ref: 004A86C4
                                              • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 004A9563
                                              • GetFileAttributesW.KERNELBASE(00000000), ref: 004A95F6
                                              • FindNextFileW.KERNELBASE(000000FF,?), ref: 004A965F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$Find$AllocateAttributesFirstHeapNext
                                              • String ID: *
                                              • API String ID: 2400493143-163128923
                                              • Opcode ID: 38cdd61b50e5ecf2150751759c0154cf0ed97f71e7f3bf5e5d68845a64e6d865
                                              • Instruction ID: f19e005ae5daef686fc2234c27ca8fad19be2416875fb214d84610b399811288
                                              • Opcode Fuzzy Hash: 38cdd61b50e5ecf2150751759c0154cf0ed97f71e7f3bf5e5d68845a64e6d865
                                              • Instruction Fuzzy Hash: 5E416870C04118EBDF11AFA1DC09BAEBB78FF21309F044066E415A11A0DB7A4E64DF9E

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 638 4b8b04-4b8b1d 640 4b8bdb-4b8be2 638->640 641 4b8b23-4b8b2a 638->641 644 4b8c0f-4b8c20 call 4a92d8 call 4a969c 640->644 645 4b8be4-4b8bfd CreateThread 640->645 642 4b8b2c-4b8b52 call 4a894c 641->642 643 4b8b55-4b8b5c 641->643 642->643 647 4b8b98-4b8b9f 643->647 648 4b8b5e-4b8b65 643->648 662 4b8c22 call 4a9b14 644->662 663 4b8c27-4b8c2e 644->663 645->644 649 4b8bff-4b8c08 645->649 647->640 651 4b8ba1-4b8ba8 647->651 648->647 653 4b8b67-4b8b91 call 4aba84 648->653 649->644 651->640 657 4b8baa-4b8bd4 call 4aba84 651->657 653->647 657->640 662->663 668 4b8c48-4b8c4f 663->668 669 4b8c30-4b8c45 CreateThread 663->669 672 4b8c5a-4b8c81 call 4ad554 call 4affd0 668->672 673 4b8c51-4b8c58 668->673 669->668 689 4b8c83-4b8c8a 672->689 690 4b8cc5-4b8cc9 672->690 673->672 674 4b8cd2-4b8cd9 673->674 676 4b8cdb-4b8ce6 NtTerminateThread 674->676 677 4b8cef-4b8cf6 674->677 676->677 679 4b8cf8-4b8d11 CreateThread 677->679 680 4b8d23-4b8d2d 677->680 679->680 681 4b8d13-4b8d1c 679->681 687 4b8d33-4b8d3a 680->687 688 4b8e02-4b8e10 call 4b3404 call 4b37f8 call 4b317c 680->688 681->680 691 4b8d3c-4b8d55 687->691 692 4b8d67-4b8d6e 687->692 721 4b8e15-4b8e19 688->721 696 4b8c8c-4b8ca0 call 4ac4ac call 4b00a0 call 4b2508 call 4b00a0 call 4b26b4 689->696 697 4b8ca5-4b8cac 689->697 690->674 691->692 710 4b8d57-4b8d60 691->710 694 4b8da9-4b8db0 call 4ad494 692->694 695 4b8d70-4b8d74 692->695 719 4b8db9-4b8dbb call 4aa060 694->719 720 4b8db2-4b8db7 call 4aa790 694->720 699 4b8d8a-4b8da4 call 4a894c call 4af820 695->699 700 4b8d76-4b8d81 695->700 696->697 701 4b8cb8-4b8cc0 call 4b0058 call 4b00a0 697->701 702 4b8cae-4b8cb3 call 4b00a0 call 4b1758 697->702 699->694 700->699 701->690 702->701 710->692 730 4b8dc0-4b8dc7 719->730 720->730 733 4b8ddb-4b8dfb call 4ab464 call 4b1f84 730->733 734 4b8dc9-4b8dd0 730->734 740 4b8e00 733->740 734->733 737 4b8dd2-4b8dd9 734->737 737->733 737->740 740->721
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,004AAD98,00000000,00000000,00000000), ref: 004B8BF3
                                              • CreateThread.KERNELBASE(00000000,00000000,004A9C88,00000000,00000000,00000000), ref: 004B8C3F
                                              • NtTerminateThread.NTDLL(?,00000000), ref: 004B8CE0
                                              • CreateThread.KERNELBASE(00000000,00000000,004AB458,00000000,00000000,00000000), ref: 004B8D07
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$Create$Terminate
                                              • String ID:
                                              • API String ID: 1922322686-0
                                              • Opcode ID: 8f4077cac8929f01cfd1121817011c181e8968c73e39cb80ebd4de68de63329b
                                              • Instruction ID: 3405b311fcd97ddeac91bc4c1600a875736d774b2fcba9852b57fc7aa4705636
                                              • Opcode Fuzzy Hash: 8f4077cac8929f01cfd1121817011c181e8968c73e39cb80ebd4de68de63329b
                                              • Instruction Fuzzy Hash: 198182B054C245BFEB916BB59C4AFAA3E68AB15305F28016EF251602F2CE7C5944CF3D

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 745 4a7aa0-4a7ab1 746 4a7ad2-4a7ad9 745->746 747 4a7ab3-4a7acd call 4a7968 745->747 749 4a7afa-4a7b01 746->749 750 4a7adb-4a7af5 call 4a7968 746->750 747->746 753 4a7b22-4a7b29 call 4a163c 749->753 754 4a7b03-4a7b1d call 4a7968 749->754 750->749 759 4a7b2e-4a7b32 753->759 754->753 760 4a7b59-4a7b5c 759->760 761 4a7b34-4a7b5e call 4a1228 759->761 760->759 765 4a7b65-4a7b80 FindFirstFileW 761->765 766 4a7b82-4a7b93 call 4a11ac 765->766 767 4a7bd0-4a7bd4 765->767 777 4a7bb3-4a7bc5 FindNextFileW 766->777 778 4a7b95-4a7ba7 FindClose call 4a789c 766->778 768 4a7bd8-4a7be2 767->768 769 4a7bd6-4a7c18 767->769 772 4a7c07-4a7c0a 768->772 773 4a7be4-4a7be9 768->773 772->765 775 4a7beb-4a7c00 call 4a1228 773->775 776 4a7c02-4a7c05 773->776 775->772 776->773 777->766 779 4a7bc7-4a7bca FindClose 777->779 782 4a7bac-4a7bb0 778->782 779->767
                                              APIs
                                              • FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 004A7B73
                                              • FindClose.KERNELBASE(000000FF,?,00000000), ref: 004A7B98
                                              • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 004A7BBD
                                              • FindClose.KERNELBASE(000000FF), ref: 004A7BCA
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$CloseFile$FirstNext
                                              • String ID:
                                              • API String ID: 1164774033-0
                                              • Opcode ID: 7b251f44b4932cc9e2750344b37f439ef0e8c1a0de79108ea8ad82dc66db04c1
                                              • Instruction ID: 6e33a49bcec56f699581e2ed2251aee5a81d17ffda50bcf770aa21f38fcdf6e1
                                              • Opcode Fuzzy Hash: 7b251f44b4932cc9e2750344b37f439ef0e8c1a0de79108ea8ad82dc66db04c1
                                              • Instruction Fuzzy Hash: 5741A7B0808204EBDF719F64DC85F5A7B78EB22315F0081A7E401AA272D7785992DF5D
                                              APIs
                                              • NtSetInformationProcess.NTDLL(000000FF,00000021,00000000,00000004,00000004,00000000,004B8C75), ref: 004AD571
                                              • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002), ref: 004AD583
                                              • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004), ref: 004AD598
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationProcess
                                              • String ID:
                                              • API String ID: 1801817001-0
                                              • Opcode ID: eeb3d1a46e35dd7d72a2af90e87b8fcba1eae1cb0bd99500df387af915248fcc
                                              • Instruction ID: ff589e97bbb272936e9f8316f14533edd814eab82096c22fa60b4f7c47e125ee
                                              • Opcode Fuzzy Hash: eeb3d1a46e35dd7d72a2af90e87b8fcba1eae1cb0bd99500df387af915248fcc
                                              • Instruction Fuzzy Hash: ADF01CB1244264ABEB61AB94DCCAF613B98EB16725F200365B331DD0E5D7B884048B1A
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,CF75D174), ref: 004AD2D1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-3916222277
                                              • Opcode ID: 3a3429035b73b3f90c58e42f088865fc849b5a881799d8b465574b270348a791
                                              • Instruction ID: 27a68c5db2027bbd274a6babf766b2304bf9be5358716c274275aaf6b7fdbb45
                                              • Opcode Fuzzy Hash: 3a3429035b73b3f90c58e42f088865fc849b5a881799d8b465574b270348a791
                                              • Instruction Fuzzy Hash: 06F090B1904208BBDB10CBA4CC88F9EB77CAB04325F104295A524A62C0D7349B00CB58
                                              APIs
                                                • Part of subcall function 004A86A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004B91D4,?,00000000,00000000), ref: 004A86C4
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004A9CAE
                                              • Sleep.KERNELBASE(000007D0,?), ref: 004A9D75
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeapInformationQuerySleepSystem
                                              • String ID:
                                              • API String ID: 3184523392-0
                                              • Opcode ID: 561c4e42716f5d1f3966d0ce2d4e9ca41a979fd0123431fd3eecb38cdf5e0c51
                                              • Instruction ID: 6697bd4cac043b2b1248e6a662a55371fa560a2921f1055e84493fd0f3c91253
                                              • Opcode Fuzzy Hash: 561c4e42716f5d1f3966d0ce2d4e9ca41a979fd0123431fd3eecb38cdf5e0c51
                                              • Instruction Fuzzy Hash: F7216D70800108EFDF109F90CD84BDEBBB8FF15318F60809AE515AA261D77A8E45DF99
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 004AADBA
                                                • Part of subcall function 004AB5FC: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004AB629
                                                • Part of subcall function 004AB6A4: NtClose.NTDLL(00000000), ref: 004AB795
                                              • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,86FC5592), ref: 004AADF1
                                                • Part of subcall function 004AABD8: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,2AD8ADAB), ref: 004AAC16
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                                              • String ID:
                                              • API String ID: 1903255304-0
                                              • Opcode ID: 903143e0751df961c711a375d6b3f1e591d8e5217e823e720f4282f6259280ff
                                              • Instruction ID: be83f442bbe915508737f34df0cfe8200ca8d17997b02877297a215ba620a657
                                              • Opcode Fuzzy Hash: 903143e0751df961c711a375d6b3f1e591d8e5217e823e720f4282f6259280ff
                                              • Instruction Fuzzy Hash: 5721D870A80309BBEF209BA4CC4EF9F7EBC9F11315F104169B611A62D1D7798A54CB5A
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 004AADBA
                                                • Part of subcall function 004AB5FC: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004AB629
                                                • Part of subcall function 004AB6A4: NtClose.NTDLL(00000000), ref: 004AB795
                                              • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,86FC5592), ref: 004AADF1
                                                • Part of subcall function 004AABD8: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,2AD8ADAB), ref: 004AAC16
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                                              • String ID:
                                              • API String ID: 1903255304-0
                                              • Opcode ID: b9b778a800347d0ec98f426b10f7fa4d922ca1e60f157093519b08f9342978a2
                                              • Instruction ID: bb19f2928107b248876bbcc90f6daf752516f0ded185493a926b6455a0192a93
                                              • Opcode Fuzzy Hash: b9b778a800347d0ec98f426b10f7fa4d922ca1e60f157093519b08f9342978a2
                                              • Instruction Fuzzy Hash: A621D870A80309BBEF209BA4CC4EF9F7EBC9F11305F104169B601A62D1D7798A54CB5A
                                              APIs
                                                • Part of subcall function 004A9400: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004A946F
                                                • Part of subcall function 004A9400: FindClose.KERNELBASE(000000FF), ref: 004A94CC
                                              • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004A938F
                                              • FindNextFileW.KERNELBASE(000000FF,?), ref: 004A93E6
                                                • Part of subcall function 004A94DC: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 004A9563
                                                • Part of subcall function 004A94DC: GetFileAttributesW.KERNELBASE(00000000), ref: 004A95F6
                                                • Part of subcall function 004A94DC: FindNextFileW.KERNELBASE(000000FF,?), ref: 004A965F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FileFind$First$Next$AttributesClose
                                              • String ID:
                                              • API String ID: 95010735-0
                                              • Opcode ID: 131f3b067a2cf43b1885c3ba8742c5aa26c7bb70a277ecaec59d35e7242d686c
                                              • Instruction ID: 066b7375d34936bd8be2563acb832728af02f5cfb757484ad453b2b21dc629d7
                                              • Opcode Fuzzy Hash: 131f3b067a2cf43b1885c3ba8742c5aa26c7bb70a277ecaec59d35e7242d686c
                                              • Instruction Fuzzy Hash: 1D215E7194420CAFDF20EF90DD49FDAB77CAF15305F0000A2AA09D2191E7349B58CF6A
                                              APIs
                                              • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004A946F
                                              • FindClose.KERNELBASE(000000FF), ref: 004A94CC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$CloseFileFirst
                                              • String ID:
                                              • API String ID: 2295610775-0
                                              • Opcode ID: 695c68270bd94fe4bfac1352b88a957389e5c440afd99911f7a242376c313c37
                                              • Instruction ID: 10ccf598065c7569af52351a9bbcc959f43712a36e42806f63db66a56bb4e970
                                              • Opcode Fuzzy Hash: 695c68270bd94fe4bfac1352b88a957389e5c440afd99911f7a242376c313c37
                                              • Instruction Fuzzy Hash: 49210BB0904208EFDB109F90DD0CF9DBBB8FB04305F1081A1E908A62A1D7759A99DF59
                                              APIs
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004A9CAE
                                              • Sleep.KERNELBASE(000007D0,?), ref: 004A9D75
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQuerySleepSystem
                                              • String ID:
                                              • API String ID: 3518162127-0
                                              • Opcode ID: bbc8841bde2b005206de7b03d64f555de1eba0816d2f8f1aa318649fbfb1c088
                                              • Instruction ID: 90fe4596111aa0e4ca16afc8b9b1ed4d016979493873248572c09ab3a63d68c4
                                              • Opcode Fuzzy Hash: bbc8841bde2b005206de7b03d64f555de1eba0816d2f8f1aa318649fbfb1c088
                                              • Instruction Fuzzy Hash: 2F211A70900208EFDF51CF90CD84B9EBBB8FF15308F60809AE511AA251D77A9A45DF59
                                              APIs
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004A9CAE
                                              • Sleep.KERNELBASE(000007D0,?), ref: 004A9D75
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQuerySleepSystem
                                              • String ID:
                                              • API String ID: 3518162127-0
                                              • Opcode ID: 99deb11b6d7549ab59fb8df4e1c286afa1401a75c07da543021b1e39cf0b5f2e
                                              • Instruction ID: 90fe4596111aa0e4ca16afc8b9b1ed4d016979493873248572c09ab3a63d68c4
                                              • Opcode Fuzzy Hash: 99deb11b6d7549ab59fb8df4e1c286afa1401a75c07da543021b1e39cf0b5f2e
                                              • Instruction Fuzzy Hash: 2F211A70900208EFDF51CF90CD84B9EBBB8FF15308F60809AE511AA251D77A9A45DF59
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,004AFC5C,00000000,00000000,00000000,?,00000000), ref: 004B0021
                                                • Part of subcall function 004AD264: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,004A83B9,00000000,004C7864,004A8208,00000000,00000000,004C7850,004A81F0,00000000,00000000,004C7844), ref: 004AD285
                                              • NtClose.NTDLL(00000000,00000000,?,00000000), ref: 004B0034
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$CloseCreateInformation
                                              • String ID:
                                              • API String ID: 3895992022-0
                                              • Opcode ID: 96f6ee1509d99ece75e1f6b04e017bb227bda61d3a6af872c5c9df55eff6d599
                                              • Instruction ID: ccd62f9d890392f1a624e06f41e6309b033f187e1ca26add1c7e48f77c4c7eef
                                              • Opcode Fuzzy Hash: 96f6ee1509d99ece75e1f6b04e017bb227bda61d3a6af872c5c9df55eff6d599
                                              • Instruction Fuzzy Hash: B901F930748315BBE3617BA9AC89FCE3664DB05725F600232FA05A22E1DBB89D01C97D
                                              APIs
                                              • NtSetInformationThread.NTDLL(000000FE,00000005,00000008,00000004), ref: 004AD244
                                              • NtClose.NTDLL(00000008), ref: 004AD252
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CloseInformationThread
                                              • String ID:
                                              • API String ID: 3167811113-0
                                              • Opcode ID: 33de50b999f4e997c300ca7f5428d1513927fb773c65e47d377342abba86f323
                                              • Instruction ID: f685e4fc92beff1c73dbd59deac8895137590b773260f46d0990a81bd26bc2ac
                                              • Opcode Fuzzy Hash: 33de50b999f4e997c300ca7f5428d1513927fb773c65e47d377342abba86f323
                                              • Instruction Fuzzy Hash: 19012171504208AFE710CF50CC49FABBBACFB14304F1081A5E9159A1A1D7B9CA08DB94
                                              APIs
                                              • GetLogicalDriveStringsW.KERNELBASE(00000104,?,?,00000000), ref: 004A92EF
                                              • GetDriveTypeW.KERNELBASE(?,?,00000000), ref: 004A9305
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Drive$LogicalStringsType
                                              • String ID:
                                              • API String ID: 1630765265-0
                                              • Opcode ID: aa7a3af32a67a0bf1c7ee9028ece1cf6fb339c3a4e93d1b0fb5d9aadee33e927
                                              • Instruction ID: c74cb1d12d23929f45d1c138c60cd5a4b60a03fd3da6b1aa8ac2b567680879b6
                                              • Opcode Fuzzy Hash: aa7a3af32a67a0bf1c7ee9028ece1cf6fb339c3a4e93d1b0fb5d9aadee33e927
                                              • Instruction Fuzzy Hash: 84E02B3250171A67DF2066D45CC9DE7B33CDB3A300F4001A2EE48D2291DF649D458BD9
                                              APIs
                                              • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 004ABED6
                                              • FindClose.KERNELBASE(000000FF), ref: 004ABEFC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$CloseFileFirst
                                              • String ID:
                                              • API String ID: 2295610775-0
                                              • Opcode ID: f235c14e646005b3725ce1740076e9c66c06cbb6fdc8880d8d31ca128c7f8a2a
                                              • Instruction ID: 369c47fefd16fd07e5c00e4535973e5fd5b834584443dfc5c6137ea1dce1cdb3
                                              • Opcode Fuzzy Hash: f235c14e646005b3725ce1740076e9c66c06cbb6fdc8880d8d31ca128c7f8a2a
                                              • Instruction Fuzzy Hash: 69F0DA74901208FFDB60DF94CC49B9CBBB4EB45311F2082A5E918AB3A0DB716E95DF44
                                              APIs
                                              • NtQueryDefaultUILanguage.NTDLL(?), ref: 004A9F02
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: DefaultLanguageQuery
                                              • String ID:
                                              • API String ID: 1532992581-0
                                              • Opcode ID: 3001b2d8ca6f8671d87fd91505416d1d6f24aef91cab680b548987030e730cf0
                                              • Instruction ID: 68f189393505deac45e14106a91bd13116348e7a14d391d5d222ea5d4a09849d
                                              • Opcode Fuzzy Hash: 3001b2d8ca6f8671d87fd91505416d1d6f24aef91cab680b548987030e730cf0
                                              • Instruction Fuzzy Hash: 28310616B8E5064FFFB5E85095416F7A244E3337A0EED012BE54AC3382461D1CA2D66F
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: faf6de86211ad534d2108296a7552eb2c97d969cbad7a16c922153fc59b03190
                                              • Instruction ID: 420dc0ab91e1cab44e1450e6103e370e923de0129d0fc3cc652117d5e3ef8366
                                              • Opcode Fuzzy Hash: faf6de86211ad534d2108296a7552eb2c97d969cbad7a16c922153fc59b03190
                                              • Instruction Fuzzy Hash: 8231BB7580020CEFEB41CF94D848BDEBFB8FF05308F108159E414AA291D7BA9A49DF99
                                              APIs
                                                • Part of subcall function 004A86A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004B91D4,?,00000000,00000000), ref: 004A86C4
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004AB629
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeapInformationQuerySystem
                                              • String ID:
                                              • API String ID: 3114120137-0
                                              • Opcode ID: 270aa0098f5351e2d4fcfe7e274107ca526d7e5be490790d4cb0255984772af7
                                              • Instruction ID: eb91772bc8c6f924d8b70a4114a2bd63843f644ed3f87b54532ad09f61ad5966
                                              • Opcode Fuzzy Hash: 270aa0098f5351e2d4fcfe7e274107ca526d7e5be490790d4cb0255984772af7
                                              • Instruction Fuzzy Hash: F4116D71D00108FBDF119F85D881BDEBB74EF26314F60819BEA10A6252D73A5A609F8A
                                              APIs
                                              • NtQueryInformationToken.NTDLL(00000000,00000001,?,00000028,?,00000000), ref: 004A8B43
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQueryToken
                                              • String ID:
                                              • API String ID: 4239771691-0
                                              • Opcode ID: 55061443ece5c230a76f1fdb56c12b8c1e20e5fba80f14d36384308e10e585c0
                                              • Instruction ID: 2454253ea9d27bf9bc378983c40b84ab3e09d3ff6a3775d59826492f712a5b5e
                                              • Opcode Fuzzy Hash: 55061443ece5c230a76f1fdb56c12b8c1e20e5fba80f14d36384308e10e585c0
                                              • Instruction Fuzzy Hash: 1E114FB0904209EBDF50CF90DC88FEEBF78FB25305F14416AF511A22A0DB756A58DB69
                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 004A78ED
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: 05cf9da13bb63f148cdf11e8b84797ffb63788e7cef707df70bf9dd5e238ecbb
                                              • Instruction ID: 476036adbe92300879c119a372f0e20b650dd2a6840ef66bd946915a678bdab2
                                              • Opcode Fuzzy Hash: 05cf9da13bb63f148cdf11e8b84797ffb63788e7cef707df70bf9dd5e238ecbb
                                              • Instruction Fuzzy Hash: B6F03136D0410DFBDF20EE95DC48FDE77BCEB15354F0040A7E904A3140D638AA089BA5
                                              APIs
                                              • NtQueryInformationToken.NTDLL(?,00000001,?,0000002C,?), ref: 004AD4BE
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQueryToken
                                              • String ID:
                                              • API String ID: 4239771691-0
                                              • Opcode ID: 78844904b7c4887c223ba36efb917421eb9e9184e8d1b1cdb1a29866e1b71d6e
                                              • Instruction ID: 74a8af27e50b9ecadb38a1b8417a87cb8a7de5c7aeb75f50ab6c43d7ab565439
                                              • Opcode Fuzzy Hash: 78844904b7c4887c223ba36efb917421eb9e9184e8d1b1cdb1a29866e1b71d6e
                                              • Instruction Fuzzy Hash: BEF03031A04108BFEB10CB95DD85EEABB7DFB15310F5042B2F915D22A0E775AE448A14
                                              APIs
                                              • NtTerminateProcess.NTDLL(004AAFC4,00000000), ref: 004AFAA7
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ProcessTerminate
                                              • String ID:
                                              • API String ID: 560597551-0
                                              • Opcode ID: 69ebd67735489848763f031b43c19026f17bf47dd76c98a4bddb67d99c393456
                                              • Instruction ID: 3d072eff897e9555ad73e2bd89c83bc534414afbfa8d8349421d1ee277c344da
                                              • Opcode Fuzzy Hash: 69ebd67735489848763f031b43c19026f17bf47dd76c98a4bddb67d99c393456
                                              • Instruction Fuzzy Hash: AA01FF71800208EFDB00CF90C848BDEBFB8FB04318F108199E904AB291D7B7964ACF95
                                              APIs
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004AB629
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQuerySystem
                                              • String ID:
                                              • API String ID: 3562636166-0
                                              • Opcode ID: 00a9349658dc517b59d1fc3127e663fad3137020da18179cb26d6284f0ff7661
                                              • Instruction ID: 9c077dd26e5aa2de1b8e9cdfc910698855123e7ded86dc104425f4ca779153c4
                                              • Opcode Fuzzy Hash: 00a9349658dc517b59d1fc3127e663fad3137020da18179cb26d6284f0ff7661
                                              • Instruction Fuzzy Hash: 81F01D35900108EBDF149F84D881FADBB74EB26300F204097E900A6252D37659509B8B
                                              APIs
                                              • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004AB629
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationQuerySystem
                                              • String ID:
                                              • API String ID: 3562636166-0
                                              • Opcode ID: 1d593f039bd60fbd40c2fc24f21794c13d9ce06ba88436c2f6e0263a7685ab05
                                              • Instruction ID: 9c077dd26e5aa2de1b8e9cdfc910698855123e7ded86dc104425f4ca779153c4
                                              • Opcode Fuzzy Hash: 1d593f039bd60fbd40c2fc24f21794c13d9ce06ba88436c2f6e0263a7685ab05
                                              • Instruction Fuzzy Hash: 81F01D35900108EBDF149F84D881FADBB74EB26300F204097E900A6252D37659509B8B
                                              APIs
                                              • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,004A83B9,00000000,004C7864,004A8208,00000000,00000000,004C7850,004A81F0,00000000,00000000,004C7844), ref: 004AD285
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationThread
                                              • String ID:
                                              • API String ID: 4046476035-0
                                              • Opcode ID: 266a737ebc348b2dd2d6fd49c832c49c27fcb2f212cb584adf3ffb5c7d56a1cc
                                              • Instruction ID: cef9e7bd23c64799393b35069216cf0990242c9922f6ec1641bf3dbab4805242
                                              • Opcode Fuzzy Hash: 266a737ebc348b2dd2d6fd49c832c49c27fcb2f212cb584adf3ffb5c7d56a1cc
                                              • Instruction Fuzzy Hash: C1D0A7B399420CEFEB109B54DC05FB7375CD336341F104225B507C5090D6B4E450D69C

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Create$Text$DialogParam$ColorLoadSelect$BrushCommandLibraryLineNameObjectPixelSolid$AtomAttributesBitmapCharsetClassExitFileFontHeapImageMetricsPaletteProcess
                                              • String ID:
                                              • API String ID: 1334329500-0
                                              • Opcode ID: b7ce21211d796a7f572219f91558f2718c60a46d86047387532c48e90006006f
                                              • Instruction ID: 97b2b98166dce0415a9c0908b18cab4bc1f53390c0ee15ffef1a06fa2baa1a35
                                              • Opcode Fuzzy Hash: b7ce21211d796a7f572219f91558f2718c60a46d86047387532c48e90006006f
                                              • Instruction Fuzzy Hash: 61F02551454265E9CA6037F7449B6ED26C44EAE31DB10742FBB85448D31E2E0C63867F

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 94 4aa060-4aa0b9 95 4aa0bb 94->95 96 4aa0c0-4aa0cf 94->96 97 4aa6e9-4aa6ed 95->97 103 4aa0d1 96->103 104 4aa0d6-4aa0e6 96->104 98 4aa6f8-4aa6fc 97->98 99 4aa6ef 97->99 101 4aa6fe-4aa702 98->101 102 4aa70d-4aa711 98->102 99->98 101->102 105 4aa704 101->105 106 4aa71c-4aa720 102->106 107 4aa713 102->107 103->97 111 4aa0e8 104->111 112 4aa0ed-4aa0fd 104->112 105->102 108 4aa72b-4aa72f 106->108 109 4aa722 106->109 107->106 113 4aa739-4aa73d 108->113 114 4aa731-4aa734 call 4a86d0 108->114 109->108 111->97 122 4aa0ff 112->122 123 4aa104-4aa11f call 4b2968 112->123 115 4aa73f-4aa742 call 4a86d0 113->115 116 4aa747-4aa74b 113->116 114->113 115->116 119 4aa74d 116->119 120 4aa756-4aa75a 116->120 119->120 124 4aa75c 120->124 125 4aa765-4aa769 120->125 122->97 132 4aa149-4aa1d9 call 4a1228 123->132 133 4aa121-4aa146 123->133 124->125 127 4aa76b 125->127 128 4aa774-4aa778 125->128 127->128 130 4aa77a-4aa77d 128->130 131 4aa785-4aa78b 128->131 130->131 140 4aa1db 132->140 141 4aa1e0-4aa1ee 132->141 133->132 140->97 143 4aa1f0 141->143 144 4aa1f5-4aa206 call 4a86a8 141->144 143->97 147 4aa208 144->147 148 4aa20d-4aa215 call 4a1548 144->148 147->97 151 4aa231-4aa242 call 4a8c4c 148->151 152 4aa217-4aa228 call 4a8c4c 148->152 157 4aa249-4aa262 151->157 158 4aa244 151->158 159 4aa22a 152->159 160 4aa22f 152->160 162 4aa278-4aa28b GetTextExtentPoint32W 157->162 163 4aa264-4aa273 call 4a86d0 157->163 158->97 159->97 160->157 165 4aa28d 162->165 166 4aa292-4aa2a8 162->166 163->97 165->97 169 4aa2aa 166->169 170 4aa2af-4aa2bd 166->170 169->97 172 4aa2bf 170->172 173 4aa2c4-4aa317 call 4a1548 170->173 172->97 179 4aa328 173->179 180 4aa319-4aa326 173->180 181 4aa32b-4aa34c DrawTextW 179->181 180->181 182 4aa34e 181->182 183 4aa353-4aa3fb 181->183 182->97 187 4aa3fd 183->187 188 4aa402-4aa42f 183->188 187->97 191 4aa431 188->191 192 4aa436-4aa4af call 4a16a4 call 4a1228 CreateFileW 188->192 191->97 200 4aa4b1 192->200 201 4aa4b6-4aa4d0 WriteFile 192->201 200->97 202 4aa4d2 201->202 203 4aa4d7-4aa4ee WriteFile 201->203 202->97 204 4aa4f0 203->204 205 4aa4f5-4aa50c WriteFile 203->205 204->97 206 4aa50e 205->206 207 4aa513-4aa537 call 4a8afc 205->207 206->97 211 4aa539 207->211 212 4aa53e-4aa5e2 call 4a16a4 call 4a1228 RegCreateKeyExW 207->212 211->97 218 4aa5e9-4aa648 call 4a1228 RegSetValueExW 212->218 219 4aa5e4 212->219 223 4aa64a 218->223 224 4aa64f-4aa6d0 call 4a1228 RegSetValueExW 218->224 219->97 223->97 228 4aa6d2 224->228 229 4aa6d4-4aa6d8 224->229 228->97 229->97 230 4aa6da-4aa6e1 229->230 230->97
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: ($BM
                                              • API String ID: 0-2980357723
                                              • Opcode ID: f9ef337e80c97cc4f3e1ade8ce31c849f588b4e2bf2b61b80494ceb7b706c9aa
                                              • Instruction ID: 8036773608a1cbd32fab5035df418bb0f5f4a9860206147ebf52e22cdad03326
                                              • Opcode Fuzzy Hash: f9ef337e80c97cc4f3e1ade8ce31c849f588b4e2bf2b61b80494ceb7b706c9aa
                                              • Instruction Fuzzy Hash: 05225D71900208EFEF109F94DC49FAEBB74FF25304F14406AE111BA2A0D77A8965DF6A

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 784 4b0244-4b0282 SetFileAttributesW CreateFileW 785 4b02f9-4b0300 784->785 786 4b0284-4b02a1 SetFilePointerEx 784->786 787 4b02a3-4b02c0 ReadFile 786->787 788 4b02f0 786->788 787->788 789 4b02c2-4b02d7 call 4b0138 787->789 788->785 789->788 792 4b02d9-4b02e1 789->792 793 4b02ea-4b02eb call 4a86d0 792->793 794 4b02e3 792->794 793->788 794->793
                                              APIs
                                              • SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 004B025D
                                              • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004B0275
                                              • SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 004B0299
                                              • ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 004B02B8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$AttributesCreatePointerRead
                                              • String ID:
                                              • API String ID: 4170910816-0
                                              • Opcode ID: ac27a0ce9fdd1a5167bbaf464f815782e7fc883049c8d170519e848853cc616a
                                              • Instruction ID: ce15f6e45848370ab8e7cc49a6092cfdfa7267ee710d5ca6f06dce5b8468ea6f
                                              • Opcode Fuzzy Hash: ac27a0ce9fdd1a5167bbaf464f815782e7fc883049c8d170519e848853cc616a
                                              • Instruction Fuzzy Hash: 47115430A80209FBEB249FA5DC49F9E7B79FB04741F5081A5B604B61D0DB74AE558F2C

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 796 4b2968-4b29f6 call 4a1228 * 2 802 4b2abe-4b2ae5 RegCreateKeyExW 796->802 803 4b29fc-4b2a61 796->803 804 4b2aeb-4b2b18 RegQueryValueExW 802->804 805 4b2b93-4b2b99 802->805 820 4b2ab9 803->820 821 4b2a63-4b2a7f 803->821 807 4b2b1a-4b2b43 804->807 808 4b2b4c-4b2b64 call 4a8cb8 804->808 807->808 812 4b2b45 807->812 816 4b2b81-4b2b88 808->816 817 4b2b66-4b2b7f RegDeleteKeyExW 808->817 812->808 816->805 817->805 820->805 823 4b2a81-4b2aa7 821->823 824 4b2ab0 821->824 823->824 826 4b2aa9 823->826 824->820 826->824
                                              APIs
                                              • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,00020119,00000000,?,00000000), ref: 004B2ADD
                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,00000004,00000004,00000004), ref: 004B2B10
                                              • RegDeleteKeyExW.KERNELBASE(80000002,?,00000100,00000000,000000FF,00000000), ref: 004B2B79
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateDeleteQueryValue
                                              • String ID:
                                              • API String ID: 1796729037-0
                                              • Opcode ID: 691847954f14e84b0b6904f29e9dc8440d3dbd2d368107bd64d148b75313e147
                                              • Instruction ID: 4e24e14923d59a2da823e06abd39d6767dc7f61660f7ee5e124fe8369fd39fad
                                              • Opcode Fuzzy Hash: 691847954f14e84b0b6904f29e9dc8440d3dbd2d368107bd64d148b75313e147
                                              • Instruction Fuzzy Hash: 06513BB1A00219AFEB11DF94CC49FEEBBB8FB04714F0041A5F614EA1A1D7B49A54CF69
                                              APIs
                                                • Part of subcall function 004B0194: SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 004B01B5
                                                • Part of subcall function 004B0194: CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 004B01CD
                                                • Part of subcall function 004B0244: SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 004B025D
                                                • Part of subcall function 004B0244: CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004B0275
                                                • Part of subcall function 004B0244: SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 004B0299
                                                • Part of subcall function 004B0244: ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 004B02B8
                                              • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 004B0ABB
                                              • CreateIoCompletionPort.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 004B0B7C
                                              • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,48000000,00000000,00000000,?,00000000,?), ref: 004B0B32
                                                • Part of subcall function 004A86D0: RtlFreeHeap.NTDLL(?,00000000,00000000,?,004B9264,00000000), ref: 004A86EC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$Create$Attributes$CompletionFreeHeapMovePointerPortRead
                                              • String ID:
                                              • API String ID: 97630321-0
                                              • Opcode ID: 05803db5dcef6249ad9d1a83a4619970c59d6b79195e1a28b26dd84fc814e373
                                              • Instruction ID: 48455131b306112be38bba27b4186e6edcc2e651d9f96ab0bcfa49c03b5bd668
                                              • Opcode Fuzzy Hash: 05803db5dcef6249ad9d1a83a4619970c59d6b79195e1a28b26dd84fc814e373
                                              • Instruction Fuzzy Hash: BF515730904208FBEF216FA1DC09FDE7F75EB1430AF10806AB515641A1DB799A60EF6D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e59b357c0645c65a784f2a29ad12e5ab670d92226dd3c36728fc06fe35167358
                                              • Instruction ID: 5ef89bae7227f107c82509e4eeb0e15acd8666d084f5047d0f222d5bc05b51c7
                                              • Opcode Fuzzy Hash: e59b357c0645c65a784f2a29ad12e5ab670d92226dd3c36728fc06fe35167358
                                              • Instruction Fuzzy Hash: FF21EA30808118EFDF61AF62DD45B9D7BB1AF26314F6041A6E111651B1C7BA0E64BF0E
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,004AC290,?,00000004,00000000), ref: 004AC2D9
                                              • ResumeThread.KERNELBASE(00000000), ref: 004AC31D
                                              • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 004AC335
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$CodeCreateExitResume
                                              • String ID:
                                              • API String ID: 4070214711-0
                                              • Opcode ID: 50376b1cd4d5437d27f755fc59e3573bfcf0315290f44d662342da785ffcec4d
                                              • Instruction ID: 12da9ef7226fd99ec4aa459c1f6b9ad1e65525ac32c86e5c5be17fadccdbeb3b
                                              • Opcode Fuzzy Hash: 50376b1cd4d5437d27f755fc59e3573bfcf0315290f44d662342da785ffcec4d
                                              • Instruction Fuzzy Hash: 6811C035904208FFDF50DF94DD49B9DBBB4EB14312F2081A6F915A62A0D7715A50EF48
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,004ABFD0,?,00000004,00000000), ref: 004AC004
                                              • ResumeThread.KERNELBASE(00000000), ref: 004AC048
                                              • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 004AC060
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Thread$CodeCreateExitResume
                                              • String ID:
                                              • API String ID: 4070214711-0
                                              • Opcode ID: cafcdb6648c7c0b6a2864f4d6f458a84b36b46ec26fc11b26f69f7256f1d0bfc
                                              • Instruction ID: 4920ba994559cfb0e25e519477df1c2893025e613f9822d7be33a4c47f02de83
                                              • Opcode Fuzzy Hash: cafcdb6648c7c0b6a2864f4d6f458a84b36b46ec26fc11b26f69f7256f1d0bfc
                                              • Instruction Fuzzy Hash: FA111531908208FFDF919F94DD0AB8DBF70EB14315F2041A1F904A22A0DB755B50EF48
                                              APIs
                                              • CoInitialize.OLE32(00000000), ref: 004A96C3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Initialize
                                              • String ID: @
                                              • API String ID: 2538663250-2766056989
                                              • Opcode ID: 5f8ddbec6a975f2a817e7bc772d782bba3c994bb02e0f742dc522ff2e545968b
                                              • Instruction ID: b01a5d5c65a284df35854b8f082f484368e718be34c070a5a6b7f377c2c6d1c9
                                              • Opcode Fuzzy Hash: 5f8ddbec6a975f2a817e7bc772d782bba3c994bb02e0f742dc522ff2e545968b
                                              • Instruction Fuzzy Hash: 24D158B0900209EFDB10DF94C889F9ABBB8FF16700F11859AE114AF2A1D775DA55CFA4
                                              APIs
                                              • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 004B01B5
                                              • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 004B01CD
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$AttributesCreate
                                              • String ID:
                                              • API String ID: 415043291-0
                                              • Opcode ID: 614ccd3c7a4da88aec38305a2a52e021bb5f43fad00994fe28ef62e154b19577
                                              • Instruction ID: 11031131d09ed22e01464840f23c39493799472ca8bc3c310d265f3cea928f61
                                              • Opcode Fuzzy Hash: 614ccd3c7a4da88aec38305a2a52e021bb5f43fad00994fe28ef62e154b19577
                                              • Instruction Fuzzy Hash: 31118F30944208FAEF284B95DD09BEF7A74EB01726F2082A7E511641D0C7791E5A9A2E
                                              APIs
                                              • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 004B0ABB
                                              • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,48000000,00000000,00000000,?,00000000,?), ref: 004B0B32
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$CreateMove
                                              • String ID:
                                              • API String ID: 3198096935-0
                                              • Opcode ID: 5c2ad6eb98934dae192a21bc9b8e85e909aa95092ddbf8334b50e95e40e3e5e0
                                              • Instruction ID: b7af02ba2014c47c668014e86070fc3f6fb88119c105b218041c38d97aa86b63
                                              • Opcode Fuzzy Hash: 5c2ad6eb98934dae192a21bc9b8e85e909aa95092ddbf8334b50e95e40e3e5e0
                                              • Instruction Fuzzy Hash: 64F04F35A04208FBDB319B94DC05BDEBB31EB14316F208267E611641E0D7791651EA6E
                                              APIs
                                              • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 004B01B5
                                              • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 004B01CD
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: File$AttributesCreate
                                              • String ID:
                                              • API String ID: 415043291-0
                                              • Opcode ID: dc0b4f5b9628c4360448db9cb7bd876fa677abb4be4e68c25550557e24a0b52a
                                              • Instruction ID: dad5ad9d9b528a1923254cc62c9a16f3eca6001918c30d2c9511c166dd1af200
                                              • Opcode Fuzzy Hash: dc0b4f5b9628c4360448db9cb7bd876fa677abb4be4e68c25550557e24a0b52a
                                              • Instruction Fuzzy Hash: CCE01230584605FAEB351B65DC05BDA3920BB04752F204622F652A85E0C7B959429E2D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateThread
                                              • String ID:
                                              • API String ID: 2422867632-0
                                              • Opcode ID: 430a9dd7dc22aeab867723d5d755f9dff6db8002e77e08daf72308c21c6a1137
                                              • Instruction ID: d23928d03fee075ed444abd20d01c4d6c2e7f3b19c133f8451f8fc9969dfed14
                                              • Opcode Fuzzy Hash: 430a9dd7dc22aeab867723d5d755f9dff6db8002e77e08daf72308c21c6a1137
                                              • Instruction Fuzzy Hash: E6618D30D0420AEFDF10AFA1DD45BEEBB74EB15304F20022AE511762A0DBB95A15DF6D
                                              APIs
                                              • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,BF092720,?,?,004BB47A), ref: 004A823D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateHeap
                                              • String ID:
                                              • API String ID: 10892065-0
                                              • Opcode ID: 4befeebcb049a2391ea1c26fb96830e5ad515f9bcf2b3cac00efac05b9f742e3
                                              • Instruction ID: a24a2e2eaff1b055fad455c56cfb5cebe778aec49f630d70b50c84e226b414fc
                                              • Opcode Fuzzy Hash: 4befeebcb049a2391ea1c26fb96830e5ad515f9bcf2b3cac00efac05b9f742e3
                                              • Instruction Fuzzy Hash: 2731A42A6CF7553A54B432A70D0FF9B1D18CAF3FA8721086FB6186118B4C9C5482C5BD
                                              APIs
                                              • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,BF092720,?,?,004BB47A), ref: 004A823D
                                                • Part of subcall function 004AD264: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,004A83B9,00000000,004C7864,004A8208,00000000,00000000,004C7850,004A81F0,00000000,00000000,004C7844), ref: 004AD285
                                                • Part of subcall function 004AD290: NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,CF75D174), ref: 004AD2D1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateHeapInformationMemoryProtectThreadVirtual
                                              • String ID:
                                              • API String ID: 2986011945-0
                                              • Opcode ID: 513002b7a24182c67327da369c0676709c2572e2fcfe8c72f9a521b4aeb2721a
                                              • Instruction ID: 8421fec01db9518ae258808f02b426ce6d1825d3087a687f7fd32e3c26009d45
                                              • Opcode Fuzzy Hash: 513002b7a24182c67327da369c0676709c2572e2fcfe8c72f9a521b4aeb2721a
                                              • Instruction Fuzzy Hash: CD3162666CF7653A54B032A70E0FF9B1D28CAB3FA9721086FB618611878C9C5482C5BD
                                              APIs
                                                • Part of subcall function 004A7AA0: FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 004A7B73
                                                • Part of subcall function 004A7AA0: FindClose.KERNELBASE(000000FF,?,00000000), ref: 004A7B98
                                              • RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,004A8280,004C7408,004A7D64,00000000,00000000,29667813), ref: 004A7C60
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Find$AllocateCloseFileFirstHeap
                                              • String ID:
                                              • API String ID: 1673784098-0
                                              • Opcode ID: 9cc57c90699d7468f98b3ea184075543cf4284fb8ee7587352e1fa1fd5e0345c
                                              • Instruction ID: bf06ff72bbd49567e6d63650bf496689039ae64f03441c2b089baae9e2e61193
                                              • Opcode Fuzzy Hash: 9cc57c90699d7468f98b3ea184075543cf4284fb8ee7587352e1fa1fd5e0345c
                                              • Instruction Fuzzy Hash: 5D31A9756483469EDB208F248C80756F795BF26360F18C7AAE5098F393D675C481C7DB
                                              APIs
                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000004), ref: 004A9B2F
                                                • Part of subcall function 004A86A8: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004B91D4,?,00000000,00000000), ref: 004A86C4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeapManagerOpen
                                              • String ID:
                                              • API String ID: 963794170-0
                                              • Opcode ID: 75c701b336f1321962e38056f137c375b64b03613df1b053a9cfaa25aae70158
                                              • Instruction ID: 901c6cef9ae1d60200e2ca79361c21c6f77fc84cbf9d6fbc08b3557587de29bf
                                              • Opcode Fuzzy Hash: 75c701b336f1321962e38056f137c375b64b03613df1b053a9cfaa25aae70158
                                              • Instruction Fuzzy Hash: 92310271A40208FBEF119F94DD0AFEEBBB9BB18715F144066B200B61E0D7B55A50DF58
                                              APIs
                                                • Part of subcall function 004AAE6C: RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 004AAE8E
                                              • CloseServiceHandle.ADVAPI32(00000000), ref: 004AAFDF
                                                • Part of subcall function 004AFA44: NtTerminateProcess.NTDLL(004AAFC4,00000000), ref: 004AFAA7
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AdjustCloseHandlePrivilegeProcessServiceTerminate
                                              • String ID:
                                              • API String ID: 3176663195-0
                                              • Opcode ID: 73772fae98a031873b16c7cfeb315e1e1996842bb1b40d42ea4b167787596f35
                                              • Instruction ID: 83a9c32626ac1a9c8b1682bb550a14e84089304b43b451a9b76d2531cdce8162
                                              • Opcode Fuzzy Hash: 73772fae98a031873b16c7cfeb315e1e1996842bb1b40d42ea4b167787596f35
                                              • Instruction Fuzzy Hash: D13156B0A44208EFDB519F94DC0DF9DBFB8BF15305F0040A5F504A62A0D7B58A64DF59
                                              APIs
                                                • Part of subcall function 004AB5FC: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004AB629
                                              • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,2AD8ADAB), ref: 004AAC16
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: InformationManagerOpenQuerySystem
                                              • String ID:
                                              • API String ID: 1910025873-0
                                              • Opcode ID: e50692596a4d87ffad4939ab1b40957d19214e464fc7c1060c77353bb3e3973e
                                              • Instruction ID: e7bd4cb984e1e39ed18e3e4bfb024c8ecb7cdfd0ff56942a0072e8c489b0cecc
                                              • Opcode Fuzzy Hash: e50692596a4d87ffad4939ab1b40957d19214e464fc7c1060c77353bb3e3973e
                                              • Instruction Fuzzy Hash: 0C313EB0904208EFEF10CF94CA08BAEBBB4EB15314F1144A9E501AB2A0D7788A54DF5A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1211929438a219e237166f490b886b5f4285c466a9a50f0e3a6c9684b878be3b
                                              • Instruction ID: 5664590b4f071031a6974e3a9775e0f6f913a5d3bb5b1422019df4236c621d40
                                              • Opcode Fuzzy Hash: 1211929438a219e237166f490b886b5f4285c466a9a50f0e3a6c9684b878be3b
                                              • Instruction Fuzzy Hash: 4C217231940208EFDF109F94DC45B9EBBB0FF2A305F1080BAE504A72A1EB350E54EB49
                                              APIs
                                              • CoInitialize.OLE32(00000000,?,?,?,?,00000000), ref: 004B132B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Initialize
                                              • String ID:
                                              • API String ID: 2538663250-0
                                              • Opcode ID: 4408d678c9c9ea4afcc86f04549b497f346f40750d891f2a26351da9fa7ac113
                                              • Instruction ID: ae68c1694a6b11fcc3e8a60434cc114b33dc2d2f83979a20244f8f054e367589
                                              • Opcode Fuzzy Hash: 4408d678c9c9ea4afcc86f04549b497f346f40750d891f2a26351da9fa7ac113
                                              • Instruction Fuzzy Hash: C6C17AB0900208AFDB10EF94D849F9EBBB8FF11300F5080A6E515AB271D775DA65CFA9
                                              APIs
                                              • CreateMutexW.KERNELBASE(0000000C,00000001,00000000), ref: 004ABA6B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateMutex
                                              • String ID:
                                              • API String ID: 1964310414-0
                                              • Opcode ID: 7a6cc0a7627083971bc21678f6cf89f473ff58e761acab342d692178ea51e45b
                                              • Instruction ID: ae4a70f4e1bf3c582a6c2273bc2dcc9e2a1db0d2481b0ad6c320d5319661c166
                                              • Opcode Fuzzy Hash: 7a6cc0a7627083971bc21678f6cf89f473ff58e761acab342d692178ea51e45b
                                              • Instruction Fuzzy Hash: B6115E74848204EFEB519BA0DC09FA97B75E709304F540276F544952E1EB784A44DF5D
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 004AAE8E
                                                • Part of subcall function 004AB5FC: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 004AB629
                                                • Part of subcall function 004AB6A4: NtClose.NTDLL(00000000), ref: 004AB795
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AdjustCloseInformationPrivilegeQuerySystem
                                              • String ID:
                                              • API String ID: 327775174-0
                                              • Opcode ID: 63fc86f91dcfb1121fa5cc696509f5d60b3933de2d5d8378a6a0372dbb6082c9
                                              • Instruction ID: 061bc3b08f2da97e3e36a6089e4de07911bd48e53ac1d41385d13dbf8814722b
                                              • Opcode Fuzzy Hash: 63fc86f91dcfb1121fa5cc696509f5d60b3933de2d5d8378a6a0372dbb6082c9
                                              • Instruction Fuzzy Hash: DF016770A5020CFBEF20DBA4CC4DFDFBBB8AB11714F1041A5B514A62D1E7B48A54DB59
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(00000000,00000001,00000000,?), ref: 004AD547
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AdjustPrivilege
                                              • String ID:
                                              • API String ID: 3260937286-0
                                              • Opcode ID: 798ce6b3ee9b8214093d2b54fc28cb0b74bc76baf6d958a2c2c3386d63aeb4c0
                                              • Instruction ID: ec50c78d0cfebd4cbcc0a86e4d7e340c9188584418eac4cdb461d835e468ef41
                                              • Opcode Fuzzy Hash: 798ce6b3ee9b8214093d2b54fc28cb0b74bc76baf6d958a2c2c3386d63aeb4c0
                                              • Instruction Fuzzy Hash: 42D02E72E0821A77CA2012587C01BF733AE8783324F0003A3AD03EA5C0EA66BA0506DE
                                              APIs
                                              • RtlReAllocateHeap.NTDLL(?,00000008,?,00000400,?,004AB649,?,00000400), ref: 004A8717
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 98620e4737ba2158258967be31a7d9bc65a065b849cac58c9658da3d9f8d6e03
                                              • Instruction ID: 20c28ab9ae2fc97f27d706b6865a2a9a86a4412f243e3dae76322a12b631be3c
                                              • Opcode Fuzzy Hash: 98620e4737ba2158258967be31a7d9bc65a065b849cac58c9658da3d9f8d6e03
                                              • Instruction Fuzzy Hash: 41D0A736044204AFC740AF94AC05FC63B28BB20710F418015F6444B071CB35D460DB98
                                              APIs
                                              • RtlFreeHeap.NTDLL(?,00000000,00000000,?,004B9264,00000000), ref: 004A86EC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: 86eff90f51573b4f840aa3d8fb820d2089f4d93a65f734100580bfcdcfb3d29a
                                              • Instruction ID: 6644343d12ed14a2729162d664d4cb5726c41a0e6e6e27fb6d8a09a2cf6c5efc
                                              • Opcode Fuzzy Hash: 86eff90f51573b4f840aa3d8fb820d2089f4d93a65f734100580bfcdcfb3d29a
                                              • Instruction Fuzzy Hash: 4FD012351483049FD754AF58AC05FDA7B289B30740F458425B7045B172CB79D890EA9C
                                              APIs
                                              • RtlAllocateHeap.NTDLL(?,00000008,00000000,?,004B91D4,?,00000000,00000000), ref: 004A86C4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 59e5336e851182560051d6f806656897148e0a689fc75a3cbc2d4a850e039d32
                                              • Instruction ID: d7727619727ebd52718129aa90d263960bcbdf1f7205cbe283adde1970f67de9
                                              • Opcode Fuzzy Hash: 59e5336e851182560051d6f806656897148e0a689fc75a3cbc2d4a850e039d32
                                              • Instruction Fuzzy Hash: 08D022350843049FC340AF58A809FC63B2CBB30304F414025B3044B172CF39D890DB9C
                                              APIs
                                              • CheckTokenMembership.KERNELBASE(00000000,004AD2EC,?), ref: 004AD30D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CheckMembershipToken
                                              • String ID:
                                              • API String ID: 1351025785-0
                                              • Opcode ID: e628c2a69cb3b59753c5838e1e1011a513401f94e3cb14c69a301ebf2e9b8c56
                                              • Instruction ID: 2fccdc9f55e5daf928642804dde4833ca5a937a224938bcd85da15e6e12c5679
                                              • Opcode Fuzzy Hash: e628c2a69cb3b59753c5838e1e1011a513401f94e3cb14c69a301ebf2e9b8c56
                                              • Instruction Fuzzy Hash: 27C08035A4420CE7C640DBD4AC46F59B76CD705721F1003D1FD18D23C0EB615F1095D9
                                              APIs
                                              • GetLogicalDriveStringsW.KERNELBASE(?,?), ref: 004AC29B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: DriveLogicalStrings
                                              • String ID:
                                              • API String ID: 2022863570-0
                                              • Opcode ID: 24a88823f84d9ca02630c3f98cb50b8047713204be7dcd1558b69ff13983d900
                                              • Instruction ID: de3ed5b1d171c6668038f5e8c13d994a1ba1b32df8fa586f93a6b4949e59409e
                                              • Opcode Fuzzy Hash: 24a88823f84d9ca02630c3f98cb50b8047713204be7dcd1558b69ff13983d900
                                              • Instruction Fuzzy Hash: DAC09236004208EFCB419FC8EC08C85BFE9EB18700700C062F6084B532CB32E820EF99
                                              APIs
                                              • GetDriveTypeW.KERNELBASE(?), ref: 004ABFD6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: DriveType
                                              • String ID:
                                              • API String ID: 338552980-0
                                              • Opcode ID: 433ee5a17c3dc917b1a6b5032562a842cec6394756a663fd5969ca4d0385542d
                                              • Instruction ID: 7df29784214123640b89e180803cc5f657b1afa86ef795996bacb95c24bc6739
                                              • Opcode Fuzzy Hash: 433ee5a17c3dc917b1a6b5032562a842cec6394756a663fd5969ca4d0385542d
                                              • Instruction Fuzzy Hash: 93B0127100810CB7C7005B41EC04C457F1CE7102907004031F50840620973254219998
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 31274c6968982b4db80f3a9b3aaf159c22bed7994f02ea0c2dbc7396f86e4db5
                                              • Instruction ID: 75e7a1d9788f12193c1fc23ae3eae7ab62ae9d15a054dec3071e733cbf099dc5
                                              • Opcode Fuzzy Hash: 31274c6968982b4db80f3a9b3aaf159c22bed7994f02ea0c2dbc7396f86e4db5
                                              • Instruction Fuzzy Hash: 24E13D76A20D068BD718CF28E990735B7A2FB9E340F0D8539CA4587B56C375F921CB84
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a8289433004471f697e9fc1fa9e775bf261c435c528eb7c40977c8fa53d84939
                                              • Instruction ID: 733b02e3b44e9bff3be1a39d8a14d576c360c260f8322dab4f62b583d1311d84
                                              • Opcode Fuzzy Hash: a8289433004471f697e9fc1fa9e775bf261c435c528eb7c40977c8fa53d84939
                                              • Instruction Fuzzy Hash: 7BD1F87AA2094A8FDB14CF98ECD0B7AB772EBCE300F098538CA1597756C674A911CB54
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef3545034f954b26a388683546fdbc15d12647f3d5a914b2853fae730f0161d2
                                              • Instruction ID: 6354576e135313f3ba1b241dab79a9ed75e68f8650a4fa4113e00b33ef161681
                                              • Opcode Fuzzy Hash: ef3545034f954b26a388683546fdbc15d12647f3d5a914b2853fae730f0161d2
                                              • Instruction Fuzzy Hash: 35A17DB4501205CBEB18DF15C91579B7BA2FB96345F14C02FE8058B3A1EB7E8852CF6A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d1a46b69c18eaac7124562444614833013a2d227ab8b2dd50e78f637dad9de89
                                              • Instruction ID: ac0b1ab77c2d95b4685a756d926e023fbcc7314848719de158bb0125cc9cce8a
                                              • Opcode Fuzzy Hash: d1a46b69c18eaac7124562444614833013a2d227ab8b2dd50e78f637dad9de89
                                              • Instruction Fuzzy Hash: 203169B6A10A069FC318CF19C884A26F7B2FF9E310719CA29C959C3B52C334F950CB84
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1747631191.00000000004A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 004A0000, based on PE: true
                                              • Associated: 00000000.00000002.1747614628.00000000004A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747653647.00000000004BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747672383.00000000004BD000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747696907.00000000004C6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747717753.00000000004C8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1747744084.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_4a0000_LBB.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                              • Instruction ID: b3fa68af62e3ff30b29580f5062288f2f0ba877cdff7014367864cdba4a4f6cd
                                              • Opcode Fuzzy Hash: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                              • Instruction Fuzzy Hash: 58E04FBB20D3425FF928855174533A79387C380675E25849FE406DF6C0EF5BECA52449

                                              Execution Graph

                                              Execution Coverage:46.8%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:0.9%
                                              Total number of Nodes:213
                                              Total number of Limit Nodes:2
                                              execution_graph 873 403983 876 40389c 873->876 887 402a78 876->887 880 403903 881 403914 880->881 917 40362e 880->917 935 4022dc 881->935 941 4028ba 887->941 888 402a9e 888->881 892 4026c0 888->892 890 402af0 CreateMutexW 890->888 955 4024f8 892->955 894 402729 894->880 894->881 898 402f18 894->898 895 4026e7 CreateFileW 895->894 896 40270b ReadFile 895->896 896->894 899 402f2e 898->899 899->899 959 40227c FindFirstFileExW 899->959 900 402f67 CreateFileW 903 402f57 900->903 905 402faf 900->905 901 402faa 904 4030c5 NtFreeVirtualMemory 901->904 906 4030ed 901->906 902 402fb4 NtAllocateVirtualMemory 902->905 912 402fe8 902->912 903->900 903->901 904->901 905->902 905->912 907 4030f3 NtClose 906->907 908 4030ff 906->908 907->908 961 402e10 908->961 910 40311f 910->880 911 40304b WriteFile 911->912 913 403068 SetFilePointerEx 911->913 912->901 912->911 914 403095 SetFilePointerEx 912->914 913->911 913->912 914->912 918 40365e 917->918 965 403144 918->965 920 403678 GetLogicalDriveStringsW 923 403695 920->923 931 403673 920->931 921 403898 921->881 922 40371d GetDriveTypeW 922->923 923->922 927 40375a CreateThread 923->927 928 4037c6 923->928 923->931 970 40217c 923->970 924 403809 925 40381c 924->925 926 40381e Sleep 924->926 929 403835 RemoveDirectoryW 925->929 925->931 926->924 927->923 990 4032e8 SetThreadPriority GetDiskFreeSpaceW GetDiskFreeSpaceExW 927->990 928->924 930 4037f9 NtClose 928->930 929->925 930->924 930->930 931->921 974 4031e0 931->974 936 402303 935->936 937 402335 GetShortPathNameW 936->937 938 402330 27 API calls 936->938 937->938 939 40235e 937->939 939->938 940 40246d ShellExecuteW 939->940 940->938 942 4028dd 941->942 945 402760 CreateFileW 942->945 946 402797 945->946 951 4027da 945->951 946->951 953 4020bc 946->953 947 402802 947->888 947->890 948 4027f6 NtClose 948->947 949 4027b7 950 4027c0 ReadFile 949->950 949->951 950->951 951->947 951->948 954 4020c8 RtlAllocateHeap 953->954 954->949 956 402512 955->956 958 402760 4 API calls 956->958 957 402522 957->894 957->895 958->957 960 4022af 959->960 960->903 962 402e2e 961->962 963 402e7c MoveFileExW 962->963 964 402e37 DeleteFileW 962->964 963->962 963->964 964->910 968 403155 965->968 966 4031c6 966->920 966->931 967 40318d CreateThread 967->968 981 403478 SetThreadPriority 967->981 968->966 968->967 978 401d94 968->978 972 402192 970->972 971 40222a 971->923 972->971 973 40221b CreateDirectoryW 972->973 973->971 975 4031eb 974->975 976 40321d 974->976 975->976 977 40320e NtClose 975->977 976->921 977->976 979 401da8 NtSetInformationThread 978->979 979->968 986 40348b 981->986 982 4034af 983 4034f0 WriteFile 983->986 984 4035d9 SetFilePointerEx SetEndOfFile 985 403605 NtClose 984->985 985->986 986->982 986->983 986->984 988 402104 986->988 989 402110 RtlFreeHeap 988->989 989->986 991 403349 GetTempFileNameW CreateFileW 990->991 992 4033a9 DeviceIoControl 991->992 995 4033a4 991->995 997 403258 992->997 994 4033fd CreateIoCompletionPort 994->995 998 40326d 997->998 1000 4020bc RtlAllocateHeap 998->1000 999 403283 999->994 999->995 1000->999 1119 4032e4 1120 4032e8 SetThreadPriority GetDiskFreeSpaceW GetDiskFreeSpaceExW 1119->1120 1121 403349 GetTempFileNameW CreateFileW 1120->1121 1122 4033a9 DeviceIoControl 1121->1122 1125 4033a4 1121->1125 1126 403258 RtlAllocateHeap 1122->1126 1123 4033e9 1124 4033fd CreateIoCompletionPort 1123->1124 1123->1125 1124->1125 1126->1123 1001 403956 1002 403963 1001->1002 1003 403976 1001->1003 1010 4019d4 1002->1010 1048 4016b4 1010->1048 1013 4016b4 9 API calls 1014 4019f4 1013->1014 1015 4016b4 9 API calls 1014->1015 1016 401a05 1015->1016 1017 4016b4 9 API calls 1016->1017 1018 401a16 1017->1018 1019 4016b4 9 API calls 1018->1019 1020 401a27 1019->1020 1021 4016b4 9 API calls 1020->1021 1022 401a38 1021->1022 1023 401b70 RtlCreateHeap 1022->1023 1024 401ba1 1023->1024 1025 401ba6 RtlCreateHeap 1023->1025 1040 402812 1024->1040 1044 402836 1024->1044 1025->1024 1026 401bcb 1025->1026 1026->1024 1096 401a40 1026->1096 1028 401c03 1028->1024 1029 401a40 RtlAllocateHeap 1028->1029 1030 401c59 1029->1030 1030->1024 1031 401a40 RtlAllocateHeap 1030->1031 1032 401caf 1031->1032 1032->1024 1033 401a40 RtlAllocateHeap 1032->1033 1034 401d05 1033->1034 1034->1024 1035 401a40 RtlAllocateHeap 1034->1035 1036 401d55 1035->1036 1036->1024 1038 401d94 NtSetInformationThread 1036->1038 1037 401d7a 1101 401dc2 1037->1101 1038->1037 1041 402836 1040->1041 1042 402850 RtlAdjustPrivilege 1041->1042 1043 40284e 1041->1043 1042->1041 1042->1043 1043->1003 1045 402849 1044->1045 1046 402850 RtlAdjustPrivilege 1045->1046 1047 40284e 1045->1047 1046->1045 1046->1047 1047->1003 1049 40176f 1048->1049 1050 4016cf 1048->1050 1049->1013 1051 4016f5 NtAllocateVirtualMemory 1050->1051 1074 401000 1050->1074 1051->1049 1053 40172f NtAllocateVirtualMemory 1051->1053 1053->1049 1055 401752 1053->1055 1059 40152c 1055->1059 1057 401000 3 API calls 1058 40175f 1057->1058 1058->1049 1058->1057 1060 401540 1059->1060 1061 401558 1059->1061 1062 401000 3 API calls 1060->1062 1063 40157e 1061->1063 1064 401000 3 API calls 1061->1064 1062->1061 1065 401000 3 API calls 1063->1065 1067 4015a4 1063->1067 1064->1063 1065->1067 1066 4015ed FindFirstFileExW 1066->1067 1067->1066 1068 40166c 1067->1068 1069 401649 FindNextFileW 1067->1069 1070 40162a FindClose 1067->1070 1068->1058 1069->1067 1071 40165d FindClose 1069->1071 1082 401474 1070->1082 1071->1067 1073 401641 1073->1058 1075 401012 1074->1075 1076 40102a 1074->1076 1077 401000 3 API calls 1075->1077 1078 401000 3 API calls 1076->1078 1079 401050 1076->1079 1077->1076 1078->1079 1080 4010fb 1079->1080 1085 401394 1079->1085 1080->1051 1083 40148a 1082->1083 1084 4014b8 LdrLoadDll 1083->1084 1084->1073 1086 4013ee 1085->1086 1087 4013be 1085->1087 1086->1080 1087->1086 1088 401474 LdrLoadDll 1087->1088 1089 4013d2 1088->1089 1089->1086 1091 4014d8 1089->1091 1092 4014ee 1091->1092 1093 40150f LdrGetProcedureAddress 1091->1093 1095 4014fa LdrGetProcedureAddress 1092->1095 1094 401521 1093->1094 1094->1086 1095->1094 1097 401a5d RtlAllocateHeap 1096->1097 1098 401a79 1097->1098 1099 401a85 1097->1099 1098->1028 1099->1097 1100 401b5b 1099->1100 1100->1028 1102 401de9 1101->1102 1103 401e12 1102->1103 1104 401df2 NtProtectVirtualMemory 1102->1104 1103->1024 1104->1103 1127 402126 1128 402141 1127->1128 1129 4020bc RtlAllocateHeap 1128->1129 1130 402158 1128->1130 1129->1130 1105 4019b7 1106 4019e0 1105->1106 1107 4016b4 9 API calls 1105->1107 1108 4016b4 9 API calls 1106->1108 1107->1106 1109 4019f4 1108->1109 1110 4016b4 9 API calls 1109->1110 1111 401a05 1110->1111 1112 4016b4 9 API calls 1111->1112 1113 401a16 1112->1113 1114 4016b4 9 API calls 1113->1114 1115 401a27 1114->1115 1116 4016b4 9 API calls 1115->1116 1117 401a38 1116->1117 1118 40286c NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess

                                              Callgraph

                                              • Executed
                                              • Not Executed
                                              • Opacity -> Relevance
                                              • Disassembly available
                                              callgraph 0 Function_00401A40 40 Function_00401E78 0->40 1 Function_004026C0 39 Function_004024F8 1->39 2 Function_00401DC2 3 Function_004024C2 4 Function_00403144 38 Function_00403478 4->38 55 Function_00401D94 4->55 5 Function_00402B44 6 Function_00401FC8 7 Function_00401F4C 8 Function_0040204C 9 Function_00402B50 10 Function_00401350 71 Function_00401130 10->71 11 Function_00402ED0 12 Function_004024D4 13 Function_004019D4 76 Function_004016B4 13->76 14 Function_00403956 14->13 33 Function_00401B70 14->33 54 Function_00402812 14->54 78 Function_00402836 14->78 15 Function_00403258 83 Function_004020BC 15->83 16 Function_004014D8 81 Function_00401438 16->81 17 Function_00401FDB 18 Function_004022DC 19 Function_0040205C 20 Function_00401F5C 21 Function_004020DE 22 Function_00402760 22->83 23 Function_004031E0 24 Function_00402264 25 Function_00401EE4 26 Function_004032E4 26->15 27 Function_004032E8 27->15 28 Function_00401868 29 Function_0040286C 30 Function_00401F6C 31 Function_00401B6E 32 Function_00401FEF 33->0 33->2 33->55 34 Function_00401472 35 Function_00401474 41 Function_004013F8 35->41 36 Function_004013F6 37 Function_00402A78 82 Function_004028BA 37->82 49 Function_00402104 38->49 39->22 62 Function_00401E28 40->62 42 Function_0040227C 43 Function_0040217C 44 Function_00402BFC 45 Function_00401000 45->7 45->10 45->25 45->45 56 Function_00401394 45->56 73 Function_00401EB0 45->73 46 Function_00402D80 47 Function_00403983 60 Function_0040389C 47->60 48 Function_00402003 50 Function_00402C88 51 Function_00402E10 52 Function_00401190 52->71 53 Function_00401911 56->16 56->35 57 Function_00402017 58 Function_00402F18 58->42 58->51 59 Function_00401F9A 60->1 60->18 60->37 60->58 69 Function_0040362E 60->69 61 Function_00402126 61->83 63 Function_00402DA8 64 Function_0040152A 65 Function_0040202A 66 Function_0040152C 66->19 66->25 66->35 66->45 67 Function_00401F2C 66->67 68 Function_004018AD 69->4 69->23 69->27 69->43 70 Function_00401EAE 72 Function_00403230 74 Function_00401FB1 75 Function_004016B2 76->40 76->45 76->66 77 Function_00402234 79 Function_00401436 80 Function_004019B7 80->76 82->22 84 Function_00401A3E

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: Text$Color$CreateWindow$Proc$CommandFontFreeHandleLibraryLineLoadMenuModule$AddressBitmapCharsetErrorExitInfoLastLocaleObjectProcessSelect
                                              • String ID:
                                              • API String ID: 3548022523-0
                                              • Opcode ID: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                              • Instruction ID: 44f13d8dc4ada08d969f55db554330e9d88bd117b0c18836a0928b418f5903af
                                              • Opcode Fuzzy Hash: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                              • Instruction Fuzzy Hash: 89F0B724B651416AC500BFFB9947A0D6E2C6E8472BB50657EB0C1344E74D3C87009EAF

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 3 402f18-402f2b 4 402f2e-402f33 3->4 4->4 5 402f35-402f5b call 40227c 4->5 7 402f67-402f8c CreateFileW 5->7 8 402f5d-402f61 5->8 10 402f8e-402f96 7->10 11 402faf-402fb1 7->11 8->7 9 4030bb-4030bd 8->9 13 4030c0-4030c3 9->13 14 402f98-402fa6 10->14 15 402faa 10->15 12 402fb4-402fe0 NtAllocateVirtualMemory 11->12 16 402fe2-402fed 12->16 17 402fe8 12->17 18 4030c5-4030e4 NtFreeVirtualMemory 13->18 19 4030e7-4030eb 13->19 14->15 29 402fa8 14->29 15->9 24 403000-403003 16->24 25 402fef-402ffe 16->25 21 40301b-403020 17->21 18->19 19->13 22 4030ed-4030f1 19->22 28 403023-40302e 21->28 26 4030f3-4030fc NtClose 22->26 27 4030ff-40311d call 402e10 DeleteFileW 22->27 30 403015-403019 24->30 31 403005-403010 24->31 25->30 26->27 36 403126-40312a 27->36 37 40311f 27->37 32 403030-40303a 28->32 33 40303c 28->33 29->7 30->12 30->21 31->30 35 403041-403048 32->35 33->35 38 40304b-403064 WriteFile 35->38 39 403138-403141 36->39 40 40312c-403132 36->40 37->36 41 403066 38->41 42 403068-403088 SetFilePointerEx 38->42 40->39 43 40308a-403091 41->43 42->38 42->43 44 403093 43->44 45 403095-4030b6 SetFilePointerEx 43->45 44->9 45->28
                                              APIs
                                              • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,80000000,00000000), ref: 00402F82
                                              • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004), ref: 00402FDB
                                              • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000), ref: 0040305F
                                              • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001), ref: 0040307E
                                              • SetFilePointerEx.KERNELBASE(000000FF,00010000,00000000,00000000,00000000,?,00000000,00000001), ref: 004030B3
                                              • NtFreeVirtualMemory.NTDLL(000000FF,00000000,00010000,00008000,?,00000000,00000001), ref: 004030E4
                                              • NtClose.NTDLL(000000FF,?,00000000,00000001), ref: 004030FC
                                              • DeleteFileW.KERNELBASE(?,?,00000000,00000001), ref: 00403118
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: File$MemoryPointerVirtual$AllocateCloseCreateDeleteFreeWrite
                                              • String ID:
                                              • API String ID: 590822095-0
                                              • Opcode ID: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                              • Instruction ID: 1b8bdb635f3090c090aca30f1047892238d11e79f8ef36d2dcee79009cce4089
                                              • Opcode Fuzzy Hash: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                              • Instruction Fuzzy Hash: ED714871901209AFDB11CF90DD48BEEBB79FB08311F204266E511B62D4D3759E85CF99

                                              Control-flow Graph

                                              APIs
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 004032FB
                                              • GetDiskFreeSpaceW.KERNELBASE(?,?,?,00000000,00000000), ref: 00403313
                                              • GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000,?), ref: 00403332
                                              • GetTempFileNameW.KERNELBASE(?,00000000,00000000,?), ref: 00403375
                                              • CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000000), ref: 00403398
                                              • DeviceIoControl.KERNELBASE(000000FF,0009C040,00000000,00000002,00000000,00000000,?,00000000), ref: 004033CD
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: DiskFileFreeSpace$ControlCreateDeviceNamePriorityTempThread
                                              • String ID:
                                              • API String ID: 2011835681-0
                                              • Opcode ID: 229209989839885a3588f396d77e0cdc96e3fac898d9f41ca49139373efe7470
                                              • Instruction ID: c3badfffa75a89a0abcd59fd2fd34812244497566a58eab59887ac76a1f04a4a
                                              • Opcode Fuzzy Hash: 229209989839885a3588f396d77e0cdc96e3fac898d9f41ca49139373efe7470
                                              • Instruction Fuzzy Hash: D6510A71A01209AFDB00DF90DD49F9EBB79FF08700F2092A5E611BA2A1D730AE45DF95

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 67 40362e-403671 call 403144 70 403673 67->70 71 403678-40368e GetLogicalDriveStringsW 67->71 72 403886-40388a 70->72 73 403690 71->73 74 403695-4036af 71->74 75 403898-40389b 72->75 76 40388c-403895 call 4031e0 72->76 73->72 78 4036b1 74->78 79 4036b6-4036cd 74->79 76->75 78->72 81 4036d4-4036eb 79->81 82 4036cf 79->82 84 4036f2-40371a 81->84 85 4036ed 81->85 82->72 86 40371d-40372a GetDriveTypeW 84->86 85->72 87 403735-403749 call 40217c 86->87 88 40372c-40372f 86->88 94 40374c-40374f 87->94 88->87 89 4037ba-4037c0 88->89 89->86 90 4037c6-4037ca 89->90 92 403809-40381a 90->92 93 4037cc-4037d2 90->93 97 40381c-40382b 92->97 98 40381e-403829 Sleep 92->98 99 4037d5-4037d8 93->99 95 403751-403775 CreateThread 94->95 96 403755-403758 94->96 95->89 104 403777-40378b 95->104 96->94 105 40382e-403831 97->105 98->92 102 4037da-4037db 99->102 103 4037dc-4037de 99->103 102->103 103->99 106 4037e0-4037f6 103->106 104->89 107 40378d-4037b7 104->107 108 403833-403854 105->108 109 403835-40384a RemoveDirectoryW 105->109 112 4037f9-403807 NtClose 106->112 107->89 115 403862-403866 108->115 116 403856-40385c 108->116 114 40384e 109->114 112->92 112->112 114->105 117 403874-403878 115->117 118 403868-40386e 115->118 116->115 117->72 119 40387a-403880 117->119 118->117 119->72
                                              APIs
                                              • GetLogicalDriveStringsW.KERNELBASE(00000068,?), ref: 00403687
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: DriveLogicalStrings
                                              • String ID:
                                              • API String ID: 2022863570-0
                                              • Opcode ID: b400b6a985817d68bb33d17dbc945ad3f7ed75c1c6e1d9200f5b880ce86a855b
                                              • Instruction ID: 4dd69471dbc29d4f16846e3344e2d9633d6215cd74752d72760f366e6b0bc30a
                                              • Opcode Fuzzy Hash: b400b6a985817d68bb33d17dbc945ad3f7ed75c1c6e1d9200f5b880ce86a855b
                                              • Instruction Fuzzy Hash: 33815CB590160ADFDB10DF90D948BAFBB75FF08306F1086AAE511772A0D7399A41CF98

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 124 40152c-40153e 125 401540-401558 call 401000 124->125 126 40155d-401564 124->126 125->126 128 401583-40158a 126->128 129 401566-40157e call 401000 126->129 132 4015a9-4015b2 128->132 133 40158c-4015a4 call 401000 128->133 129->128 135 4015b4-4015e1 call 40205c call 401f2c 132->135 136 4015e6 132->136 133->132 135->136 140 4015ed-40160e FindFirstFileExW 136->140 142 401610-401628 call 401ee4 140->142 143 401666-40166a 140->143 153 401649-40165b FindNextFileW 142->153 154 40162a-40163c FindClose call 401474 142->154 144 40166c-4016af 143->144 145 40166e-401678 143->145 149 40167a-401698 call 401f2c 145->149 150 40169d-4016a0 145->150 149->150 150->140 153->142 155 40165d-401660 FindClose 153->155 157 401641-401646 154->157 155->143
                                              APIs
                                              • FindFirstFileExW.KERNELBASE(C:\Windows\System32\*.dll,00000000,?,00000000,00000000,00000000), ref: 00401601
                                              • FindClose.KERNELBASE(000000FF,?,00000000), ref: 0040162D
                                              • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00401653
                                              • FindClose.KERNEL32(000000FF), ref: 00401660
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: Find$CloseFile$FirstNext
                                              • String ID: C:\Windows\System32\*.dll
                                              • API String ID: 1164774033-1305136377
                                              • Opcode ID: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                              • Instruction ID: b8f602421e8d3e3309feb9384621a56ef9d54da146c7d7394d3b11ea37959a12
                                              • Opcode Fuzzy Hash: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                              • Instruction Fuzzy Hash: 30418C71900608EFDB20AFA4DD48BAA77B4FB44325F608276E521BE1F0D7794A85DF48

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 158 403478-403488 SetThreadPriority 159 40348b-4034ad 158->159 161 4034b3-4034b5 159->161 162 4034af-4034b2 159->162 163 4034b7-4034bf 161->163 164 4034e8-4034ee 161->164 163->164 167 4034c1 163->167 165 4034f0-403513 WriteFile 164->165 166 403533-403535 164->166 168 403515-403520 165->168 169 40352e 165->169 170 4035d4-4035d7 166->170 171 40353b-40354f 166->171 172 4034c8-4034e0 167->172 168->169 173 403522-40352a 168->173 174 403629 169->174 170->174 177 4035d9-403626 SetFilePointerEx SetEndOfFile NtClose call 402104 170->177 175 403551-403561 171->175 176 403598-40359c 171->176 188 4034e2-4034e6 172->188 189 4034e4 172->189 173->169 178 40352c 173->178 174->159 179 403563-40356a 175->179 180 40356c-40358f 175->180 182 4035ad 176->182 183 40359e-4035a2 176->183 177->174 178->167 186 403596 179->186 180->186 185 4035b4-4035cc 182->185 183->182 184 4035a4-4035ab 183->184 184->185 194 4035d0 185->194 195 4035ce-4035d2 185->195 186->185 188->159 189->172 194->185 195->174
                                              APIs
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 00403488
                                              • WriteFile.KERNELBASE(?,?,?,?,?), ref: 0040350E
                                              • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000), ref: 004035EA
                                              • SetEndOfFile.KERNELBASE(?), ref: 004035F6
                                              • NtClose.NTDLL(?), ref: 0040360E
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: File$ClosePointerPriorityThreadWrite
                                              • String ID:
                                              • API String ID: 2296109371-0
                                              • Opcode ID: 0fcde9d867e2c8e00a33e5a4b04594799b7cacc31207ed4f9c9132c7825b27dd
                                              • Instruction ID: 02d7b4ff8a3576d09fe5cde13513df6eb5b6ce77b27be8b8a28bc97f0a3a62b9
                                              • Opcode Fuzzy Hash: 0fcde9d867e2c8e00a33e5a4b04594799b7cacc31207ed4f9c9132c7825b27dd
                                              • Instruction Fuzzy Hash: E75128B1101601EBDB10CF50DD84B577BB8FF08305F2052AAE905AE2A6D379DE95CF89

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 218 402760-402795 CreateFileW 219 4027f0-4027f4 218->219 220 402797-4027a9 218->220 221 402802-40280b 219->221 222 4027f6-4027ff NtClose 219->222 220->219 224 4027ab-4027be call 4020bc 220->224 222->221 224->219 226 4027c0-4027d8 ReadFile 224->226 227 4027e4-4027ea 226->227 228 4027da-4027e2 226->228 227->219 228->219
                                              APIs
                                              • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040278B
                                              • ReadFile.KERNELBASE(000000FF,00000000,00000000,00000000,00000000), ref: 004027D3
                                              • NtClose.NTDLL(000000FF), ref: 004027FF
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: File$CloseCreateRead
                                              • String ID:
                                              • API String ID: 1419693385-0
                                              • Opcode ID: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                              • Instruction ID: da411bd40fb0d6d878d2d447c4e829303a7e8bd202b0d35ae7576ead56d2946b
                                              • Opcode Fuzzy Hash: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                              • Instruction Fuzzy Hash: CA211A35601209EBDB10CF94DD89B9EBB75FF08310F2082A5A510AB2E1D7719E51DF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 230 40286c-4028b9 NtSetInformationProcess * 3
                                              APIs
                                              • NtSetInformationProcess.NTDLL(000000FF,00000021,?,00000004), ref: 00402888
                                              • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002,?,00000004), ref: 0040289D
                                              • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004,?,00000004), ref: 004028B5
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: InformationProcess
                                              • String ID:
                                              • API String ID: 1801817001-0
                                              • Opcode ID: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                              • Instruction ID: 48adbd17ca007e7691ff2066b81a5959555298f4bd9a539b6f325b5cfe831ef7
                                              • Opcode Fuzzy Hash: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                              • Instruction Fuzzy Hash: 2BF0F871141610EBEB15DB84DDC9F9637A8FB09720F2403A1F2319E1E6D3B0A484CF96

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 231 401dc2-401df0 233 401e21-401e27 231->233 234 401df2-401e10 NtProtectVirtualMemory 231->234 234->233 235 401e12-401e1f 234->235 235->233
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?), ref: 00401E0B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-3916222277
                                              • Opcode ID: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                              • Instruction ID: 836d3446d31acb3b31e0b6cd8f4ee088cd02c28435d2c0c4ff934eaabbb3754d
                                              • Opcode Fuzzy Hash: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                              • Instruction Fuzzy Hash: 72F03176500109ABDB00CF95D988BDFB7BCEB44324F2042A9EA14A72D1D7355E458B94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 316 4016b4-4016c9 317 401859-401862 316->317 318 4016cf-4016d6 316->318 319 4016f5-401729 NtAllocateVirtualMemory 318->319 320 4016d8-4016f0 call 401000 318->320 319->317 322 40172f-40174c NtAllocateVirtualMemory 319->322 320->319 322->317 324 401752-40175a call 40152c 322->324 326 40175f-401761 324->326 326->317 327 401767-40176d 326->327 328 401774-401781 call 401000 327->328 329 40176f 327->329 332 401851-401854 328->332 333 401787-401798 call 401e78 328->333 329->317 332->327 336 4017c9-4017cc 333->336 337 40179a-4017c4 call 401e78 333->337 339 4017fa-4017fd 336->339 340 4017ce-4017f8 call 401e78 336->340 337->332 343 401815-401818 339->343 344 4017ff-401813 339->344 340->332 345 401830-401833 343->345 346 40181a-40182e 343->346 344->332 345->332 348 401835-40184b 345->348 346->332 348->332
                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,?,00103000,00000040), ref: 0040171F
                                              • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00000000,00103000,00000004), ref: 00401742
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                              • Instruction ID: ad4b5e7ce53ce887a57ee0cc443bca07838dd3003dcb7b2c4dfa2ad75add82e8
                                              • Opcode Fuzzy Hash: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                              • Instruction Fuzzy Hash: E3416031904204DADF10EF58C884B9AB7A4FF05314F14C1BAE919EF2E6D7788A41CB6A
                                              APIs
                                              • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004022A4
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: FileFindFirst
                                              • String ID:
                                              • API String ID: 1974802433-0
                                              • Opcode ID: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                              • Instruction ID: 55f0629c3eadcc188d8749e42e063c0b49bca1bc4f8f265f590f61ae6da82bee
                                              • Opcode Fuzzy Hash: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                              • Instruction Fuzzy Hash: BBF0C974902608EFDB10DF94CD49B9DFBB4EB48310F2082A5A918AB2A0D7715E91CF84
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: aa114f1ee830f8e65f17497400cb821732dd9855ab7f2e9336f62d107f04939d
                                              • Instruction ID: 11feaedc7804a35758cc3de20cdbd9b5fdb1a8219b2693dc5a4dcc1aa8dfa6ad
                                              • Opcode Fuzzy Hash: aa114f1ee830f8e65f17497400cb821732dd9855ab7f2e9336f62d107f04939d
                                              • Instruction Fuzzy Hash: A9F03931241A01EBD7109F85ED85F577B28FF54701F2092BAA6003A2A1C771AC80CF8D
                                              APIs
                                              • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000), ref: 00401DBB
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: InformationThread
                                              • String ID:
                                              • API String ID: 4046476035-0
                                              • Opcode ID: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                              • Instruction ID: 482b214da63c1bafeb7c1bb62a0bbbc62c262419b9af6fea3894fce228737229
                                              • Opcode Fuzzy Hash: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                              • Instruction Fuzzy Hash: FEE05E329A020DAFD710DB50DC45FBB376DEB55311F508236B5029A1E0D6B8F891DA98

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 198 4032e4-4033a2 SetThreadPriority GetDiskFreeSpaceW GetDiskFreeSpaceExW GetTempFileNameW CreateFileW 201 4033a4 198->201 202 4033a9-4033ed DeviceIoControl call 403258 198->202 203 40346f-403472 201->203 205 4033fd-403415 CreateIoCompletionPort 202->205 206 4033ef-4033fb 202->206 207 403417-40342d 205->207 208 40342f-403447 205->208 206->203 207->203 212 403461-403467 208->212 213 403449-40345f 208->213 212->203 213->203
                                              APIs
                                              • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 004032FB
                                              • GetDiskFreeSpaceW.KERNELBASE(?,?,?,00000000,00000000), ref: 00403313
                                              • GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000,?), ref: 00403332
                                              • GetTempFileNameW.KERNELBASE(?,00000000,00000000,?), ref: 00403375
                                              • CreateFileW.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000000), ref: 00403398
                                              • DeviceIoControl.KERNELBASE(000000FF,0009C040,00000000,00000002,00000000,00000000,?,00000000), ref: 004033CD
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: DiskFileFreeSpace$ControlCreateDeviceNamePriorityTempThread
                                              • String ID:
                                              • API String ID: 2011835681-0
                                              • Opcode ID: 2bb202560a6aa134e71a635a3921368a9451dbb9fce4d81eab453209c020e30b
                                              • Instruction ID: db71fdc1c22404a5b670ef955f883ff194a6135e3213665c05072d4c5e51ce30
                                              • Opcode Fuzzy Hash: 2bb202560a6aa134e71a635a3921368a9451dbb9fce4d81eab453209c020e30b
                                              • Instruction Fuzzy Hash: 3621F871901209AFDB10DF94DD45F9EBBB9FF08710F208265F610BA2A1D770AA41CF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 236 401b70-401b9f RtlCreateHeap 237 401ba1 236->237 238 401ba6-401bc4 RtlCreateHeap 236->238 239 401d8a-401d90 237->239 240 401bc6 238->240 241 401bcb-401be7 238->241 240->239 243 401be9 241->243 244 401bee-401c05 call 401a40 241->244 243->239 247 401c07 244->247 248 401c0c-401c3d 244->248 247->239 251 401c44-401c5b call 401a40 248->251 252 401c3f 248->252 255 401c62-401c93 251->255 256 401c5d 251->256 252->239 259 401c95 255->259 260 401c9a-401cb1 call 401a40 255->260 256->239 259->239 263 401cb3 260->263 264 401cb8-401ce9 260->264 263->239 267 401cf0-401d07 call 401a40 264->267 268 401ceb 264->268 271 401d09 267->271 272 401d0b-401d3c 267->272 268->239 271->239 275 401d40-401d57 call 401a40 272->275 276 401d3e 272->276 279 401d59 275->279 280 401d5b-401d80 call 401d94 call 401dc2 275->280 276->239 279->239 283 401d83 280->283 283->239
                                              APIs
                                              • RtlCreateHeap.NTDLL(00001002,00000000,00000000,00000000,00000000,00000000), ref: 00401B96
                                              • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000), ref: 00401BBB
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: CreateHeap
                                              • String ID:
                                              • API String ID: 10892065-0
                                              • Opcode ID: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                              • Instruction ID: eac1ce902914894448f3c06d12ced00cbe17960004271ddceb971b2a38276b5e
                                              • Opcode Fuzzy Hash: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                              • Instruction Fuzzy Hash: 34513034A80A04FBD7109B60ED09B5B7770FF18701F2086BAE6117A2F1D775A5859F8D

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 286 4022dc-40232e 290 402330 286->290 291 402335-402347 GetShortPathNameW 286->291 292 402483-402487 290->292 293 402349-402359 291->293 294 40235e-402380 291->294 295 402495-402499 292->295 296 402489-40248f 292->296 293->292 304 402382 294->304 305 402387-402425 294->305 298 4024a7-4024ab 295->298 299 40249b-4024a1 295->299 296->295 301 4024b9-4024bf 298->301 302 4024ad-4024b3 298->302 299->298 302->301 304->292 311 402427 305->311 312 402429-402481 ShellExecuteW 305->312 311->292 312->292
                                              APIs
                                              • GetShortPathNameW.KERNELBASE(00000000,00000000,?), ref: 00402340
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: NamePathShort
                                              • String ID:
                                              • API String ID: 1295925010-0
                                              • Opcode ID: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                              • Instruction ID: 5bcac900e59d09c9622bdf940851d370624af246baed8abb1bc217228d1f7e1b
                                              • Opcode Fuzzy Hash: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                              • Instruction Fuzzy Hash: B6514E75900606EFDB00DF90E948B9EFB71FF48301F2082A9E6156B2A1C375AA91DFC5

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 349 4026c0-4026e5 call 4024f8 351 402730-402734 349->351 352 4026e7-402709 CreateFileW 349->352 354 402742-402746 351->354 355 402736-40273c 351->355 352->351 353 40270b-402727 ReadFile 352->353 353->351 356 402729 353->356 357 402754-40275a 354->357 358 402748-40274e 354->358 355->354 356->351 358->357
                                              APIs
                                              • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004026FF
                                              • ReadFile.KERNELBASE(000000FF,000000FF,0000021C,?,00000000), ref: 00402722
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: File$CreateRead
                                              • String ID:
                                              • API String ID: 3388366904-0
                                              • Opcode ID: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                              • Instruction ID: dec784d2d3492f4c007a4c80bb83cd8b4abde05e7af7cfb80cb91198c32a9eba
                                              • Opcode Fuzzy Hash: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                              • Instruction Fuzzy Hash: 7511D774910209EFDB10DF94DD48B9FBBB5FB08311F2046A9A524B62E1D7B15A91CF84

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 360 401a40-401a5a 361 401a5d-401a77 RtlAllocateHeap 360->361 362 401a85-401a94 call 401e78 361->362 363 401a79-401a82 361->363 366 401ac5-401ac8 362->366 367 401a96-401ac0 call 401e78 362->367 369 401af6-401af9 366->369 370 401aca-401af4 call 401e78 366->370 375 401b4d-401b55 367->375 373 401b11-401b14 369->373 374 401afb-401b0f 369->374 370->375 377 401b16-401b2a 373->377 378 401b2c-401b2f 373->378 374->375 375->361 380 401b5b-401b6b 375->380 377->375 378->375 379 401b31-401b47 378->379 379->375
                                              APIs
                                              • RtlAllocateHeap.NTDLL(00000000,00000008,00000010), ref: 00401A6D
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                              • Instruction ID: 68c0462a3af62cc3e50a8e225ecc1fff045641083c52707b2e4de1a33f1d8fac
                                              • Opcode Fuzzy Hash: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                              • Instruction Fuzzy Hash: 9F316935A14308DFDB10CF99C488E99F7F1BF24320F15D0AAD508AB2B2D7B59950DB4A
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                              • Instruction ID: 64be472d3da9365df722bb42b6a14b0a0006b9682bbf08d732ce7ada7e71b141
                                              • Opcode Fuzzy Hash: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                              • Instruction Fuzzy Hash: 8A214C71940208EFDB109F90DE49B9ABB71FF18301F2081BAE505AA2E1D3759E91DF89
                                              APIs
                                              • CreateDirectoryW.KERNELBASE(00000000,00000000), ref: 00402227
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: CreateDirectory
                                              • String ID:
                                              • API String ID: 4241100979-0
                                              • Opcode ID: aec36a0482896fdefc261f9a8e4ed8b8fffad9c6a154dc279330f3fd88b4ab19
                                              • Instruction ID: 9ce072fc3005d4f78cf2e49f7f895573a995d668e844b6c98341eda9cf3d519c
                                              • Opcode Fuzzy Hash: aec36a0482896fdefc261f9a8e4ed8b8fffad9c6a154dc279330f3fd88b4ab19
                                              • Instruction Fuzzy Hash: 81117CB5601105EFD700DF94ED88A87BBA8FF08300B1092B9EA15AB262D731D955CFD9
                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00003478,00000000,00000000,00000000), ref: 004031A2
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: CreateThread
                                              • String ID:
                                              • API String ID: 2422867632-0
                                              • Opcode ID: 9e58d635c8bd693d4c2dc2c3a668e721e6aa14a97984da7d58b39bf4f406ce1f
                                              • Instruction ID: e5ec22d449c3d307afb1fc97fd659449252656cd0b8efbbc1ce39923ac99279f
                                              • Opcode Fuzzy Hash: 9e58d635c8bd693d4c2dc2c3a668e721e6aa14a97984da7d58b39bf4f406ce1f
                                              • Instruction Fuzzy Hash: B5115E75741B05ABD310AF94ED89B8BB768FF08711F2043B5EA10BA2E1D7749D418F98
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                              • Instruction ID: 5f31ce468cef0475a522e9655e813cee8f96e501922e94d34a843d9ecc1c4f5f
                                              • Opcode Fuzzy Hash: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                              • Instruction Fuzzy Hash: A921F974901608EFDB00CF90EA8C79EBB71FF08301F6045A9E5017A2A0D7B95A85DF89
                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 004014C4
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                              • Instruction ID: 140de97a3c31e0856ca0b204e221eb1e366fb0b1d4fd9a07ba92ba20ce5f8dd4
                                              • Opcode Fuzzy Hash: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                              • Instruction Fuzzy Hash: F7F03C3690020DFADF10EAA4D848FDE77BCEB14314F0041A6E904B7190D238AA099BA5
                                              APIs
                                              • RtlAdjustPrivilege.NTDLL(?,00000001,00000000,00000000), ref: 00402861
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: AdjustPrivilege
                                              • String ID:
                                              • API String ID: 3260937286-0
                                              • Opcode ID: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                              • Instruction ID: 70193a9dbc7aa9cd3770003b3bb97339f6e2972f30e24310785a39762e1cef45
                                              • Opcode Fuzzy Hash: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                              • Instruction Fuzzy Hash: B9E0263251821AABCB20A2189E0CBA7739DD744314F1043B6A805F71D1EAF69A0A87DA
                                              APIs
                                              • RtlFreeHeap.NTDLL(?,00000000,?), ref: 0040211F
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: d8e0199bfff3b7c7e37b2de0e6c62c950c10b2175f78bb828c44bc6e2d432229
                                              • Instruction ID: d3d976247e6901ac8e18a8e884b3ec4d922711d5bc20faefc563e272b4fb1b9c
                                              • Opcode Fuzzy Hash: d8e0199bfff3b7c7e37b2de0e6c62c950c10b2175f78bb828c44bc6e2d432229
                                              • Instruction Fuzzy Hash: 42D0C97A540209ABC704DF94ED49E47B769FF58710F1086A1BA045B222C630E890CFD8
                                              APIs
                                              • RtlAllocateHeap.NTDLL(?,00000008,?), ref: 004020D7
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.2326474356.0000000000401000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.2326450058.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326499565.0000000000404000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326522179.0000000000405000.00000004.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000003.00000002.2326544529.0000000000406000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1EB6.jbxd
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                              • Instruction ID: 701e22a529f931561d5ec47da2ef603e250127bb9ab3ab4db12cbc5835053477
                                              • Opcode Fuzzy Hash: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                              • Instruction Fuzzy Hash: 05D0C97A140609ABC6009F94E949D87F769FF58711B00C6A1BA045B222C630E890CFD4